testing/openssl-3
SHA256
3
0
Fork 0
forked from pool/openssl-3
Code Pull Requests Activity

Accepting request 1042985 from home:ohollmann:branches:security:tls

Browse Source 
- Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996]
  * Add patch: openssl-3-Fix-double-locking-problem.patch

OBS-URL: https://build.opensuse.org/request/show/1042985
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=49
This commit is contained in:
Pedro Monreal Gonzalez 2022-12-14 20:21:17 +00:00 committed by Git OBS Bridge
parent c7c7fd87d3
commit 0028006287
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
openssl-3-Fix-double-locking-problem.patch Normal file
View File

@ -0,0 +1,34 @@
From 4d0340a6d2f327700a059f0b8f954d6160f8eef5 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Fri, 11 Nov 2022 09:40:19 +1100
Subject: [PATCH] x509: fix double locking problem
This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
redundant flag setting.
Fixes #19643
Fixes LOW CVE-2022-3996
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19652)
---
crypto/x509/pcy_map.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
index 05406c6493f..60dfd1e3203 100644
--- a/crypto/x509/pcy_map.c
+++ b/crypto/x509/pcy_map.c
@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
ret = 1;
bad_mapping:
- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
- x->ex_flags |= EXFLAG_INVALID_POLICY;
- CRYPTO_THREAD_unlock(x->lock);
- }
sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
return ret;

6
openssl-3.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Dec 14 16:38:05 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
- Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996]
* Add patch: openssl-3-Fix-double-locking-problem.patch
-------------------------------------------------------------------
Tue Nov 1 18:29:41 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>

2
openssl-3.spec
View File

@ -48,6 +48,8 @@ Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch
# use openssl3.cnf
Patch9: openssl-use-versioned-config.patch
Patch10: fix-config-in-tests.patch
# PATCH-FIX-UPSTREAM bsc#1206374 CVE-2022-3996 X.509 Policy Constraints Double Locking
Patch11: openssl-3-Fix-double-locking-problem.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
# Add requires for ct_log_list.cnf{,.dist}