Accepting request 291607 from Base:System

- security update:
 * CVE-2015-0209 (bnc#919648)
   - Fix a failure to NULL a pointer freed on error
 * CVE-2015-0286 (bnc#922496)
   - Segmentation fault in ASN1_TYPE_cmp
 * CVE-2015-0287 (bnc#922499)
   - ASN.1 structure reuse memory corruption
 * CVE-2015-0288 x509: (bnc#920236)
   - added missing public key is not NULL check
 * CVE-2015-0289 (bnc#922500)
   - PKCS7 NULL pointer dereferences
 * CVE-2015-0293 (bnc#922488)
   - Fix reachable assert in SSLv2 servers
 * added patches:
   openssl-CVE-2015-0209.patch
   openssl-CVE-2015-0286.patch
   openssl-CVE-2015-0287.patch
   openssl-CVE-2015-0288.patch
   openssl-CVE-2015-0289.patch
   openssl-CVE-2015-0293.patch (forwarded request 291606 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/291607
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=126

openssl-CVE-2015-0209.patch

@@ -0,0 +1,40 @@
+commit 89117535f1bb3ea72a17933b703271587d7aaf0b
+Author: Matt Caswell <matt@openssl.org>
+Date:   Mon Feb 9 11:38:41 2015 +0000
+
+    Fix a failure to NULL a pointer freed on error.
+    
+    Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
+    
+    CVE-2015-0209
+    
+    Reviewed-by: Emilia Käsper <emilia@openssl.org>
+
+Index: openssl-1.0.1k/crypto/ec/ec_asn1.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/ec/ec_asn1.c	2015-03-19 15:58:22.021039425 +0100
++++ openssl-1.0.1k/crypto/ec/ec_asn1.c	2015-03-19 15:58:26.431103852 +0100
+@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+                                  ERR_R_MALLOC_FAILURE);
+ 			goto err;
+ 			}
+-		if (a)
+-			*a = ret;
+ 		}
+ 	else
+ 		ret = *a;
+@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ 		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+ 		}
+ 
++	if (a)
++		*a = ret;
+ 	ok = 1;
+ err:
+ 	if (!ok)
+ 		{
+-		if (ret)
++	        if (ret && (a == NULL || *a != ret))
+ 			EC_KEY_free(ret);
+ 		ret = NULL;
+ 		}

openssl-CVE-2015-0286.patch

@@ -0,0 +1,28 @@
+commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Mon Mar 9 23:11:45 2015 +0000
+
+    Fix ASN1_TYPE_cmp
+    
+    Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
+    can be triggered during certificate verification so could be a DoS attack
+    against a client or a server enabling client authentication.
+    
+    CVE-2015-0286
+    
+    Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Index: openssl-1.0.1i/crypto/asn1/a_type.c
+===================================================================
+--- openssl-1.0.1i.orig/crypto/asn1/a_type.c	2015-03-17 14:15:18.832332902 +0100
++++ openssl-1.0.1i/crypto/asn1/a_type.c	2015-03-17 14:15:19.738346161 +0100
+@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
+ 	case V_ASN1_OBJECT:
+ 		result = OBJ_cmp(a->value.object, b->value.object);
+ 		break;
++    case V_ASN1_BOOLEAN:
++        result = a->value.boolean - b->value.boolean;
++        break;
+ 	case V_ASN1_NULL:
+ 		result = 0;	/* They do not have content. */
+ 		break;

openssl-CVE-2015-0287.patch

@@ -0,0 +1,85 @@
+commit 1a87b757b9f755f687492f6b9f685be8e0cd82b0
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Mon Feb 23 12:57:50 2015 +0000
+
+    Free up passed ASN.1 structure if reused.
+    
+    Change the "reuse" behaviour in ASN1_item_d2i: if successful the old
+    structure is freed and a pointer to the new one used. If it is not
+    successful then the passed structure is untouched.
+    
+    Exception made for primitive types so ssl_asn1.c still works.
+    
+    Reviewed-by: Tim Hudson <tjh@openssl.org>
+    Reviewed-by: Emilia Käsper <emilia@openssl.org>
+
+commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Mon Feb 23 02:32:44 2015 +0000
+
+    Free up ADB and CHOICE if already initialised.
+    
+    CVE-2015-0287
+    
+    Reviewed-by: Tim Hudson <tjh@openssl.org>
+    Reviewed-by: Emilia Käsper <emilia@openssl.org>
+
+Index: openssl-1.0.1i/crypto/asn1/tasn_dec.c
+===================================================================
+--- openssl-1.0.1i.orig/crypto/asn1/tasn_dec.c	2015-03-17 13:18:26.732161376 +0100
++++ openssl-1.0.1i/crypto/asn1/tasn_dec.c	2015-03-17 13:22:20.424576154 +0100
+@@ -311,9 +317,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+ 
+-		/* Allocate structure */
+-		if (!*pval && !ASN1_item_ex_new(pval, it))
+-			{
++		if (*pval) {
++		    /* Free up and zero CHOICE value if initialised */
++		    i = asn1_get_choice_selector(pval, it);
++		    if ((i >= 0) && (i < it->tcount)) {
++			tt = it->templates + i;
++			pchptr = asn1_get_field_ptr(pval, tt);
++			ASN1_template_free(pchptr, tt);
++			asn1_set_choice_selector(pval, -1, it);
++		    }
++		} else if (!ASN1_item_ex_new(pval, it)) {
+ 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ 						ERR_R_NESTED_ASN1_ERROR);
+ 			goto err;
+@@ -407,6 +420,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+ 
++        /* Free up and zero any ADB found */
++        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++            if (tt->flags & ASN1_TFLG_ADB_MASK) {
++                const ASN1_TEMPLATE *seqtt;
++                ASN1_VALUE **pseqval;
++                seqtt = asn1_do_adb(pval, tt, 1);
++                pseqval = asn1_get_field_ptr(pval, seqtt);
++                ASN1_template_free(pseqval, seqtt);
++            }
++        }
++
+ 		/* Get each field entry */
+ 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ 			{
+Index: openssl-1.0.1i/doc/crypto/d2i_X509.pod
+===================================================================
+--- openssl-1.0.1i.orig/doc/crypto/d2i_X509.pod	2015-03-17 13:18:26.731161362 +0100
++++ openssl-1.0.1i/doc/crypto/d2i_X509.pod	2015-03-17 13:18:52.046531518 +0100
+@@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+ 
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the

openssl-CVE-2015-0288.patch

@@ -0,0 +1,25 @@
+commit 51527f1e3564f210e984fe5b654c45d34e4f03d7
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Wed Feb 18 00:34:59 2015 +0000
+
+    Check public key is not NULL.
+    
+    CVE-2015-0288
+    PR#3708
+    
+    Reviewed-by: Matt Caswell <matt@openssl.org>
+    (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
+
+Index: openssl-1.0.1i/crypto/x509/x509_req.c
+===================================================================
+--- openssl-1.0.1i.orig/crypto/x509/x509_req.c	2015-03-17 13:22:30.712726374 +0100
++++ openssl-1.0.1i/crypto/x509/x509_req.c	2015-03-17 13:23:20.486453016 +0100
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
+ 		goto err;
+ 
+ 	pktmp = X509_get_pubkey(x);
++	if (pktmp == NULL)
++		goto err;
+ 	i=X509_REQ_set_pubkey(ret,pktmp);
+ 	EVP_PKEY_free(pktmp);
+ 	if (!i) goto err;

