pool/openssl
SHA256
3
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 55363 from Base:System

Browse Source 
Accepted submit request 55363 from user a_jaeger

OBS-URL: https://build.opensuse.org/request/show/55363
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=43
This commit is contained in:
Marcus Rückert 2010-12-10 14:41:07 +00:00 committed by Git OBS Bridge
parent 3b41ce1450
commit 26d03f47ca
7 changed files with 39 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2010-1633_and_CVE-2010-0742.patch
View File

@ -1,28 +0,0 @@
Index: openssl-1.0.0/crypto/cms/cms_asn1.c
===================================================================
--- openssl-1.0.0.orig/crypto/cms/cms_asn1.c
+++ openssl-1.0.0/crypto/cms/cms_asn1.c
@@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
Index: openssl-1.0.0/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.0.0.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.0.0/crypto/rsa/rsa_pmeth.c
@@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PK
ret = int_rsa_verify(EVP_MD_type(rctx->md),
NULL, 0, rout, &sltmp,
sig, siglen, ctx->pkey->pkey.rsa);
+ if (ret <= 0)
+ return 0;
ret = sltmp;
}
else

12
CVE-2010-2939.patch
View File

@ -1,12 +0,0 @@
Index: openssl-1.0.0/ssl/s3_clnt.c
===================================================================
--- openssl-1.0.0.orig/ssl/s3_clnt.c
+++ openssl-1.0.0/ssl/s3_clnt.c
@@ -1508,6 +1508,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_ecdh_tmp=ecdh;
ecdh=NULL;
BN_CTX_free(bn_ctx);
+ bn_ctx=NULL;
EC_POINT_free(srvr_ecpoint);
srvr_ecpoint = NULL;
}

3
openssl-1.0.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:164d74696522f4758c383ba16e544ecd16c94c93df87cadc940b2fc3e0a8ce5a
size 3195261

3
openssl-1.0.0c.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fabc7750eb05c2b15916b1abdff7287064dd4bc120b0b77e233bc390352bae5d
size 3207024

16
openssl.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Thu Dec 9 07:04:32 UTC 2010 - gjhe@novell.com
- update to stable version 1.0.0c.
patch included:
CVE-2010-1633_and_CVE-2010-0742.patch
patchset-19727.diff
CVE-2010-2939.patch
CVE-2010-3864.patch
-------------------------------------------------------------------
Thu Nov 18 07:53:12 UTC 2010 - gjhe@novell.com
- fix bug [bnc#651003]
CVE-2010-3864
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com

37
openssl.spec
View File

@ -21,7 +21,7 @@
Name: openssl Name: openssl
BuildRequires: bc ed pkg-config zlib-devel BuildRequires: bc ed pkg-config zlib-devel
%define ssletcdir %{_sysconfdir}/ssl %define ssletcdir %{_sysconfdir}/ssl
#%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g") %define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
License: BSD3c(or similar) License: BSD3c(or similar)
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Provides: ssl Provides: ssl
@ -31,8 +31,9 @@ AutoReqProv: on
Obsoletes: openssl-64bit Obsoletes: openssl-64bit
%endif %endif
# #
Version: 1.0.0 #Version: 1.0.0
Release: 10 Version: 1.0.0c
Release: 11
Summary: Secure Sockets and Transport Layer Security Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/ Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@ -43,9 +44,10 @@ Source10: README.SuSE
Patch0: merge_from_0.9.8k.patch Patch0: merge_from_0.9.8k.patch
Patch1: openssl-1.0.0-c_rehash-compat.diff Patch1: openssl-1.0.0-c_rehash-compat.diff
Patch2: bug610223.patch Patch2: bug610223.patch
Patch3: CVE-2010-1633_and_CVE-2010-0742.patch #Patch3: CVE-2010-1633_and_CVE-2010-0742.patch
Patch4: patchset-19727.diff #Patch4: patchset-19727.diff
Patch5: CVE-2010-2939.patch #Patch5: CVE-2010-2939.patch
#Patch6: CVE-2010-3864.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -175,9 +177,10 @@ Authors:
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 #%patch3 -p1
%patch4 -p1 #%patch4 -p1
%patch5 -p1 #%patch5 -p1
#%patch6 -p1
cp -p %{S:10} . cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure" echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
@ -314,8 +317,8 @@ popd
# check wether some shared library has been installed # check wether some shared library has been installed
# #
ls -l $RPM_BUILD_ROOT%{_libdir} ls -l $RPM_BUILD_ROOT%{_libdir}
test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version}
test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version}
test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so
test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
# #
@ -355,12 +358,12 @@ find demos -type f -perm /111 -exec chmod 644 {} \;
#process openssllib #process openssllib
mkdir $RPM_BUILD_ROOT/%{_lib} mkdir $RPM_BUILD_ROOT/%{_lib}
mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/
cd $RPM_BUILD_ROOT%{_libdir}/ cd $RPM_BUILD_ROOT%{_libdir}/
ln -sf /%{_lib}/libssl.so.%{version} ./libssl.so ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
ln -sf /%{_lib}/libcrypto.so.%{version} ./libcrypto.so ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
%clean %clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
@ -373,8 +376,8 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%files -n libopenssl1_0_0 %files -n libopenssl1_0_0
%defattr(-, root, root) %defattr(-, root, root)
/%{_lib}/libssl.so.%{version} /%{_lib}/libssl.so.%{num_version}
/%{_lib}/libcrypto.so.%{version} /%{_lib}/libcrypto.so.%{num_version}
/%{_lib}/engines /%{_lib}/engines
%files -n libopenssl-devel %files -n libopenssl-devel

189
patchset-19727.diff
View File

@ -1,189 +0,0 @@
Index: openssl/crypto/sha/asm/sha1-sparcv9.pl
RCS File: /v/openssl/cvs/openssl/crypto/sha/asm/sha1-sparcv9.pl,v
rcsdiff -q -kk '-r1.2' '-r1.2.2.1' -u '/v/openssl/cvs/openssl/crypto/sha/asm/sha1-sparcv9.pl,v' 2>/dev/null
--- sha1-sparcv9.pl 2007/05/10 06:48:28 1.2
+++ sha1-sparcv9.pl 2010/07/01 07:57:20 1.2.2.1
@@ -276,6 +276,7 @@
.type sha1_block_data_order,#function
.size sha1_block_data_order,(.-sha1_block_data_order)
.asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align 4
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
Index: openssl/crypto/sha/asm/sha1-sparcv9a.pl
RCS File: /v/openssl/cvs/openssl/crypto/sha/asm/sha1-sparcv9a.pl,v
rcsdiff -q -kk '-r1.4' '-r1.4.2.1' -u '/v/openssl/cvs/openssl/crypto/sha/asm/sha1-sparcv9a.pl,v' 2>/dev/null
--- sha1-sparcv9a.pl 2009/03/17 18:31:08 1.4
+++ sha1-sparcv9a.pl 2010/07/01 07:57:20 1.4.2.1
@@ -539,6 +539,7 @@
.type sha1_block_data_order,#function
.size sha1_block_data_order,(.-sha1_block_data_order)
.asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+.align 4
___
# Purpose of these subroutines is to explicitly encode VIS instructions,
Index: openssl/crypto/sha/asm/sha512-sparcv9.pl
RCS File: /v/openssl/cvs/openssl/crypto/sha/asm/sha512-sparcv9.pl,v
rcsdiff -q -kk '-r1.4' '-r1.4.2.1' -u '/v/openssl/cvs/openssl/crypto/sha/asm/sha512-sparcv9.pl,v' 2>/dev/null
--- sha512-sparcv9.pl 2009/03/17 18:31:08 1.4
+++ sha512-sparcv9.pl 2010/07/01 07:57:20 1.4.2.1
@@ -586,6 +586,7 @@
.type sha${label}_block_data_order,#function
.size sha${label}_block_data_order,(.-sha${label}_block_data_order)
.asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align 4
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
Index: openssl/crypto/sparccpuid.S
RCS File: /v/openssl/cvs/openssl/crypto/sparccpuid.S,v
rcsdiff -q -kk '-r1.5.2.2' '-r1.5.2.3' -u '/v/openssl/cvs/openssl/crypto/sparccpuid.S,v' 2>/dev/null
--- sparccpuid.S 2010/04/10 13:37:06 1.5.2.2
+++ sparccpuid.S 2010/07/01 07:57:19 1.5.2.3
@@ -225,13 +225,33 @@
xor %o0,%o0,%o0
.word 0x91410000 !rd %tick,%o0
retl
- .word 0x93323020 !srlx %o2,32,%o1
+ .word 0x93323020 !srlx %o0,32,%o1
.notick:
retl
xor %o1,%o1,%o1
.type _sparcv9_rdtick,#function
.size _sparcv9_rdtick,.-_sparcv9_rdtick
+.global _sparcv9_rdwrasi
+.align 8
+_sparcv9_rdwrasi:
+ .word 0x9340c000 !rd %asi,%o1
+ .word 0x87820000 !wr %o0,%g0,%asi
+ retl
+ mov %o1,%o0
+.type _sparcv9_rdwrasi,#function
+.size _sparcv9_rdwrasi,.-_sparcv9_rdwrasi
+
+.global _sparcv9_vis1_probe
+.align 8
+_sparcv9_vis1_probe:
+ .word 0x81b00c20 !fzeros %f0
+ .word 0xc19ba002+BIAS !ldda [%sp+BIAS+2]%asi,%f0
+ retl
+ nop
+.type _sparcv9_vis1_probe,#function
+.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+
.global OPENSSL_cleanse
