From d0334553137e9ac10a3df8e8227b7c9cd0eda26320f612f2be00fad2cbb1c714 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 16 Oct 2007 16:23:27 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=10 --- openssl-0.9.8-key_length.patch | 19 -- openssl-0.9.8e.tar.bz2 | 3 - openssl-0.9.8f.tar.bz2 | 3 + openssl-CVE-2007-3108-bug296511.diff | 114 ----------- openssl-CVE-2007-5135.patch | 44 ----- openssl-gcc42.patch | 276 --------------------------- openssl-gcc42_b.patch | 12 -- openssl-s390-config.diff | 12 -- openssl.changes | 13 ++ openssl.spec | 47 +++-- 10 files changed, 38 insertions(+), 505 deletions(-) delete mode 100644 openssl-0.9.8-key_length.patch delete mode 100644 openssl-0.9.8e.tar.bz2 create mode 100644 openssl-0.9.8f.tar.bz2 delete mode 100644 openssl-CVE-2007-3108-bug296511.diff delete mode 100644 openssl-CVE-2007-5135.patch delete mode 100644 openssl-gcc42.patch delete mode 100644 openssl-gcc42_b.patch delete mode 100644 openssl-s390-config.diff diff --git a/openssl-0.9.8-key_length.patch b/openssl-0.9.8-key_length.patch deleted file mode 100644 index 1d75f93..0000000 --- a/openssl-0.9.8-key_length.patch +++ /dev/null @@ -1,19 +0,0 @@ -#254905, #262477 - -http://cvs.openssl.org/chngview?cn=15978 - -EVP_CIPHER_CTX_key_length() should return the set key length in the -EVP_CIPHER_CTX structure which may not be the same as the underlying -cipher key length for variable length ciphers. - ---- a/crypto/evp/evp_lib.c 2006/11/29 20:47:13 1.10.2.1 -+++ b/crypto/evp/evp_lib.c 2007/02/27 18:42:52 1.10.2.2 -@@ -225,7 +225,7 @@ - - int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) - { -- return ctx->cipher->key_len; -+ return ctx->key_len; - } - - int EVP_CIPHER_nid(const EVP_CIPHER *cipher) diff --git a/openssl-0.9.8e.tar.bz2 b/openssl-0.9.8e.tar.bz2 deleted file mode 100644 index 103b4c9..0000000 --- a/openssl-0.9.8e.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:32b684e086d72446d22b7801cf52a14f183412be3403f5038b3d61cfb619eb62 -size 2675965 diff --git a/openssl-0.9.8f.tar.bz2 b/openssl-0.9.8f.tar.bz2 new file mode 100644 index 0000000..6fb94c4 --- /dev/null +++ b/openssl-0.9.8f.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0eed478e1d6de61b905d9605ec4eaf2d33d96f415b9214afff2f0f197cc80d4a +size 2680951 diff --git a/openssl-CVE-2007-3108-bug296511.diff b/openssl-CVE-2007-3108-bug296511.diff deleted file mode 100644 index 19d5e44..0000000 --- a/openssl-CVE-2007-3108-bug296511.diff +++ /dev/null @@ -1,114 +0,0 @@ ---- crypto/bn/bn_mont.c -+++ crypto/bn/bn_mont.c 2007-08-02 11:49:15.251420366 +0200 -@@ -176,7 +176,6 @@ int BN_from_montgomery(BIGNUM *ret, cons - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; -- if (bn_wexpand(ret,max) == NULL) goto err; - - r->neg=a->neg^n->neg; - np=n->d; -@@ -228,19 +227,70 @@ int BN_from_montgomery(BIGNUM *ret, cons - } - bn_correct_top(r); - -- /* mont->ri will be a multiple of the word size */ --#if 0 -- BN_rshift(ret,r,mont->ri); --#else -- ret->neg = r->neg; -- x=ri; -+ /* mont->ri will be a multiple of the word size and below code -+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */ -+ if (r->top <= ri) -+ { -+ ret->top=0; -+ retn=1; -+ goto err; -+ } -+ al=r->top-ri; -+ -+# define BRANCH_FREE 1 -+# if BRANCH_FREE -+ if (bn_wexpand(ret,ri) == NULL) goto err; -+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1); -+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ -+ ret->neg=r->neg; -+ - rp=ret->d; -- ap= &(r->d[x]); -- if (r->top < x) -- al=0; -- else -- al=r->top-x; -+ ap=&(r->d[ri]); -+ -+ { -+ size_t m1,m2; -+ -+ v=bn_sub_words(rp,ap,np,ri); -+ /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ -+ /* in other words if subtraction result is real, then -+ * trick unconditional memcpy below to perform in-place -+ * "refresh" instead of actual copy. */ -+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ -+ m1|=m2; /* (al!=ri) */ -+ m1|=(0-(size_t)v); /* (al!=ri || v) */ -+ m1&=~m2; /* (al!