'[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/openssl/ openssl.patch o...'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openpkg-cvs
Subject:    [CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/openssl/ openssl.patch o...
From:       "Thomas Lotterer" <thl () openpkg ! org>
Date:       2003-09-30 12:46:23
[Download RAW message or body]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  thl@openpkg.org
  Module: openpkg-src openpkg-web          Date:   30-Sep-2003 14:46:23
  Branch: OPENPKG_1_2_SOLID HEAD           Handle: 2003093013462102

  Modified files:
    openpkg-web             news.txt
  Modified files:           (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/openssl     openssl.patch openssl.spec

  Log:
    SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545

  Summary:
    Revision    Changes     Path
    1.7.4.4     +66 -0      openpkg-src/openssl/openssl.patch
    1.37.2.1.2.6+1  -1      openpkg-src/openssl/openssl.spec
    1.6792      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.patch
  ============================================================================
  $ cvs diff -u -r1.7.4.3 -r1.7.4.4 openssl.patch
  --- openpkg-src/openssl/openssl.patch	20 Mar 2003 20:09:39 -0000	1.7.4.3
  +++ openpkg-src/openssl/openssl.patch	30 Sep 2003 12:46:23 -0000	1.7.4.4
  @@ -229,3 +229,69 @@
    			}
    	
    		s->session->master_key_length=
  +
  +-----------------------------------------------------------------------------
  +
  +Security Bugfixes
  +OpenPKG-SA-2003.044-openssl
  +http://www.openssl.org/news/secadv_20030930.txt
  +CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
  +
  +--- crypto/asn1/asn1_lib.c	Sun Sep 28 14:20:55 2003
  ++++ crypto/asn1/asn1_lib.c	Fri Sep 26 13:51:38 2003
  +@@ -104,10 +104,12 @@
  + 			l<<=7L;
  + 			l|= *(p++)&0x7f;
  + 			if (--max == 0) goto err;
  ++			if (l > (INT_MAX >> 7L)) goto err;
  + 			}
  + 		l<<=7L;
  + 		l|= *(p++)&0x7f;
  + 		tag=(int)l;
  ++		if (--max == 0) goto err;
  + 		}
  + 	else
  + 		{ 
  +--- crypto/asn1/tasn_dec.c	Sun Sep 28 14:20:55 2003
  ++++ crypto/asn1/tasn_dec.c	Fri Sep 26 13:51:38 2003
  +@@ -691,6 +691,7 @@
  + 
  + int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char \
*free_cont, const ASN1_ITEM *it)  + {
  ++	ASN1_VALUE **opval = NULL;
  + 	ASN1_STRING *stmp;
  + 	ASN1_TYPE *typ = NULL;
  + 	int ret = 0;
  +@@ -705,6 +706,7 @@
  + 			*pval = (ASN1_VALUE *)typ;
  + 		} else typ = (ASN1_TYPE *)*pval;
  + 		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
  ++		opval = pval;
  + 		pval = (ASN1_VALUE **)&typ->value.ptr;
  + 	}
  + 	switch(utype) {
  +@@ -796,7 +798,12 @@
  + 
  + 	ret = 1;
  + 	err:
  +-	if(!ret) ASN1_TYPE_free(typ);
  ++	if(!ret)
  ++		{
  ++		ASN1_TYPE_free(typ);
  ++		if (opval)
  ++			*opval = NULL;
  ++		}
  + 	return ret;
  + }
  + 
  +--- crypto/x509/x509_vfy.c	Sun Sep 28 14:20:55 2003
  ++++ crypto/x509/x509_vfy.c	Fri Sep 26 13:51:38 2003
  +@@ -674,7 +674,7 @@
  + 				ok=(*cb)(0,ctx);
  + 				if (!ok) goto end;
  + 				}
  +-			if (X509_verify(xs,pkey) <= 0)
  ++			else if (X509_verify(xs,pkey) <= 0)
  + 				/* XXX  For the final trusted self-signed cert,
  + 				 * this is a waste of time.  That check should
  + 				 * optional so that e.g. 'openssl x509' can be
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.spec
  ============================================================================
  $ cvs diff -u -r1.37.2.1.2.5 -r1.37.2.1.2.6 openssl.spec
  --- openpkg-src/openssl/openssl.spec	20 Mar 2003 20:09:39 -0000	1.37.2.1.2.5
  +++ openpkg-src/openssl/openssl.spec	30 Sep 2003 12:46:23 -0000	1.37.2.1.2.6
  @@ -33,7 +33,7 @@
   Group:        Cryptography
   License:      BSD-style
   Version:      0.9.7
  -Release:      1.2.3
  +Release:      1.2.4
   
   #   list of sources
   Source0:      ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.6791 -r1.6792 news.txt
  --- openpkg-web/news.txt	30 Sep 2003 12:45:40 -0000	1.6791
  +++ openpkg-web/news.txt	30 Sep 2003 12:46:21 -0000	1.6792
  @@ -1,3 +1,4 @@
  +30-Sep-2003: Upgraded package: P<openssl-0.9.7-1.2.4>
   30-Sep-2003: Upgraded package: P<openssl-0.9.7b-1.3.2>
   30-Sep-2003: Upgraded package: P<openssl-0.9.7b-20030930>
   29-Sep-2003: New package: P<vile-9.4-20030929>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic