[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-cvs
Subject: [CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/openssl/ openssl.patch o...
From: "Thomas Lotterer" <thl () openpkg ! org>
Date: 2003-09-30 12:46:23
[Download RAW message or body]
OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: thl@openpkg.org
Module: openpkg-src openpkg-web Date: 30-Sep-2003 14:46:23
Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003093013462102
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/openssl openssl.patch openssl.spec
Log:
SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
Summary:
Revision Changes Path
1.7.4.4 +66 -0 openpkg-src/openssl/openssl.patch
1.37.2.1.2.6+1 -1 openpkg-src/openssl/openssl.spec
1.6792 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.patch
============================================================================
$ cvs diff -u -r1.7.4.3 -r1.7.4.4 openssl.patch
--- openpkg-src/openssl/openssl.patch 20 Mar 2003 20:09:39 -0000 1.7.4.3
+++ openpkg-src/openssl/openssl.patch 30 Sep 2003 12:46:23 -0000 1.7.4.4
@@ -229,3 +229,69 @@
}
s->session->master_key_length=
+
+-----------------------------------------------------------------------------
+
+Security Bugfixes
+OpenPKG-SA-2003.044-openssl
+http://www.openssl.org/news/secadv_20030930.txt
+CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
+
+--- crypto/asn1/asn1_lib.c Sun Sep 28 14:20:55 2003
++++ crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003
+@@ -104,10 +104,12 @@
+ l<<=7L;
+ l|= *(p++)&0x7f;
+ if (--max == 0) goto err;
++ if (l > (INT_MAX >> 7L)) goto err;
+ }
+ l<<=7L;
+ l|= *(p++)&0x7f;
+ tag=(int)l;
++ if (--max == 0) goto err;
+ }
+ else
+ {
+--- crypto/asn1/tasn_dec.c Sun Sep 28 14:20:55 2003
++++ crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003
+@@ -691,6 +691,7 @@
+
+ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char \
*free_cont, const ASN1_ITEM *it) + {
++ ASN1_VALUE **opval = NULL;
+ ASN1_STRING *stmp;
+ ASN1_TYPE *typ = NULL;
+ int ret = 0;
+@@ -705,6 +706,7 @@
+ *pval = (ASN1_VALUE *)typ;
+ } else typ = (ASN1_TYPE *)*pval;
+ if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
++ opval = pval;
+ pval = (ASN1_VALUE **)&typ->value.ptr;
+ }
+ switch(utype) {
+@@ -796,7 +798,12 @@
+
+ ret = 1;
+ err:
+- if(!ret) ASN1_TYPE_free(typ);
++ if(!ret)
++ {
++ ASN1_TYPE_free(typ);
++ if (opval)
++ *opval = NULL;
++ }
+ return ret;
+ }
+
+--- crypto/x509/x509_vfy.c Sun Sep 28 14:20:55 2003
++++ crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003
+@@ -674,7 +674,7 @@
+ ok=(*cb)(0,ctx);
+ if (!ok) goto end;
+ }
+- if (X509_verify(xs,pkey) <= 0)
++ else if (X509_verify(xs,pkey) <= 0)
+ /* XXX For the final trusted self-signed cert,
+ * this is a waste of time. That check should
+ * optional so that e.g. 'openssl x509' can be
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.spec
============================================================================
$ cvs diff -u -r1.37.2.1.2.5 -r1.37.2.1.2.6 openssl.spec
--- openpkg-src/openssl/openssl.spec 20 Mar 2003 20:09:39 -0000 1.37.2.1.2.5
+++ openpkg-src/openssl/openssl.spec 30 Sep 2003 12:46:23 -0000 1.37.2.1.2.6
@@ -33,7 +33,7 @@
Group: Cryptography
License: BSD-style
Version: 0.9.7
-Release: 1.2.3
+Release: 1.2.4
# list of sources
Source0: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6791 -r1.6792 news.txt
--- openpkg-web/news.txt 30 Sep 2003 12:45:40 -0000 1.6791
+++ openpkg-web/news.txt 30 Sep 2003 12:46:21 -0000 1.6792
@@ -1,3 +1,4 @@
+30-Sep-2003: Upgraded package: P<openssl-0.9.7-1.2.4>
30-Sep-2003: Upgraded package: P<openssl-0.9.7b-1.3.2>
30-Sep-2003: Upgraded package: P<openssl-0.9.7b-20030930>
29-Sep-2003: New package: P<vile-9.4-20030929>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic