From d2f19ec93b99108e555d498befee6d8d8d1175305374048c31bd5d935482fdb1 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Sat, 13 Oct 2007 16:03:24 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=9

---
 openssl-CVE-2007-5135.patch | 44 +++++++++++++++++++++++++++++++++++++
 openssl.changes             |  5 +++++
 openssl.spec                | 11 ++++++----
 3 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 openssl-CVE-2007-5135.patch

diff --git a/openssl-CVE-2007-5135.patch b/openssl-CVE-2007-5135.patch
new file mode 100644
index 0000000..db0615d
--- /dev/null
+++ b/openssl-CVE-2007-5135.patch
@@ -0,0 +1,44 @@
+--- a/ssl/ssl_lib.c	2007/08/12 18:59:02	1.133.2.9
++++ b/ssl/ssl_lib.c	2007/09/19 12:16:21	1.133.2.10
+@@ -1210,7 +1210,6 @@
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ 	{
+ 	char *p;
+-	const char *cp;
+ 	STACK_OF(SSL_CIPHER) *sk;
+ 	SSL_CIPHER *c;
+ 	int i;
+@@ -1223,20 +1222,21 @@
+ 	sk=s->session->ciphers;
+ 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ 		{
+-		/* Decrement for either the ':' or a '\0' */
+-		len--;
++		int n;
++
+ 		c=sk_SSL_CIPHER_value(sk,i);
+-		for (cp=c->name; *cp; )
++		n=strlen(c->name);
++		if (n+1 > len)
+ 			{
+-			if (len-- <= 0)
+-				{
+-				*p='\0';
+-				return(buf);
+-				}
+-			else
+-				*(p++)= *(cp++);
++			if (p != buf)
++				--p;
++			*p='\0';
++			return buf;
+ 			}
++		strcpy(p,c->name);
++		p+=n;
+ 		*(p++)=':';
++		len-=n+1;
+ 		}
+ 	p[-1]='\0';
+ 	return(buf);
+
+
diff --git a/openssl.changes b/openssl.changes
index 26f62ec..5e4238d 100644
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Oct  1 11:29:55 CEST 2007 - mkoenig@suse.de
+
+- fix buffer overflow CVE-2007-5135 [#329208] 
+
 -------------------------------------------------------------------
 Wed Sep  5 11:39:26 CEST 2007 - mkoenig@suse.de
 
diff --git a/openssl.spec b/openssl.spec
index a1f975b..c508ad0 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -17,11 +17,11 @@ BuildRequires:  bc ed zlib-devel
 License:        BSD 3-Clause
 Group:          Productivity/Networking/Security
 Provides:       ssl
-Autoreqprov:    on
+AutoReqProv:    on
 Version:        0.9.8e
-Release:        41
+Release:        47
 Summary:        Secure Sockets and Transport Layer Security
-URL:            http://www.openssl.org/
+Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
 Source10:       README.SuSE
 Source20:       ICP-Brasil.pem
@@ -41,6 +41,7 @@ Patch21:        bswap.diff
 Patch22:        openssl-0.9.8-key_length.patch
 Patch23:        openssl-gcc42.patch
 Patch24:        openssl-gcc42_b.patch
+Patch25:        openssl-CVE-2007-5135.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       libopenssl0_9_8
 
@@ -202,6 +203,7 @@ Authors:
 %patch22 -p1
 %patch23
 %patch24
+%patch25 -p1
 cp -p %{S:10} .
 cp -p %{S:20} certs/
 cp -p %{S:21} certs/
@@ -415,8 +417,9 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %files certs
 %defattr(-, root, root)
 %{ssletcdir}/certs
-
 %changelog
+* Mon Oct 01 2007 - mkoenig@suse.de
+- fix buffer overflow CVE-2007-5135 [#329208]
 * Wed Sep 05 2007 - mkoenig@suse.de
 - fix another gcc 4.2 build problem [#307669]
 * Fri Aug 03 2007 - coolo@suse.de