=ri || v) && !al>ri */ -+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); -+ } -+ -+ /* 'itop=al; -+ ret->neg=r->neg; -+ -+ rp=ret->d; -+ ap=&(r->d[ri]); - al-=4; - for (i=0; iri)) goto err; - #endif /* MONT_WORD */ - -+#if !defined(BRANCH_FREE) || BRANCH_FREE==0 - if (BN_ucmp(ret, &(mont->N)) >= 0) - { - if (!BN_usub(ret,ret,&(mont->N))) goto err; - } -+#endif - retn=1; - bn_check_top(ret); - err: diff --git a/openssl-CVE-2007-5135.patch b/openssl-CVE-2007-5135.patch deleted file mode 100644 index db0615d..0000000 --- a/openssl-CVE-2007-5135.patch +++ /dev/null @@ -1,44 +0,0 @@ ---- a/ssl/ssl_lib.c 2007/08/12 18:59:02 1.133.2.9 -+++ b/ssl/ssl_lib.c 2007/09/19 12:16:21 1.133.2.10 -@@ -1210,7 +1210,6 @@ - char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { - char *p; -- const char *cp; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int i; -@@ -1223,20 +1222,21 @@ - sk=s->session->ciphers; - for (i=0; iname; *cp; ) -+ n=strlen(c->name); -+ if (n+1 > len) - { -- if (len-- <= 0) -- { -- *p='\0'; -- return(buf); -- } -- else -- *(p++)= *(cp++); -+ if (p != buf) -+ --p; -+ *p='\0'; -+ return buf; - } -+ strcpy(p,c->name); -+ p+=n; - *(p++)=':'; -+ len-=n+1; - } - p[-1]='\0'; - return(buf); - - diff --git a/openssl-gcc42.patch b/openssl-gcc42.patch deleted file mode 100644 index 7536ea8..0000000 --- a/openssl-gcc42.patch +++ /dev/null @@ -1,276 +0,0 @@ -From: Peter Hartley -Subject: [PATCH] OpenSSL vs GCC 4.2.0 -To: openssl-dev@openssl.org -Date: Tue, 22 May 2007 11:59:13 +0100 -Reply-To: openssl-dev@openssl.org - -Hi there, - -Having just downloaded GCC 4.2.0 and discovered that it can't build -OpenSSL (not even in the snapshots AFAICT), I'd like to offer a possible -solution. - -The earlier thread on openssl-dev explains that OpenSSL chooses to cast -the function pointers, not the parameters, to achieve type-safety; i.e. -to ensure that errors occur if the wrong types are passed to the -XYZ_of() functions. - -So how about using expressions of the form - (void*)(1 ? x : ((T*)NULL)) -instead? That way, if x isn't of the right type, GCC will warn because -the ?: gets different types in the two branches. Meanwhile the function -itself is getting called with the correct types, and while OpenSSL is -still "deceiving" the type system, it's doing so only via function -pointers (so there's no way that the compiler, examining any one -translation unit, can "tell" that deception is being attempted). And the -compiler should easily spot that the condition ("1") is always true, and -so generate no extra code compared to the direct, non-typesafe call. - ---- crypto/asn1/asn1.h~ 2007-04-14 19:00:19.000000000 +0100 -+++ crypto/asn1/asn1.h 2007-05-16 14:48:27.000000000 +0100 -@@ -329,6 +329,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; - #define I2D_OF(type) int (*)(type *,unsigned char **) - #define I2D_OF_const(type) int (*)(const type *,unsigned char **) - -+#define CHECKED_D2I_OF(type, d2i) \ -+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) -+#define CHECKED_I2D_OF(type, i2d) \ -+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) -+#define CHECKED_NEW_OF(type, xnew) \ -+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) -+#define CHECKED_PTR_OF(type, p) \ -+ ((void*) (1 ? p : (type*)0)) -+#define CHECKED_PPTR_OF(type, p) \ -+ ((void**) (1 ? p : (type**)0)) -+ - #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) - #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) - #define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) -@@ -914,23 +925,41 @@ int ASN1_object_size(int constructed, in - - /* Used to implement other functions */ - void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); -+ - #define ASN1_dup_of(type,i2d,d2i,x) \ -- ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) -+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ CHECKED_PTR_OF(type, x))) -+ - #define ASN1_dup_of_const(type,i2d,d2i,x) \ -- ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) -+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ CHECKED_PTR_OF(const type, x))) - - void *ASN1_item_dup(const ASN1_ITEM *it, void *x); - - #ifndef OPENSSL_NO_FP_API - void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); -+ - #define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ -- ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x) -+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ in, \ -+ CHECKED_PPTR_OF(type, x))) -+ - void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); - int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); -+ - #define ASN1_i2d_fp_of(type,i2d,out,x) \ -- ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) -+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(type, x))) -+ - #define ASN1_i2d_fp_of_const(type,i2d,out,x) \ -- ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) -+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(const type, x))) -+ - int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); - int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); - #endif -@@ -939,14 +968,26 @@ int ASN1_STRING_to_UTF8(unsigned char ** - - #ifndef OPENSSL_NO_BIO - void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); -+ - #define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ -- ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x) -+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ in, \ -+ CHECKED_PPTR_OF(type, x))) -+ - void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); - int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); -+ - #define ASN1_i2d_bio_of(type,i2d,out,x) \ -- ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) -+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(type, x))) -+ - #define ASN1_i2d_bio_of_const(type,i2d,out,x) \ -- ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) -+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(const type, x))) -+ - int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); - int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); - int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); -@@ -983,8 +1024,12 @@ void *ASN1_unpack_string(ASN1_STRING *oc - void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); - ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, - ASN1_OCTET_STRING **oct); -+ - #define ASN1_pack_string_of(type,obj,i2d,oct) \ -- ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct) -+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ -+ CHECKED_I2D_OF(type, i2d), \ -+ oct)) -+ - ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); - - void ASN1_STRING_set_default_mask(unsigned long mask); ---- crypto/pem/pem.h~ 2007-04-05 18:00:52.000000000 +0100 -+++ crypto/pem/pem.h 2007-05-16 14:48:42.000000000 +0100 -@@ -221,19 +221,28 @@ typedef struct pem_ctx_st - #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ - type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ - { \ --return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \ -+ return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ -+ str, fp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u); \ - } - - #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, type *x) \ - { \ --return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, const type *x) \ - { \ --return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ -@@ -241,7 +250,10 @@ int PEM_write_##name(FILE *fp, type *x, - unsigned char *kstr, int klen, pem_password_cb *cb, \ - void *u) \ - { \ -- return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ -@@ -249,7 +261,10 @@ int PEM_write_##name(FILE *fp, type *x, - unsigned char *kstr, int klen, pem_password_cb *cb, \ - void *u) \ - { \ -- return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #endif -@@ -257,33 +272,48 @@ int PEM_write_##name(FILE *fp, type *x, - #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ - { \ --return(((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i_##asn1, str,bp,x,cb,u)); \ -+ return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ -+ str, bp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u); \ - } - - #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x) \ - { \ --return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, const type *x) \ - { \ --return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ - { \ -- return(((int (*)(I2D_OF(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ - { \ -- return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #define IMPLEMENT_PEM_write(name, type, str, asn1) \ -@@ -414,13 +444,22 @@ int PEM_bytes_read_bio(unsigned char **p - pem_password_cb *cb, void *u); - void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, - void **x, pem_password_cb *cb, void *u); -+ - #define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ --((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i,name,bp,x,cb,u) -+ ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ -+ name, bp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u)) -+ - int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, - const EVP_CIPHER *enc,unsigned char *kstr,int klen, - pem_password_cb *cb, void *u); -+ - #define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ -- ((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d,name,bp,x,enc,kstr,klen,cb,u) -+ (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ -+ name, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u)) - - STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); - int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, diff --git a/openssl-gcc42_b.patch b/openssl-gcc42_b.patch deleted file mode 100644 index c70193c..0000000 --- a/openssl-gcc42_b.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- crypto/ocsp/ocsp.h.orig 2007-09-02 17:56:39.000000000 +0200 -+++ crypto/ocsp/ocsp.h 2007-09-02 18:04:50.000000000 +0200 -@@ -469,7 +469,7 @@ - ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, - void *data, STACK_OF(ASN1_OBJECT) *sk); - #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ --((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk) -+ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) - - X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); - - diff --git a/openssl-s390-config.diff b/openssl-s390-config.diff deleted file mode 100644 index 9a0ef5d..0000000 --- a/openssl-s390-config.diff +++ /dev/null @@ -1,12 +0,0 @@ ---- config -+++ config 2006/01/16 10:33:01 -@@ -591,7 +591,8 @@ - sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; - sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; - m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; -- s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;; -+ s390-*-linux2) OUT="linux-s390"; options="$options -DB_ENDIAN -DNO_ASM" ;; -+ s390x-*-linux2) OUT="linux-s390x"; options="$options -DB_ENDIAN -DNO_ASM" ;; - x86_64-*-linux?) OUT="linux-x86_64" ;; - *86-*-linux2) OUT="linux-elf" - if [ "$GCCVER" -gt 28 ]; then diff --git a/openssl.changes b/openssl.changes index 5e4238d..7c1071c 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Oct 15 11:17:14 CEST 2007 - mkoenig@suse.de + +- update to version 0.9.8f: + * fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995 +- patches merged upstream: + openssl-0.9.8-key_length.patch + openssl-CVE-2007-3108-bug296511 + openssl-CVE-2007-5135.patch + openssl-gcc42.patch + openssl-gcc42_b.patch + openssl-s390-config.diff + ------------------------------------------------------------------- Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de diff --git a/openssl.spec b/openssl.spec index c508ad0..1ce2100 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,5 +1,5 @@ # -# spec file for package openssl (Version 0.9.8e) +# spec file for package openssl (Version 0.9.8f) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -18,8 +18,8 @@ License: BSD 3-Clause Group: Productivity/Networking/Security Provides: ssl AutoReqProv: on -Version: 0.9.8e -Release: 47 +Version: 0.9.8f +Release: 1 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -29,21 +29,14 @@ Source21: Equifax-root1.pem Patch0: openssl-0.9.8-sparc.dif Patch1: openssl-0.9.8-flags-priority.dif Patch2: non-exec-stack.diff -Patch4: openssl-CVE-2007-3108-bug296511.diff -Patch7: openssl-0.9.7f-ppc64.diff -Patch8: openssl-hppa-config.diff -Patch9: openssl-0.9.6g-alpha.diff +Patch3: openssl-0.9.7f-ppc64.diff +Patch4: openssl-hppa-config.diff +Patch5: openssl-0.9.6g-alpha.diff # http://www-124.ibm.com/developerworks/projects/libica/ #Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2 -Patch11: openssl-s390-config.diff -Patch20: openssl-0.9.8a.ca-app-segfault.bug128655.dif -Patch21: bswap.diff -Patch22: openssl-0.9.8-key_length.patch -Patch23: openssl-gcc42.patch -Patch24: openssl-gcc42_b.patch -Patch25: openssl-CVE-2007-5135.patch +Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif +Patch7: bswap.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: libopenssl0_9_8 %description The OpenSSL Project is a collaborative effort to develop a robust, @@ -192,18 +185,12 @@ Authors: %patch -p1 %patch1 -p1 %patch2 +%patch3 -p1 %patch4 -%patch7 -p1 -%patch8 -%patch9 -p1 +%patch5 -p1 #%patch10 -p1 -%patch11 -%patch20 -p1 -%patch21 -%patch22 -p1 -%patch23 -%patch24 -%patch25 -p1 +%patch6 -p1 +%patch7 cp -p %{S:10} . cp -p %{S:20} certs/ cp -p %{S:21} certs/ @@ -418,6 +405,16 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %defattr(-, root, root) %{ssletcdir}/certs %changelog +* Mon Oct 15 2007 - mkoenig@suse.de +- update to version 0.9.8f: + * fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995 +- patches merged upstream: + openssl-0.9.8-key_length.patch + openssl-CVE-2007-3108-bug296511 + openssl-CVE-2007-5135.patch + openssl-gcc42.patch + openssl-gcc42_b.patch + openssl-s390-config.diff * Mon Oct 01 2007 - mkoenig@suse.de - fix buffer overflow CVE-2007-5135 [#329208] * Wed Sep 05 2007 - mkoenig@suse.de