Accepting request 41504 from Base:System

Copy from Base:System/openssl based on submit request 41504 from user prusnak OBS-URL: https://build.opensuse.org/request/show/41504 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=37
2010-06-18 03:17:30 +00:00 · 2010-06-18 03:17:30 +00:00 · 19cbe2fba1
commit 19cbe2fba1
parent 8b3a3dc1bb
3 changed files with 47 additions and 1 deletions
--- a/CVE-2010-1633_and_CVE-2010-0742.patch
+++ b/CVE-2010-1633_and_CVE-2010-0742.patch
@ -0,0 +1,28 @@
+Index: openssl-1.0.0/crypto/cms/cms_asn1.c
+===================================================================
+--- openssl-1.0.0.orig/crypto/cms/cms_asn1.c
+++ openssl-1.0.0/crypto/cms/cms_asn1.c
+@@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+ } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+ 
+ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
+ } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+ 
+ ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+Index: openssl-1.0.0/crypto/rsa/rsa_pmeth.c
+===================================================================
+--- openssl-1.0.0.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.0.0/crypto/rsa/rsa_pmeth.c
+@@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PK
+ 			ret = int_rsa_verify(EVP_MD_type(rctx->md),
+ 						NULL, 0, rout, &sltmp,
+ 					sig, siglen, ctx->pkey->pkey.rsa);
+			if (ret <= 0)
+				return 0;
+ 			ret = sltmp;
+ 			}
+ 		else
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Tue Jun 15 09:53:54 UTC 2010 - bg@novell.com
+
+- -fstack-protector is not supported on hppa
+
+-------------------------------------------------------------------
+Fri Jun  4 07:11:28 UTC 2010 - gjhe@novell.com
+
+- fix bnc #610642
+  CVE-2010-0742
+  CVE-2010-1633 
+
 -------------------------------------------------------------------
 Mon May 31 03:06:39 UTC 2010 - gjhe@novell.com

--- a/openssl.spec
+++ b/openssl.spec
@ -32,7 +32,7 @@ Obsoletes:      openssl-64bit
 %endif
 #
 Version:        1.0.0
-Release:        4
+Release:        5
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@ -43,6 +43,7 @@ Source10:       README.SuSE
 Patch0:         merge_from_0.9.8k.patch
 Patch1:         openssl-1.0.0-c_rehash-compat.diff
 Patch2:         bug610223.patch
+Patch3:         CVE-2010-1633_and_CVE-2010-0742.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -172,6 +173,7 @@ Authors:
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
 # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
@ -221,8 +223,12 @@ $RPM_OPT_FLAGS \
 -fomit-frame-pointer \
 -fno-strict-aliasing \
 -DTERMIO \
+%ifnarch hppa
 -Wall \
 -fstack-protector "
+%else
+-Wall "
+%endif
 #
 #%{!?do_profiling:%define do_profiling 0}
 #%if %do_profiling