openssl-CVE-2015-0289.patch

@@ -0,0 +1,191 @@
+commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
+Author: Emilia Kasper <emilia@openssl.org>
+Date:   Fri Feb 27 16:52:23 2015 +0100
+
+    PKCS#7: avoid NULL pointer dereferences with missing content
+    
+    In PKCS#7, the ASN.1 content component is optional.
+    This typically applies to inner content (detached signatures),
+    however we must also handle unexpected missing outer content
+    correctly.
+    
+    This patch only addresses functions reachable from parsing,
+    decryption and verification, and functions otherwise associated
+    with reading potentially untrusted data.
+    
+    Correcting all low-level API calls requires further work.
+    
+    CVE-2015-0289
+    
+    Thanks to Michal Zalewski (Google) for reporting this issue.
+    
+    Reviewed-by: Steve Henson <steve@openssl.org>
+
+Index: openssl-1.0.1i/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- openssl-1.0.1i.orig/crypto/pkcs7/pk7_doit.c	2015-03-17 13:23:33.961649688 +0100
++++ openssl-1.0.1i/crypto/pkcs7/pk7_doit.c	2015-03-17 13:34:34.445347342 +0100
+@@ -272,6 +272,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+ 	PKCS7_RECIP_INFO *ri=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++        return NULL;
++    }
++    /*
++     * The content field in the PKCS7 ContentInfo is optional, but that really
++     * only applies to inner content (precisely, detached signatures).
++     *
++     * When reading content, missing outer content is therefore treated as an
++     * error.
++     *
++     * When creating content, PKCS7_content_new() must be called before
++     * calling this method, so a NULL p7->d is always an error.
++     */
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++        return NULL;
++    }
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -433,6 +452,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+        unsigned char *ek = NULL, *tkey = NULL;
+        int eklen = 0, tkeylen = 0;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++        return NULL;
++    }
++
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++        return NULL;
++    }
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -752,6 +781,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++        return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++        return 0;
++    }
++
+ 	EVP_MD_CTX_init(&ctx_tmp);
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+@@ -796,6 +835,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		/* If detached data then the content is excluded */
+ 		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ 			M_ASN1_OCTET_STRING_free(os);
++            os = NULL;
+ 			p7->d.sign->contents->d.data = NULL;
+ 		}
+ 		break;
+@@ -806,6 +846,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ 			{
+ 			M_ASN1_OCTET_STRING_free(os);
++            os = NULL;
+ 			p7->d.digest->contents->d.data = NULL;
+ 			}
+ 		break;
+@@ -878,24 +919,31 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ 		}
+ 
+-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
+-		{
+-		char *cont;
+-		long contlen;
+-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+-		if (btmp == NULL)
+-			{
+-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+-			goto err;
+-			}
+-		contlen = BIO_get_mem_data(btmp, &cont);
+-		/* Mark the BIO read only then we can use its copy of the data
+-		 * instead of making an extra copy.
+-		 */
+-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+-		BIO_set_mem_eof_return(btmp, 0);
+-		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+-		}
++    if (!PKCS7_is_detached(p7)) {
++	/*
++         * NOTE(emilia): I think we only reach os == NULL here because detached
++         * digested data support is broken.
++	*/
++        if (os == NULL)
++            goto err;
++        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
++            char *cont;
++            long contlen;
++            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++            if (btmp == NULL) {
++                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++                goto err;
++            }
++            contlen = BIO_get_mem_data(btmp, &cont);
++            /*
++             * Mark the BIO read only then we can use its copy of the data
++             * instead of making an extra copy.
++             */
++            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++            BIO_set_mem_eof_return(btmp, 0);
++            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++        }
++	}
+ 	ret=1;
+ err:
+ 	EVP_MD_CTX_cleanup(&ctx_tmp);
+@@ -971,6 +1019,16 @@ int PKCS7_dataVerify(X509_STORE *cert_st
+ 	STACK_OF(X509) *cert;
+ 	X509 *x509;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++        return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++        return 0;
++    }
++
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		cert=p7->d.sign->cert;
+Index: openssl-1.0.1i/crypto/pkcs7/pk7_lib.c
+===================================================================
+--- openssl-1.0.1i.orig/crypto/pkcs7/pk7_lib.c	2015-03-17 13:23:37.451700626 +0100
++++ openssl-1.0.1i/crypto/pkcs7/pk7_lib.c	2015-03-17 13:36:01.708627632 +0100
+@@ -71,6 +71,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long
+ 
+ 	switch (cmd)
+ 		{
++    /* NOTE(emilia): does not support detached digested data. */
+ 	case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ 		if (nid == NID_pkcs7_signed)
+ 			{
+@@ -459,6 +460,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
+ 
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ 	{
++	if (p7 == NULL || p7->d.ptr == NULL)
++		return NULL;
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		return(p7->d.sign->signer_info);

