pool/openssl
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=16

Browse Source
This commit is contained in:
OBS User unknown 2008-06-05 15:54:34 +00:00 committed by Git OBS Bridge
parent 0d0b9e04b1
commit 8941772209
4 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
openssl-CVE-2008-0891.patch Normal file
View File

@ -0,0 +1,15 @@
Index: ssl/t1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.8
diff -u -r1.13.2.8 t1_lib.c
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
@@ -381,6 +381,7 @@
s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) {
OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}

21
openssl-CVE-2008-1672.patch Normal file
View File

@ -0,0 +1,21 @@
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.12
diff -u -r1.88.2.12 s3_clnt.c
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
@@ -2061,6 +2061,13 @@
{
DH *dh_srvr,*dh_clnt;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp;
else

7
openssl.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
[bnc#394317]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de

10
openssl.spec
View File

@ -20,7 +20,7 @@ Group: Productivity/Networking/Security
Provides: ssl Provides: ssl
AutoReqProv: on AutoReqProv: on
Version: 0.9.8g Version: 0.9.8g
Release: 43 Release: 46
Summary: Secure Sockets and Transport Layer Security Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/ Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@ -38,6 +38,8 @@ Patch5: openssl-0.9.6g-alpha.diff
Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif
Patch7: bswap.diff Patch7: bswap.diff
Patch8: openssl-0.9.8g-fix_dh_for_certain_moduli.patch Patch8: openssl-0.9.8g-fix_dh_for_certain_moduli.patch
Patch9: openssl-CVE-2008-0891.patch
Patch10: openssl-CVE-2008-1672.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -198,6 +200,8 @@ Authors:
%patch6 -p1 %patch6 -p1
%patch7 %patch7
%patch8 -p1 %patch8 -p1
%patch9
%patch10
cp -p %{S:10} . cp -p %{S:10} .
cp -p %{S:20} certs/ cp -p %{S:20} certs/
cp -p %{S:21} certs/ cp -p %{S:21} certs/
@ -413,6 +417,10 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%{ssletcdir}/certs %{ssletcdir}/certs
%changelog %changelog
* Wed May 28 2008 mkoenig@suse.de
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
[bnc#394317]
* Wed May 21 2008 cthiel@suse.de * Wed May 21 2008 cthiel@suse.de
- fix baselibs.conf - fix baselibs.conf
* Tue Apr 22 2008 mkoenig@suse.de * Tue Apr 22 2008 mkoenig@suse.de