pool/openssl
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=10

Browse Source
This commit is contained in:
OBS User unknown 2007-10-16 16:23:27 +00:00 committed by Git OBS Bridge
parent d2f19ec93b
commit d033455313
10 changed files with 38 additions and 505 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
openssl-0.9.8-key_length.patch
View File

@ -1,19 +0,0 @@
#254905, #262477
http://cvs.openssl.org/chngview?cn=15978
EVP_CIPHER_CTX_key_length() should return the set key length in the
EVP_CIPHER_CTX structure which may not be the same as the underlying
cipher key length for variable length ciphers.
--- a/crypto/evp/evp_lib.c 2006/11/29 20:47:13 1.10.2.1
+++ b/crypto/evp/evp_lib.c 2007/02/27 18:42:52 1.10.2.2
@@ -225,7 +225,7 @@
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{
- return ctx->cipher->key_len;
+ return ctx->key_len;
}
int EVP_CIPHER_nid(const EVP_CIPHER *cipher)

3
openssl-0.9.8e.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:32b684e086d72446d22b7801cf52a14f183412be3403f5038b3d61cfb619eb62
size 2675965

3
openssl-0.9.8f.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0eed478e1d6de61b905d9605ec4eaf2d33d96f415b9214afff2f0f197cc80d4a
size 2680951

114
openssl-CVE-2007-3108-bug296511.diff
View File

@ -1,114 +0,0 @@
--- crypto/bn/bn_mont.c
+++ crypto/bn/bn_mont.c 2007-08-02 11:49:15.251420366 +0200
@@ -176,7 +176,6 @@ int BN_from_montgomery(BIGNUM *ret, cons
max=(nl+al+1); /* allow for overflow (no?) XXX */
if (bn_wexpand(r,max) == NULL) goto err;
- if (bn_wexpand(ret,max) == NULL) goto err;
r->neg=a->neg^n->neg;
np=n->d;
@@ -228,19 +227,70 @@ int BN_from_montgomery(BIGNUM *ret, cons
}
bn_correct_top(r);
- /* mont->ri will be a multiple of the word size */
-#if 0
- BN_rshift(ret,r,mont->ri);
-#else
- ret->neg = r->neg;
- x=ri;
+ /* mont->ri will be a multiple of the word size and below code
+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
+ if (r->top <= ri)
+ {
+ ret->top=0;
+ retn=1;
+ goto err;
+ }
+ al=r->top-ri;
+
+# define BRANCH_FREE 1
+# if BRANCH_FREE
+ if (bn_wexpand(ret,ri) == NULL) goto err;
+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
+ ret->neg=r->neg;
+
rp=ret->d;
- ap= &(r->d[x]);
- if (r->top < x)
- al=0;
- else
- al=r->top-x;
+ ap=&(r->d[ri]);
+
+ {
+ size_t m1,m2;
+
+ v=bn_sub_words(rp,ap,np,ri);
+ /* this ----------------^^ works even in al<ri case
+ * thanks to zealous zeroing of top of the vector in the
+ * beginning. */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /* in other words if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
+ m1|=m2; /* (al!=ri) */
+ m1|=(0-(size_t)v); /* (al!=ri || v) */
+ m1&=~m2; /* (al!=ri || v) && !al>ri */
+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+ }
+
+ /* 'i<ri' is chosen to eliminate dependency on input data, even
+ * though it results in redundant copy in al<ri case. */
+ for (i=0,ri-=4; i<ri; i+=4)
+ {
+ BN_ULONG t1,t2,t3,t4;
+
+ t1=nrp[i+0];
+ t2=nrp[i+1];
+ t3=nrp[i+2]; ap[i+0]=0;
+ t4=nrp[i+3]; ap[i+1]=0;
+ rp[i+0]=t1; ap[i+2]=0;
+ rp[i+1]=t2; ap[i+3]=0;
+ rp[i+2]=t3;
+ rp[i+3]=t4;
+ }
+ for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0;
+# else
+ if (bn_wexpand(ret,al) == NULL) goto err;
ret->top=al;
+ ret->neg=r->neg;
+
+ rp=ret->d;
+ ap=&(r->d[ri]);
al-=4;
for (i=0; i<al; i+=4)
{
@@ -258,7 +308,7 @@ int BN_from_montgomery(BIGNUM *ret, cons
al+=4;
for (; i<al; i++)
rp[i]=ap[i];
-#endif
+# endif
#else /* !MONT_WORD */
BIGNUM *t1,*t2;
@@ -278,10 +328,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
if (!BN_rshift(ret,t2,mont->ri)) goto err;
#endif /* MONT_WORD */
+#if !defined(BRANCH_FREE) || BRANCH_FREE==0
if (BN_ucmp(ret, &(mont->N)) >= 0)
{
if (!BN_usub(ret,ret,&(mont->N))) goto err;
}
+#endif
retn=1;
bn_check_top(ret);
err:

44
openssl-CVE-2007-5135.patch
View File

@ -1,44 +0,0 @@
--- a/ssl/ssl_lib.c 2007/08/12 18:59:02 1.133.2.9
+++ b/ssl/ssl_lib.c 2007/09/19 12:16:21 1.133.2.10
@@ -1210,7 +1210,6 @@
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
{
char *p;
- const char *cp;
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int i;
@@ -1223,20 +1222,21 @@
sk=s->session->ciphers;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
- /* Decrement for either the ':' or a '\0' */
- len--;
+ int n;
+
c=sk_SSL_CIPHER_value(sk,i);
- for (cp=c->name; *cp; )
+ n=strlen(c->name);
+ if (n+1 > len)
{
- if (len-- <= 0)
- {
- *p='\0';
- return(buf);
- }
- else
- *(p++)= *(cp++);
+ if (p != buf)
+ --p;
+ *p='\0';
+ return buf;
}
+ strcpy(p,c->name);
+ p+=n;
*(p++)=':';
+ len-=n+1;
}
p[-1]='\0';
return(buf);

276
openssl-gcc42.patch
View File

@ -1,276 +0,0 @@
From: Peter Hartley <pdh@utter.chaos.org.uk>
Subject: [PATCH] OpenSSL vs GCC 4.2.0
To: openssl-dev@openssl.org
Date: Tue, 22 May 2007 11:59:13 +0100
Reply-To: openssl-dev@openssl.org
Hi there,
Having just downloaded GCC 4.2.0 and discovered that it can't build
OpenSSL (not even in the snapshots AFAICT), I'd like to offer a possible
solution.
The earlier thread on openssl-dev explains that OpenSSL chooses to cast
the function pointers, not the parameters, to achieve type-safety; i.e.
to ensure that errors occur if the wrong types are passed to the
XYZ_of() functions.
So how about using expressions of the form
(void*)(1 ? x : ((T*)NULL))
instead? That way, if x isn't of the right type, GCC will warn because
the ?: gets different types in the two branches. Meanwhile the function
itself is getting called with the correct types, and while OpenSSL is
still "deceiving" the type system, it's doing so only via function
pointers (so there's no way that the compiler, examining any one
translation unit, can "tell" that deception is being attempted). And the
compiler should easily spot that the condition ("1") is always true, and
so generate no extra code compared to the direct, non-typesafe call.
--- crypto/asn1/asn1.h~ 2007-04-14 19:00:19.000000000 +0100
+++ crypto/asn1/asn1.h 2007-05-16 14:48:27.000000000 +0100
@@ -329,6 +329,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
#define I2D_OF(type) int (*)(type *,unsigned char **)
#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+#define CHECKED_D2I_OF(type, d2i) \
+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) \
+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_NEW_OF(type, xnew) \
+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+#define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+#define CHECKED_PPTR_OF(type, p) \
+ ((void**) (1 ? p : (type**)0))
+
#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
@@ -914,23 +925,41 @@ int ASN1_object_size(int constructed, in
/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
#define ASN1_dup_of(type,i2d,d2i,x) \
- ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_dup_of_const(type,i2d,d2i,x) \
- ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(const type, x)))
void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
#ifndef OPENSSL_NO_FP_API
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+
#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
- ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x)
+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+
#define ASN1_i2d_fp_of(type,i2d,out,x) \
- ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
- ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
#endif
@@ -939,14 +968,26 @@ int ASN1_STRING_to_UTF8(unsigned char **
#ifndef OPENSSL_NO_BIO
void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+
#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
- ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x)
+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+
#define ASN1_i2d_bio_of(type,i2d,out,x) \
- ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
- ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
@@ -983,8 +1024,12 @@ void *ASN1_unpack_string(ASN1_STRING *oc
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
ASN1_OCTET_STRING **oct);
+
#define ASN1_pack_string_of(type,obj,i2d,oct) \
- ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct)
+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
+ CHECKED_I2D_OF(type, i2d), \
+ oct))
+
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
void ASN1_STRING_set_default_mask(unsigned long mask);
--- crypto/pem/pem.h~ 2007-04-05 18:00:52.000000000 +0100
+++ crypto/pem/pem.h 2007-05-16 14:48:42.000000000 +0100
@@ -221,19 +221,28 @@ typedef struct pem_ctx_st
#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
{ \
-return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \
+ return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+ str, fp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u); \
}
#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
int PEM_write_##name(FILE *fp, type *x) \
{ \
-return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
int PEM_write_##name(FILE *fp, const type *x) \
{ \
-return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(const type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@@ -241,7 +250,10 @@ int PEM_write_##name(FILE *fp, type *x,
unsigned char *kstr, int klen, pem_password_cb *cb, \
void *u) \
{ \
- return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u); \
}
#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@@ -249,7 +261,10 @@ int PEM_write_##name(FILE *fp, type *x,
unsigned char *kstr, int klen, pem_password_cb *cb, \
void *u) \
{ \
- return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(const type, x), \
+ enc, kstr, klen, cb, u); \
}
#endif
@@ -257,33 +272,48 @@ int PEM_write_##name(FILE *fp, type *x,
#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
{ \
-return(((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i_##asn1, str,bp,x,cb,u)); \
+ return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+ str, bp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u); \
}
#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x) \
{ \
-return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, const type *x) \
{ \
-return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(const type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
{ \
- return(((int (*)(I2D_OF(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u); \
}
#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
{ \
- return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(const type, x), \
+ enc, kstr, klen, cb, u); \
}
#define IMPLEMENT_PEM_write(name, type, str, asn1) \
@@ -414,13 +444,22 @@ int PEM_bytes_read_bio(unsigned char **p
pem_password_cb *cb, void *u);
void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
void **x, pem_password_cb *cb, void *u);
+
#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
-((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i,name,bp,x,cb,u)
+ ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
+ name, bp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u))
+
int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
const EVP_CIPHER *enc,unsigned char *kstr,int klen,
pem_password_cb *cb, void *u);
+
#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
- ((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d,name,bp,x,enc,kstr,klen,cb,u)
+ (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
+ name, bp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u))
STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,

12
openssl-gcc42_b.patch
View File

@ -1,12 +0,0 @@
--- crypto/ocsp/ocsp.h.orig 2007-09-02 17:56:39.000000000 +0200
+++ crypto/ocsp/ocsp.h 2007-09-02 18:04:50.000000000 +0200
@@ -469,7 +469,7 @@
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
void *data, STACK_OF(ASN1_OBJECT) *sk);
#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
-((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk)
+ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);

12
openssl-s390-config.diff
View File

@ -1,12 +0,0 @@
--- config
+++ config 2006/01/16 10:33:01
@@ -591,7 +591,8 @@
sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
- s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
+ s390-*-linux2) OUT="linux-s390"; options="$options -DB_ENDIAN -DNO_ASM" ;;
+ s390x-*-linux2) OUT="linux-s390x"; options="$options -DB_ENDIAN -DNO_ASM" ;;
x86_64-*-linux?) OUT="linux-x86_64" ;;
*86-*-linux2) OUT="linux-elf"
if [ "$GCCVER" -gt 28 ]; then

13
openssl.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Mon Oct 15 11:17:14 CEST 2007 - mkoenig@suse.de
- update to version 0.9.8f:
* fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
- patches merged upstream:
openssl-0.9.8-key_length.patch
openssl-CVE-2007-3108-bug296511
openssl-CVE-2007-5135.patch
openssl-gcc42.patch
openssl-gcc42_b.patch
openssl-s390-config.diff
-------------------------------------------------------------------
Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de

47
openssl.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package openssl (Version 0.9.8e)
# spec file for package openssl (Version 0.9.8f)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -18,8 +18,8 @@ License: BSD 3-Clause
Group: Productivity/Networking/Security
Provides: ssl
AutoReqProv: on
Version: 0.9.8e
Release: 47
Version: 0.9.8f
Release: 1
Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@ -29,21 +29,14 @@ Source21: Equifax-root1.pem
Patch0: openssl-0.9.8-sparc.dif
Patch1: openssl-0.9.8-flags-priority.dif
Patch2: non-exec-stack.diff
Patch4: openssl-CVE-2007-3108-bug296511.diff
Patch7: openssl-0.9.7f-ppc64.diff
Patch8: openssl-hppa-config.diff
Patch9: openssl-0.9.6g-alpha.diff
Patch3: openssl-0.9.7f-ppc64.diff
Patch4: openssl-hppa-config.diff
Patch5: openssl-0.9.6g-alpha.diff
# http://www-124.ibm.com/developerworks/projects/libica/
#Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2
Patch11: openssl-s390-config.diff
Patch20: openssl-0.9.8a.ca-app-segfault.bug128655.dif
Patch21: bswap.diff
Patch22: openssl-0.9.8-key_length.patch
Patch23: openssl-gcc42.patch
Patch24: openssl-gcc42_b.patch
Patch25: openssl-CVE-2007-5135.patch
Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif
Patch7: bswap.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: libopenssl0_9_8
%description
The OpenSSL Project is a collaborative effort to develop a robust,
@ -192,18 +185,12 @@ Authors:
%patch -p1
%patch1 -p1
%patch2
%patch3 -p1
%patch4
%patch7 -p1
%patch8
%patch9 -p1
%patch5 -p1
#%patch10 -p1
%patch11
%patch20 -p1
%patch21
%patch22 -p1
%patch23
%patch24
%patch25 -p1
%patch6 -p1
%patch7
cp -p %{S:10} .
cp -p %{S:20} certs/
cp -p %{S:21} certs/
@ -418,6 +405,16 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%defattr(-, root, root)
%{ssletcdir}/certs
%changelog
* Mon Oct 15 2007 - mkoenig@suse.de
- update to version 0.9.8f:
* fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
- patches merged upstream:
openssl-0.9.8-key_length.patch
openssl-CVE-2007-3108-bug296511
openssl-CVE-2007-5135.patch
openssl-gcc42.patch
openssl-gcc42_b.patch
openssl-s390-config.diff
* Mon Oct 01 2007 - mkoenig@suse.de
- fix buffer overflow CVE-2007-5135 [#329208]
* Wed Sep 05 2007 - mkoenig@suse.de