openssl-CVE-2015-0293.patch

@@ -0,0 +1,124 @@
+commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
+Author: Emilia Kasper <emilia@openssl.org>
+Date:   Wed Mar 4 09:05:02 2015 -0800
+
+    Fix reachable assert in SSLv2 servers.
+    
+    This assert is reachable for servers that support SSLv2 and export ciphers.
+    Therefore, such servers can be DoSed by sending a specially crafted
+    SSLv2 CLIENT-MASTER-KEY.
+    
+    Also fix s2_srvr.c to error out early if the key lengths are malformed.
+    These lengths are sent unencrypted, so this does not introduce an oracle.
+    
+    CVE-2015-0293
+    
+    This issue was discovered by Sean Burford (Google) and Emilia Käsper of
+    the OpenSSL development team.
+    
+    Reviewed-by: Richard Levitte <levitte@openssl.org>
+    Reviewed-by: Tim Hudson <tjh@openssl.org>
+
+Index: openssl-1.0.1i/ssl/s2_lib.c
+===================================================================
+--- openssl-1.0.1i.orig/ssl/s2_lib.c	2015-03-17 14:05:13.745459798 +0100
++++ openssl-1.0.1i/ssl/s2_lib.c	2015-03-17 14:05:14.763474757 +0100
+@@ -487,7 +487,7 @@ int ssl2_generate_key_material(SSL *s)
+ 
+ 		OPENSSL_assert(s->session->master_key_length >= 0
+ 		    && s->session->master_key_length
+-		    < (int)sizeof(s->session->master_key));
++		    <= (int)sizeof(s->session->master_key));
+ 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ 		EVP_DigestUpdate(&ctx,&c,1);
+ 		c++;
+Index: openssl-1.0.1i/ssl/s2_srvr.c
+===================================================================
+--- openssl-1.0.1i.orig/ssl/s2_srvr.c	2015-03-17 14:05:13.721459445 +0100
++++ openssl-1.0.1i/ssl/s2_srvr.c	2015-03-17 14:07:43.262655766 +0100
+@@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s)
+ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ 		return(-1);
+ 		}
+-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+ 
+ 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
+ 	
+@@ -467,21 +464,59 @@ static int get_client_master_key(SSL *s)
+ 	else
+ 		ek=5;
+ 
++    /*
++     * The format of the CLIENT-MASTER-KEY message is
++     * 1 byte message type
++     * 3 bytes cipher
++     * 2-byte clear key length (stored in s->s2->tmp.clear)
++     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++     * 2-byte key args length (IV etc)
++     * clear key
++     * encrypted key
++     * key args
++     *
++     * If the cipher is an export cipher, then the encrypted key bytes
++     * are a fixed portion of the total key (5 or 8 bytes). The size of
++     * this portion is in |ek|. If the cipher is not an export cipher,
++     * then the entire key material is encrypted (i.e., clear key length
++     * must be zero).
++     */
++    if ((!is_export && s->s2->tmp.clear != 0) ||
++        (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++        return -1;
++    }
++    /*
++     * The encrypted blob must decrypt to the encrypted portion of the key.
++     * Decryption can't be expanding, so if we don't have enough encrypted
++     * bytes to fit the key in the buffer, stop now.
++     */
++    if ((is_export && s->s2->tmp.enc < ek) ||
++        (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++        return -1;
++    }
++
++    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++                                &(p[s->s2->tmp.clear]),
++                                &(p[s->s2->tmp.clear]),
++                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++                                RSA_PKCS1_PADDING);
++
+ 	/* bad decrypt */
+ #if 1
+ 	/* If a bad decrypt, continue with protocol but with a
+ 	 * random master secret (Bleichenbacher attack) */
+-	if ((i < 0) ||
+-		((!is_export && (i != EVP_CIPHER_key_length(c)))
+-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+-			(unsigned int)EVP_CIPHER_key_length(c))))))
+-		{
++    if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++                    || (is_export && i != ek))) {
+ 		ERR_clear_error();
+ 		if (is_export)
+ 			i=ek;
+ 		else
+ 			i=EVP_CIPHER_key_length(c);
+-		if (RAND_pseudo_bytes(p,i) <= 0)
++	        if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ 			return 0;
+ 		}
+ #else
+@@ -505,7 +540,8 @@ static int get_client_master_key(SSL *s)
+ 		}
+ #endif
+ 
+-	if (is_export) i+=s->s2->tmp.clear;
++	if (is_export)
++	        i = EVP_CIPHER_key_length(c);
+ 
+ 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ 		{

openssl.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Mar 19 14:26:01 UTC 2015 - vcizek@suse.com
+
+- security update:
+ * CVE-2015-0209 (bnc#919648)
+   - Fix a failure to NULL a pointer freed on error
+ * CVE-2015-0286 (bnc#922496)
+   - Segmentation fault in ASN1_TYPE_cmp
+ * CVE-2015-0287 (bnc#922499)
+   - ASN.1 structure reuse memory corruption
+ * CVE-2015-0288 x509: (bnc#920236)
+   - added missing public key is not NULL check
+ * CVE-2015-0289 (bnc#922500)
+   - PKCS7 NULL pointer dereferences
+ * CVE-2015-0293 (bnc#922488)
+   - Fix reachable assert in SSLv2 servers
+ * added patches:
+   openssl-CVE-2015-0209.patch
+   openssl-CVE-2015-0286.patch
+   openssl-CVE-2015-0287.patch
+   openssl-CVE-2015-0288.patch
+   openssl-CVE-2015-0289.patch
+   openssl-CVE-2015-0293.patch
+
 -------------------------------------------------------------------
 Wed Feb  4 08:08:27 UTC 2015 - meissner@suse.com
 

openssl.spec

@@ -75,6 +75,12 @@ Patch34:        openssl-fips-hidden.patch
 Patch35:        openssl-1.0.1e-add-suse-default-cipher.patch 
 Patch36:        openssl-1.0.1e-add-suse-default-cipher-header.patch
 Patch37:        openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+Patch52:        openssl-CVE-2015-0209.patch
+Patch53:        openssl-CVE-2015-0286.patch
+Patch54:        openssl-CVE-2015-0287.patch
+Patch55:        openssl-CVE-2015-0288.patch
+Patch56:        openssl-CVE-2015-0289.patch
+Patch57:        openssl-CVE-2015-0293.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -191,6 +197,12 @@ this package's base documentation.
 %patch35 -p1
 %patch36 -p1
 %patch37 -p1
+%patch52 -p1
+%patch53 -p1
+%patch54 -p1
+%patch55 -p1
+%patch56 -p1
+%patch57 -p1
 cp -p %{S:10} .
 cp -p %{S:11} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"