OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=9

2007-10-13 16:03:24 +00:00 · 2007-10-13 16:03:24 +00:00 · d2f19ec93b
commit d2f19ec93b
parent 6f38c49570
3 changed files with 56 additions and 4 deletions
--- a/openssl-CVE-2007-5135.patch
+++ b/openssl-CVE-2007-5135.patch
@ -0,0 +1,44 @@
+--- a/ssl/ssl_lib.c	2007/08/12 18:59:02	1.133.2.9
+++ b/ssl/ssl_lib.c	2007/09/19 12:16:21	1.133.2.10
+@@ -1210,7 +1210,6 @@
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ 	{
+ 	char *p;
+-	const char *cp;
+ 	STACK_OF(SSL_CIPHER) *sk;
+ 	SSL_CIPHER *c;
+ 	int i;
+@@ -1223,20 +1222,21 @@
+ 	sk=s->session->ciphers;
+ 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ 		{
+-		/* Decrement for either the ':' or a '\0' */
+-		len--;
+		int n;
+
+ 		c=sk_SSL_CIPHER_value(sk,i);
+-		for (cp=c->name; *cp; )
+		n=strlen(c->name);
+		if (n+1 > len)
+ 			{
+-			if (len-- <= 0)
+-				{
+-				*p='\0';
+-				return(buf);
+-				}
+-			else
+-				*(p++)= *(cp++);
+			if (p != buf)
+				--p;
+			*p='\0';
+			return buf;
+ 			}
+		strcpy(p,c->name);
+		p+=n;
+ 		*(p++)=':';
+		len-=n+1;
+ 		}
+ 	p[-1]='\0';
+ 	return(buf);
+
+
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Oct  1 11:29:55 CEST 2007 - mkoenig@suse.de
+
+- fix buffer overflow CVE-2007-5135 [#329208] 
+
 -------------------------------------------------------------------
 Wed Sep  5 11:39:26 CEST 2007 - mkoenig@suse.de

--- a/openssl.spec
+++ b/openssl.spec
@ -17,11 +17,11 @@ BuildRequires:  bc ed zlib-devel
 License:        BSD 3-Clause
 Group:          Productivity/Networking/Security
 Provides:       ssl
-Autoreqprov:    on
+AutoReqProv:    on
 Version:        0.9.8e
-Release:        41
+Release:        47
 Summary:        Secure Sockets and Transport Layer Security
-URL:            http://www.openssl.org/
+Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
 Source10:       README.SuSE
 Source20:       ICP-Brasil.pem
@ -41,6 +41,7 @@ Patch21:        bswap.diff
 Patch22:        openssl-0.9.8-key_length.patch
 Patch23:        openssl-gcc42.patch
 Patch24:        openssl-gcc42_b.patch
+Patch25:        openssl-CVE-2007-5135.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       libopenssl0_9_8

@ -202,6 +203,7 @@ Authors:
 %patch22 -p1
 %patch23
 %patch24
+%patch25 -p1
 cp -p %{S:10} .
 cp -p %{S:20} certs/
 cp -p %{S:21} certs/
@ -415,8 +417,9 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %files certs
 %defattr(-, root, root)
 %{ssletcdir}/certs
-
 %changelog
+* Mon Oct 01 2007 - mkoenig@suse.de
+- fix buffer overflow CVE-2007-5135 [#329208]
 * Wed Sep 05 2007 - mkoenig@suse.de
 - fix another gcc 4.2 build problem [#307669]
 * Fri Aug 03 2007 - coolo@suse.de