rpm/xca
SHA256
1
0
Fork 0
forked from pool/xca
Code Pull Requests Activity

- added 0001-Fix-for-openssl-1.0.1i.patch

Browse Source 
From http://sourceforge.net/p/xca/patches/14/

OBS-URL: https://build.opensuse.org/package/show/security/xca?expand=0&rev=3
This commit is contained in:
Marcus Rückert 2014-10-09 10:33:42 +00:00 committed by Git OBS Bridge
parent e5a2cb3b6c
commit c4c7d739af
3 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
0001-Fix-for-openssl-1.0.1i.patch Normal file
View File

@ -0,0 +1,57 @@
From abd9d530776e8bb6d8f05312fc3ae3044796139c Mon Sep 17 00:00:00 2001
From: Oliver Winker <oliver@oli1170.net>
Date: Tue, 12 Aug 2014 19:08:05 +0200
Subject: [PATCH] Fix for openssl 1.0.1i
Fixes following application error
---
Errors
error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
---
Due to openssl 1.0.1i change:
---
commit 03b04ddac162c7b7fa3c57eadccc5a583a00d291
Author: Emilia Kasper <emilia@openssl.org>
Date: Wed Jul 2 19:02:33 2014 +0200
Fix OID handling:
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
---
lib/x509v3ext.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp
index cf74c32..d94cbda 100644
--- a/lib/x509v3ext.cpp
+++ b/lib/x509v3ext.cpp
@@ -27,6 +27,8 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n)
x509v3ext::x509v3ext(const x509v3ext &n)
{
ext = NULL;
+ if (!n.isValid())
+ return;
set(n.ext);
}
@@ -743,7 +745,7 @@ X509_EXTENSION *x509v3ext::get() const
bool x509v3ext::isValid() const
{
- return ext->value->length > 0 &&
+ return ext && ext->value && ext->value->length > 0 &&
OBJ_obj2nid(ext->object) != NID_undef;
}
--
2.0.1

6
xca.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Oct 9 10:29:12 UTC 2014 - mrueckert@suse.de
- added 0001-Fix-for-openssl-1.0.1i.patch
From http://sourceforge.net/p/xca/patches/14/
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 6 20:37:43 UTC 2012 - chris@computersalat.de Wed Jun 6 20:37:43 UTC 2012 - chris@computersalat.de

2
xca.spec
View File

@ -28,6 +28,7 @@ Autoreqprov: on
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
Patch0: %{name}-configure.patch Patch0: %{name}-configure.patch
Patch1: %{name}-desktop.patch Patch1: %{name}-desktop.patch
Patch2: 0001-Fix-for-openssl-1.0.1i.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gcc-c++ >= 3.1.0 BuildRequires: gcc-c++ >= 3.1.0
%if 0%{?sles_version} == 10 %if 0%{?sles_version} == 10
@ -61,6 +62,7 @@ Graphical certification authority is an interface for managing RSA keys and cert
%setup -n %{name}-%{version} %setup -n %{name}-%{version}
%patch0 %patch0
%patch1 %patch1
%patch2 -p1
CFLAGS="$RPM_OPT_FLAGS" \ CFLAGS="$RPM_OPT_FLAGS" \
prefix=%{_prefix} lib=%{_lib} libdir=%{_libdir} mandir=%{_mandir} ./configure prefix=%{_prefix} lib=%{_lib} libdir=%{_libdir} mandir=%{_mandir} ./configure