.align 32
OPENSSL_cleanse:
Index: openssl/crypto/sparcv9cap.c
RCS File: /v/openssl/cvs/openssl/crypto/sparcv9cap.c,v
rcsdiff -q -kk '-r1.6' '-r1.6.2.1' -u '/v/openssl/cvs/openssl/crypto/sparcv9cap.c,v' 2>/dev/null
--- sparcv9cap.c 2007/06/20 13:02:34 1.6
+++ sparcv9cap.c 2010/07/01 07:57:19 1.6.2.1
@@ -1,6 +1,8 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
#include <sys/time.h>
#include <openssl/bn.h>
@@ -9,6 +11,7 @@
#define SPARCV9_VIS1 (1<<2)
#define SPARCV9_VIS2 (1<<3) /* reserved */
#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
+
static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
@@ -23,10 +26,12 @@
return bn_mul_mont_int(rp,ap,bp,np,n0,num);
}
+unsigned long _sparcv9_rdtick(void);
+unsigned long _sparcv9_rdwrasi(unsigned long);
+void _sparcv9_vis1_probe(void);
+
unsigned long OPENSSL_rdtsc(void)
{
- unsigned long _sparcv9_rdtick(void);
-
if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
#if defined(__sun) && defined(__SVR4)
return gethrtime();
@@ -137,9 +142,16 @@
#else
+static sigjmp_buf common_jmp;
+static void common_handler(int sig) { siglongjmp(common_jmp,sig); }
+
void OPENSSL_cpuid_setup(void)
{
char *e;
+ struct sigaction common_act,ill_oact,bus_oact;
+ sigset_t all_masked,oset;
+ unsigned long oasi;
+ int sig;
if ((e=getenv("OPENSSL_sparcv9cap")))
{
@@ -149,6 +161,55 @@
/* For now we assume that the rest supports UltraSPARC-I* only */
OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1;
+
+ sigfillset(&all_masked);
+ sigdelset(&all_masked,SIGILL);
+ sigdelset(&all_masked,SIGTRAP);
+#ifdef SIGEMT
+ sigdelset(&all_masked,SIGEMT);
+#endif
+ sigdelset(&all_masked,SIGFPE);
+ sigdelset(&all_masked,SIGBUS);
+ sigdelset(&all_masked,SIGSEGV);
+ sigprocmask(SIG_SETMASK,&all_masked,&oset);
+
+ memset(&common_act,0,sizeof(common_act));
+ common_act.sa_handler = common_handler;
+ common_act.sa_mask = all_masked;
+
+ sigaction(SIGILL,&common_act,&ill_oact);
+ sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda */
+ oasi = _sparcv9_rdwrasi(0xD2); /* ASI_FL16_P */
+ if ((sig=sigsetjmp(common_jmp,0)) == 0)
+ {
+ _sparcv9_vis1_probe();
+ OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
+ }
+ else if (sig == SIGBUS) /* T1 fails 16-bit ldda */
+ {
+ OPENSSL_sparcv9cap_P &= ~SPARCV9_PREFER_FPU;
+ }
+ else
+ {
+ OPENSSL_sparcv9cap_P &= ~SPARCV9_VIS1;
+ }
+ _sparcv9_rdwrasi(oasi);
+ sigaction(SIGBUS,&bus_oact,NULL);
+ sigaction(SIGILL,&ill_oact,NULL);
+
+ sigaction(SIGILL,&common_act,&ill_oact);
+ if (sigsetjmp(common_jmp,0) == 0)
+ {
+ _sparcv9_rdtick();
+ OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
+ }
+ else
+ {
+ OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED;
+ }
+ sigaction(SIGILL,&ill_oact,NULL);
+
+ sigprocmask(SIG_SETMASK,&oset,NULL);
}
#endif