testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=17

Browse Source
This commit is contained in:
OBS User unknown 2008-07-08 14:15:18 +00:00 committed by Git OBS Bridge
parent 8941772209
commit 2292bcfe4e
11 changed files with 33 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Equifax-root1.pem
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

28
ICP-Brasil.pem
View File

@ -1,28 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx
EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h
bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy
YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp
Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy
MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG
A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt
YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD
VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA
isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj
Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50
QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt
bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR
yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID
AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0
cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f
BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj
cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1
U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl
YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos
SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/
t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u
mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb
K+9A46sd33oqK8n8
-----END CERTIFICATE-----

1
baselibs.conf
View File

@ -1,3 +1,2 @@
openssl
libopenssl0_9_8
obsoletes "openssl-<targettype> <= <version>"

3
certs.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6b8dff8e46383f941bc1a6c084e40aad6a67699b9b814c9d1a0b2a17d3b84039
size 17917

64
openssl-0.9.8g-fix_dh_for_certain_moduli.patch
View File

@ -1,64 +0,0 @@
--- a/crypto/bn/bn_mul.c 2007/07/08 18:53:03 1.37
+++ b/crypto/bn/bn_mul.c 2007/11/03 20:09:04 1.38
@@ -389,6 +389,7 @@
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
* a[1]*b[1]
*/
+/* dnX may not be positive, but n2/2+dnX has to be */
void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
int dna, int dnb, BN_ULONG *t)
{
@@ -398,7 +399,7 @@
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
+ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
# endif
# ifdef BN_MUL_COMBA
# if 0
@@ -545,6 +546,7 @@
/* n+tn is the word length
* t needs to be n*4 is size, as does r */
+/* tnX may not be negative but less than n */
void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
int tna, int tnb, BN_ULONG *t)
{
@@ -553,8 +555,8 @@
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
- tna, n, tnb, n);
+ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+ n, tna, n, tnb);
# endif
if (n < 8)
{
@@ -655,16 +657,19 @@
for (;;)
{
i/=2;
- if (i <= tna && tna == tnb)
+ /* these simplified conditions work
+ * exclusively because difference
+ * between tna and tnb is 1 or 0 */
+ if (i < tna || i < tnb)
{
- bn_mul_recursive(&(r[n2]),
+ bn_mul_part_recursive(&(r[n2]),
&(a[n]),&(b[n]),
i,tna-i,tnb-i,p);
break;
}
- else if (i < tna || i < tnb)
+ else if (i == tna || i == tnb)
{
- bn_mul_part_recursive(&(r[n2]),
+ bn_mul_recursive(&(r[n2]),
&(a[n]),&(b[n]),
i,tna-i,tnb-i,p);
break;

3
openssl-0.9.8g.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0fd6bbd50a17a630f81a0e5e036900c5ac67eec731efd379b8116a48e28405ae
size 2681538

3
openssl-0.9.8h.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9b7d2a06182fa4e821c436dafc8378c63007606bd47bf431974994867043ea4c
size 2734835

15
openssl-CVE-2008-0891.patch
View File

@ -1,15 +0,0 @@
Index: ssl/t1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.8
diff -u -r1.13.2.8 t1_lib.c
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
@@ -381,6 +381,7 @@
s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) {
OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}

21
openssl-CVE-2008-1672.patch
View File

@ -1,21 +0,0 @@
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.12
diff -u -r1.88.2.12 s3_clnt.c
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
@@ -2061,6 +2061,13 @@
{
DH *dh_srvr,*dh_clnt;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp;
else

12
openssl.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Tue Jun 24 09:09:04 CEST 2008 - mkoenig@suse.de
- update to version 0.9.8h
- openssl does not ship CA root certificates anymore
keep certificates that SuSE is already shipping
- resolves bad array index (function has been removed) [bnc#356549]
- removed patches
openssl-0.9.8g-fix_dh_for_certain_moduli.patch
openssl-CVE-2008-0891.patch
openssl-CVE-2008-1672.patch
-------------------------------------------------------------------
Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de

28
openssl.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package openssl (Version 0.9.8g)
# spec file for package openssl (Version 0.9.8h)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -19,14 +19,13 @@ License: BSD 3-Clause
Group: Productivity/Networking/Security
Provides: ssl
AutoReqProv: on
Version: 0.9.8g
Release: 46
Version: 0.9.8h
Release: 1
Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
Source1: certs.tar.bz2
Source10: README.SuSE
Source20: ICP-Brasil.pem
Source21: Equifax-root1.pem
Patch0: openssl-0.9.8-sparc.dif
Patch1: openssl-0.9.8-flags-priority.dif
Patch2: non-exec-stack.diff
@ -37,9 +36,6 @@ Patch5: openssl-0.9.6g-alpha.diff
#Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2
Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif
Patch7: bswap.diff
Patch8: openssl-0.9.8g-fix_dh_for_certain_moduli.patch
Patch9: openssl-CVE-2008-0891.patch
Patch10: openssl-CVE-2008-1672.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -199,12 +195,8 @@ Authors:
#%patch10 -p1
%patch6 -p1
%patch7
%patch8 -p1
%patch9
%patch10
cp -p %{S:10} .
cp -p %{S:20} certs/
cp -p %{S:21} certs/
tar xjf %{SOURCE1}
# lib64 installation fixes
for i in Makefile.org engines/Makefile; do
sed -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/%_lib+g" \
@ -407,6 +399,7 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%{ssletcdir}/certs
%dir %{_datadir}/ssl
%{_datadir}/ssl/misc
%{_bindir}/c_rehash
@ -417,6 +410,15 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%{ssletcdir}/certs
%changelog
* Tue Jun 24 2008 mkoenig@suse.de
- update to version 0.9.8h
- openssl does not ship CA root certificates anymore
keep certificates that SuSE is already shipping
- resolves bad array index (function has been removed) [bnc#356549]
- removed patches
openssl-0.9.8g-fix_dh_for_certain_moduli.patch
openssl-CVE-2008-0891.patch
openssl-CVE-2008-1672.patch
* Wed May 28 2008 mkoenig@suse.de
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)