From 89417722097d5e19bb45ab58197212a42e2984527c70357cb3bdaadc906ac49a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 5 Jun 2008 15:54:34 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=16 --- openssl-CVE-2008-0891.patch | 15 +++++++++++++++ openssl-CVE-2008-1672.patch | 21 +++++++++++++++++++++ openssl.changes | 7 +++++++ openssl.spec | 10 +++++++++- 4 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 openssl-CVE-2008-0891.patch create mode 100644 openssl-CVE-2008-1672.patch diff --git a/openssl-CVE-2008-0891.patch b/openssl-CVE-2008-0891.patch new file mode 100644 index 0000000..e2a3746 --- /dev/null +++ b/openssl-CVE-2008-0891.patch @@ -0,0 +1,15 @@ +Index: ssl/t1_lib.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v +retrieving revision 1.13.2.8 +diff -u -r1.13.2.8 t1_lib.c +--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8 ++++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000 +@@ -381,6 +381,7 @@ + s->session->tlsext_hostname[len]='\0'; + if (strlen(s->session->tlsext_hostname) != len) { + OPENSSL_free(s->session->tlsext_hostname); ++ s->session->tlsext_hostname = NULL; + *al = TLS1_AD_UNRECOGNIZED_NAME; + return 0; + } diff --git a/openssl-CVE-2008-1672.patch b/openssl-CVE-2008-1672.patch new file mode 100644 index 0000000..79c56f6 --- /dev/null +++ b/openssl-CVE-2008-1672.patch @@ -0,0 +1,21 @@ +Index: ssl/s3_clnt.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v +retrieving revision 1.88.2.12 +diff -u -r1.88.2.12 s3_clnt.c +--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12 ++++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000 +@@ -2061,6 +2061,13 @@ + { + DH *dh_srvr,*dh_clnt; + ++ if (s->session->sess_cert == NULL) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); ++ goto err; ++ } ++ + if (s->session->sess_cert->peer_dh_tmp != NULL) + dh_srvr=s->session->sess_cert->peer_dh_tmp; + else diff --git a/openssl.changes b/openssl.changes index 6443e21..4e139c5 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de + +- fix OpenSSL Server Name extension crash (CVE-2008-0891) + and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672) + [bnc#394317] + ------------------------------------------------------------------- Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de diff --git a/openssl.spec b/openssl.spec index 96e85b6..0104616 100644 --- a/openssl.spec +++ b/openssl.spec @@ -20,7 +20,7 @@ Group: Productivity/Networking/Security Provides: ssl AutoReqProv: on Version: 0.9.8g -Release: 43 +Release: 46 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -38,6 +38,8 @@ Patch5: openssl-0.9.6g-alpha.diff Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif Patch7: bswap.diff Patch8: openssl-0.9.8g-fix_dh_for_certain_moduli.patch +Patch9: openssl-CVE-2008-0891.patch +Patch10: openssl-CVE-2008-1672.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -198,6 +200,8 @@ Authors: %patch6 -p1 %patch7 %patch8 -p1 +%patch9 +%patch10 cp -p %{S:10} . cp -p %{S:20} certs/ cp -p %{S:21} certs/ @@ -413,6 +417,10 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %{ssletcdir}/certs %changelog +* Wed May 28 2008 mkoenig@suse.de +- fix OpenSSL Server Name extension crash (CVE-2008-0891) + and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672) + [bnc#394317] * Wed May 21 2008 cthiel@suse.de - fix baselibs.conf * Tue Apr 22 2008 mkoenig@suse.de