[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-cvs
Subject: [CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/openssl/ openssl.patch o...
From: "Thomas Lotterer" <thl () openpkg ! org>
Date: 2003-09-30 12:45:42
[Download RAW message or body]
OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: thl@openpkg.org
Module: openpkg-src openpkg-web Date: 30-Sep-2003 14:45:42
Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003093013454002
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/openssl openssl.patch openssl.spec
Log:
SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
Summary:
Revision Changes Path
1.7.2.3.2.2 +66 -0 openpkg-src/openssl/openssl.patch
1.37.2.5.2.3+1 -1 openpkg-src/openssl/openssl.spec
1.6791 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.patch
============================================================================
$ cvs diff -u -r1.7.2.3.2.1 -r1.7.2.3.2.2 openssl.patch
--- openpkg-src/openssl/openssl.patch 25 Sep 2003 12:41:58 -0000 1.7.2.3.2.1
+++ openpkg-src/openssl/openssl.patch 30 Sep 2003 12:45:42 -0000 1.7.2.3.2.2
@@ -9,3 +9,69 @@
{
next loop if (($p%$primes[$i]) == 0);
}
+
+-----------------------------------------------------------------------------
+
+Security Bugfixes
+OpenPKG-SA-2003.044-openssl
+http://www.openssl.org/news/secadv_20030930.txt
+CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
+
+--- crypto/asn1/asn1_lib.c Sun Sep 28 14:20:55 2003
++++ crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003
+@@ -104,10 +104,12 @@
+ l<<=7L;
+ l|= *(p++)&0x7f;
+ if (--max == 0) goto err;
++ if (l > (INT_MAX >> 7L)) goto err;
+ }
+ l<<=7L;
+ l|= *(p++)&0x7f;
+ tag=(int)l;
++ if (--max == 0) goto err;
+ }
+ else
+ {
+--- crypto/asn1/tasn_dec.c Sun Sep 28 14:20:55 2003
++++ crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003
+@@ -691,6 +691,7 @@
+
+ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char \
*free_cont, const ASN1_ITEM *it) + {
++ ASN1_VALUE **opval = NULL;
+ ASN1_STRING *stmp;
+ ASN1_TYPE *typ = NULL;
+ int ret = 0;
+@@ -705,6 +706,7 @@
+ *pval = (ASN1_VALUE *)typ;
+ } else typ = (ASN1_TYPE *)*pval;
+ if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
++ opval = pval;
+ pval = (ASN1_VALUE **)&typ->value.ptr;
+ }
+ switch(utype) {
+@@ -796,7 +798,12 @@
+
+ ret = 1;
+ err:
+- if(!ret) ASN1_TYPE_free(typ);
++ if(!ret)
++ {
++ ASN1_TYPE_free(typ);
++ if (opval)
++ *opval = NULL;
++ }
+ return ret;
+ }
+
+--- crypto/x509/x509_vfy.c Sun Sep 28 14:20:55 2003
++++ crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003
+@@ -674,7 +674,7 @@
+ ok=(*cb)(0,ctx);
+ if (!ok) goto end;
+ }
+- if (X509_verify(xs,pkey) <= 0)
++ else if (X509_verify(xs,pkey) <= 0)
+ /* XXX For the final trusted self-signed cert,
+ * this is a waste of time. That check should
+ * optional so that e.g. 'openssl x509' can be
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.spec
============================================================================
$ cvs diff -u -r1.37.2.5.2.2 -r1.37.2.5.2.3 openssl.spec
--- openpkg-src/openssl/openssl.spec 25 Sep 2003 12:41:58 -0000 1.37.2.5.2.2
+++ openpkg-src/openssl/openssl.spec 30 Sep 2003 12:45:42 -0000 1.37.2.5.2.3
@@ -33,7 +33,7 @@
Group: Cryptography
License: BSD-style
Version: 0.9.7b
-Release: 1.3.1
+Release: 1.3.2
# package options
%option with_zlib no
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6790 -r1.6791 news.txt
--- openpkg-web/news.txt 30 Sep 2003 12:44:29 -0000 1.6790
+++ openpkg-web/news.txt 30 Sep 2003 12:45:40 -0000 1.6791
@@ -1,3 +1,4 @@
+30-Sep-2003: Upgraded package: P<openssl-0.9.7b-1.3.2>
30-Sep-2003: Upgraded package: P<openssl-0.9.7b-20030930>
29-Sep-2003: New package: P<vile-9.4-20030929>
29-Sep-2003: Upgraded package: P<aegis-4.12-20030929>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic