diff --git a/openssl-1.0.0a-CVE-2006-7250_CVE-2012-1165.diff b/openssl-1.0.0a-CVE-2006-7250_CVE-2012-1165.diff new file mode 100644 index 0000000..1b8348b --- /dev/null +++ b/openssl-1.0.0a-CVE-2006-7250_CVE-2012-1165.diff @@ -0,0 +1,26 @@ + +http://cvs.openssl.org/chngview?cn=22144 (CVE-2006-7250) +http://cvs.openssl.org/chngview?cn=22252 (CVE-2012-1165) + +The CVE-2012-1165 fix corrects the CVE-2006-7250 fix + +--- crypto/asn1/asn_mime.c 2008-08-05 15:55:53.000000000 +0000 ++++ crypto/asn1/asn_mime.c.oden 2012-03-26 10:52:42.000000000 +0000 +@@ -858,12 +858,17 @@ static int mime_hdr_addparam(MIME_HEADER + static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b) + { ++ if (!(*a)->name || !(*b)->name) ++ return !!(*a)->name - !!(*b)->name; ++ + return(strcmp((*a)->name, (*b)->name)); + } + + static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b) + { ++ if (!(*a)->param_name || !(*b)->param_name) ++ return !!(*a)->param_name - !!(*b)->param_name; + return(strcmp((*a)->param_name, (*b)->param_name)); + } + diff --git a/openssl-1.0.0a-CVE-2011-4576.diff b/openssl-1.0.0a-CVE-2011-4576.diff new file mode 100644 index 0000000..601389b --- /dev/null +++ b/openssl-1.0.0a-CVE-2011-4576.diff @@ -0,0 +1,15 @@ + +http://cvs.openssl.org/chngview?cn=21940 + +--- ssl/s3_enc.c 2009-04-16 17:22:50.000000000 +0000 ++++ ssl/s3_enc.c.oden 2012-01-09 14:15:06.000000000 +0000 +@@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send) + + /* we need to add 'i-1' padding bytes */ + l+=i; ++ /* the last of these zero bytes will be overwritten ++ * with the padding length. */ ++ memset(&rec->input[rec->length], 0, i); + rec->length+=i; + rec->input[l-1]=(i-1); + } diff --git a/openssl-1.0.0a-CVE-2011-4619.diff b/openssl-1.0.0a-CVE-2011-4619.diff new file mode 100644 index 0000000..f2a9902 --- /dev/null +++ b/openssl-1.0.0a-CVE-2011-4619.diff @@ -0,0 +1,97 @@ + +http://cvs.openssl.org/chngview?cn=21927 +http://cvs.openssl.org/chngview?cn=21930 + +diff -Naurp openssl-1.0.0a/ssl/s3_srvr.c openssl-1.0.0a.oden/ssl/s3_srvr.c +--- openssl-1.0.0a/ssl/s3_srvr.c 2012-01-09 14:49:57.000000000 +0000 ++++ openssl-1.0.0a.oden/ssl/s3_srvr.c 2012-01-09 14:53:04.000000000 +0000 +@@ -258,6 +258,7 @@ int ssl3_accept(SSL *s) + } + + s->init_num=0; ++ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; + + if (s->state != SSL_ST_RENEGOTIATE) + { +@@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s) + int ok; + long n; + ++ /* We only allow the client to restart the handshake once per ++ * negotiation. */ ++ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) ++ { ++ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); ++ return -1; ++ } ++ + /* this function is called when we really expect a Certificate message, + * so permit appropriate message length */ + n=s->method->ssl_get_message(s, +@@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s) + s->s3->tmp.ecdh = NULL; + } + #endif ++ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; + return 2; + } + return 1; +diff -Naurp openssl-1.0.0a/ssl/ssl.h openssl-1.0.0a.oden/ssl/ssl.h +--- openssl-1.0.0a/ssl/ssl.h 2010-01-06 17:37:38.000000000 +0000 ++++ openssl-1.0.0a.oden/ssl/ssl.h 2012-01-09 14:53:04.000000000 +0000 +@@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL3_CALLBACK_CTRL 233 + #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 + #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 ++#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 + #define SSL_F_SSL3_CLIENT_HELLO 131 + #define SSL_F_SSL3_CONNECT 132 + #define SSL_F_SSL3_CTRL 213 +@@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_MISSING_TMP_RSA_KEY 172 + #define SSL_R_MISSING_TMP_RSA_PKEY 173 + #define SSL_R_MISSING_VERIFY_MESSAGE 174 ++#define SSL_R_MULTIPLE_SGC_RESTARTS 346 + #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 + #define SSL_R_NO_CERTIFICATES_RETURNED 176 + #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +diff -Naurp openssl-1.0.0a/ssl/ssl3.h openssl-1.0.0a.oden/ssl/ssl3.h +--- openssl-1.0.0a/ssl/ssl3.h 2010-01-06 17:37:38.000000000 +0000 ++++ openssl-1.0.0a.oden/ssl/ssl3.h 2012-01-09 14:53:07.000000000 +0000 +@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st + #define SSL3_FLAGS_POP_BUFFER 0x0004 + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 ++ ++/* SSL3_FLAGS_SGC_RESTART_DONE is set when we ++ * restart a handshake because of MS SGC and so prevents us ++ * from restarting the handshake in a loop. It's reset on a ++ * renegotiation, so effectively limits the client to one restart ++ * per negotiation. This limits the possibility of a DDoS ++ * attack where the client handshakes in a loop using SGC to ++ * restart. Servers which permit renegotiation can still be ++ * effected, but we can't prevent that. ++ */ ++#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + + typedef struct ssl3_state_st + { +diff -Naurp openssl-1.0.0a/ssl/ssl_err.c openssl-1.0.0a.oden/ssl/ssl_err.c +--- openssl-1.0.0a/ssl/ssl_err.c 2010-01-06 17:37:38.000000000 +0000 ++++ openssl-1.0.0a.oden/ssl/ssl_err.c 2012-01-09 14:53:04.000000000 +0000 +@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]= + {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, ++{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, + {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, +@@ -397,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, + {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, ++{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, + {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, + {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, diff --git a/openssl-1.0.0a-CVE-2012-0027.diff b/openssl-1.0.0a-CVE-2012-0027.diff new file mode 100644 index 0000000..ef3b28f --- /dev/null +++ b/openssl-1.0.0a-CVE-2012-0027.diff @@ -0,0 +1,31 @@ + +http://cvs.openssl.org/chngview?cn=21957 + +diff -Naurp openssl-1.0.0a/engines/ccgost/gost2001_keyx.c openssl-1.0.0a.oden/engines/ccgost/gost2001_keyx.c +--- openssl-1.0.0a/engines/ccgost/gost2001_keyx.c 2009-06-16 16:39:20.000000000 +0000 ++++ openssl-1.0.0a.oden/engines/ccgost/gost2001_keyx.c 2012-01-09 14:56:51.000000000 +0000 +@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX * + } + + param = get_encryption_params(gkt->key_agreement_info->cipher); ++ if(!param){ ++ goto err; ++ } ++ + gost_init(&ctx,param->sblock); + OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); + memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); +diff -Naurp openssl-1.0.0a/engines/ccgost/gost94_keyx.c openssl-1.0.0a.oden/engines/ccgost/gost94_keyx.c +--- openssl-1.0.0a/engines/ccgost/gost94_keyx.c 2010-05-22 00:40:58.000000000 +0000 ++++ openssl-1.0.0a.oden/engines/ccgost/gost94_keyx.c 2012-01-09 14:56:51.000000000 +0000 +@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX * + } + + param = get_encryption_params(gkt->key_agreement_info->cipher); ++ if(!param){ ++ goto err; ++ } ++ + gost_init(&cctx,param->sblock); + OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); + memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); diff --git a/openssl-1.0.0a-CVE-2012-2110.diff b/openssl-1.0.0a-CVE-2012-2110.diff new file mode 100644 index 0000000..eadfb3d --- /dev/null +++ b/openssl-1.0.0a-CVE-2012-2110.diff @@ -0,0 +1,182 @@ + +http://cvs.openssl.org/chngview?cn=22434 + +diff -Naurp openssl-1.0.0a/crypto/asn1/a_d2i_fp.c openssl-1.0.0a.oden/crypto/asn1/a_d2i_fp.c +--- openssl-1.0.0a/crypto/asn1/a_d2i_fp.c 2005-05-09 00:27:32.000000000 +0000 ++++ openssl-1.0.0a.oden/crypto/asn1/a_d2i_fp.c 2012-04-19 13:56:42.000000000 +0000 +@@ -57,6 +57,7 @@ + */ + + #include ++#include + #include "cryptlib.h" + #include + #include +@@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BU + BUF_MEM *b; + unsigned char *p; + int i; +- int ret=-1; + ASN1_const_CTX c; +- int want=HEADER_SIZE; ++ size_t want=HEADER_SIZE; + int eos=0; +-#if defined(__GNUC__) && defined(__ia64) +- /* pathetic compiler bug in all known versions as of Nov. 2002 */ +- long off=0; +-#else +- int off=0; +-#endif +- int len=0; ++ size_t off=0; ++ size_t len=0; + + b=BUF_MEM_new(); + if (b == NULL) +@@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BU + { + want-=(len-off); + +- if (!BUF_MEM_grow_clean(b,len+want)) ++ if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); + goto err; +@@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BU + goto err; + } + if (i > 0) ++ { ++ if (len+i < len) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } + len+=i; ++ } + } + /* else data already loaded */ + +@@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BU + { + /* no data body so go round again */ + eos++; ++ if (eos < 0) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); ++ goto err; ++ } + want=HEADER_SIZE; + } + else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) +@@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BU + else + { + /* suck in c.slen bytes of data */ +- want=(int)c.slen; ++ want=c.slen; + if (want > (len-off)) + { + want-=(len-off); ++ if (want > INT_MAX /* BIO_read takes an int length */ || ++ len+want < len) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } + if (!BUF_MEM_grow_clean(b,len+want)) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); +@@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BU + ASN1_R_NOT_ENOUGH_DATA); + goto err; + } ++ /* This can't overflow because ++ * |len+want| didn't overflow. */ + len+=i; +- want -= i; ++ want-=i; + } + } +- off+=(int)c.slen; ++ if (off + c.slen < off) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } ++ off+=c.slen; + if (eos <= 0) + { + break; +@@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BU + } + } + ++ if (off > INT_MAX) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } ++ + *pb = b; + return off; + err: + if (b != NULL) BUF_MEM_free(b); +- return(ret); ++ return -1; + } +diff -Naurp openssl-1.0.0a/crypto/buffer/buffer.c openssl-1.0.0a.oden/crypto/buffer/buffer.c +--- openssl-1.0.0a/crypto/buffer/buffer.c 2007-10-09 15:52:07.000000000 +0000 ++++ openssl-1.0.0a.oden/crypto/buffer/buffer.c 2012-04-19 13:58:39.000000000 +0000 +@@ -60,6 +60,11 @@ + #include "cryptlib.h" + #include + ++/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That ++ * function is applied in several functions in this file and this limit ensures ++ * that the result fits in an int. */ ++#define LIMIT_BEFORE_EXPANSION 0x5ffffffc ++ + BUF_MEM *BUF_MEM_new(void) + { + BUF_MEM *ret; +@@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t le + str->length=len; + return(len); + } ++ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ ++ if (len > LIMIT_BEFORE_EXPANSION) ++ { ++ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); +@@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, siz + str->length=len; + return(len); + } ++ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ ++ if (len > LIMIT_BEFORE_EXPANSION) ++ { ++ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); +diff -Naurp openssl-1.0.0a/crypto/mem.c openssl-1.0.0a.oden/crypto/mem.c +--- openssl-1.0.0a/crypto/mem.c 2008-11-12 03:57:47.000000000 +0000 ++++ openssl-1.0.0a.oden/crypto/mem.c 2012-04-19 13:58:12.000000000 +0000 +@@ -361,6 +361,10 @@ void *CRYPTO_realloc_clean(void *str, in + + if (num <= 0) return NULL; + ++ /* We don't support shrinking the buffer. Note the memcpy that copies ++ * |old_len| bytes to the new buffer, below. */ ++ if (num < old_len) return NULL; ++ + if (realloc_debug_func != NULL) + realloc_debug_func(str, NULL, num, file, line, 0); + ret=malloc_ex_func(num,file,line); diff --git a/openssl-1.0.0d-CVE-2011-1945.diff b/openssl-1.0.0d-CVE-2011-1945.diff new file mode 100644 index 0000000..c36dc9c --- /dev/null +++ b/openssl-1.0.0d-CVE-2011-1945.diff @@ -0,0 +1,45 @@ + +http://cvs.openssl.org/chngview?cn=20894 +http://cvs.openssl.org/chngview?cn=21300 +http://cvs.openssl.org/chngview?cn=20898 + +diff -Naurp openssl-1.0.0d/crypto/ecdsa/ecs_ossl.c openssl-1.0.0d.oden/crypto/ecdsa/ecs_ossl.c +--- openssl-1.0.0d/crypto/ecdsa/ecs_ossl.c 2009-12-01 17:32:33.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/ecdsa/ecs_ossl.c 2011-09-23 11:37:34.000000000 +0000 +@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke + } + while (BN_is_zero(k)); + ++ /* We do not want timing information to leak the length of k, ++ * so we compute G*k using an equivalent scalar of fixed ++ * bit-length. */ ++ ++ if (!BN_add(k, k, order)) goto err; ++ if (BN_num_bits(k) <= BN_num_bits(order)) ++ if (!BN_add(k, k, order)) goto err; ++ + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) + { +diff -Naurp openssl-1.0.0d/crypto/ocsp/ocsp_lib.c openssl-1.0.0d.oden/crypto/ocsp/ocsp_lib.c +--- openssl-1.0.0d/crypto/ocsp/ocsp_lib.c 2006-11-13 13:18:28.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/ocsp/ocsp_lib.c 2011-09-23 11:37:38.000000000 +0000 +@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **pho + + char *host, *port; + +- /* dup the buffer since we are going to mess with it */ +- buf = BUF_strdup(url); +- if (!buf) goto mem_err; +- + *phost = NULL; + *pport = NULL; + *ppath = NULL; + ++ /* dup the buffer since we are going to mess with it */ ++ buf = BUF_strdup(url); ++ if (!buf) goto mem_err; ++ + /* Check for initial colon */ + p = strchr(buf, ':'); + diff --git a/openssl-1.0.0d-CVE-2011-3207.diff b/openssl-1.0.0d-CVE-2011-3207.diff new file mode 100644 index 0000000..616984c --- /dev/null +++ b/openssl-1.0.0d-CVE-2011-3207.diff @@ -0,0 +1,23 @@ + +http://cvs.openssl.org/chngview?cn=21349 + +--- crypto/x509/x509_vfy.c 2010-11-02 15:57:40.000000000 +0000 ++++ crypto/x509/x509_vfy.c.oden 2011-09-23 06:35:37.000000000 +0000 +@@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ct + x = sk_X509_value(ctx->chain, cnum); + ctx->current_cert = x; + ctx->current_issuer = NULL; ++ ctx->current_crl_score = 0; + ctx->current_reasons = 0; + while (ctx->current_reasons != CRLDP_ALL_REASONS) + { +@@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX * + ctx->error_depth=0; + ctx->current_cert=NULL; + ctx->current_issuer=NULL; ++ ctx->current_crl=NULL; ++ ctx->current_crl_score=0; ++ ctx->current_reasons=0; + ctx->tree = NULL; + ctx->parent = NULL; + diff --git a/openssl-1.0.0d-CVE-2011-3210.diff b/openssl-1.0.0d-CVE-2011-3210.diff new file mode 100644 index 0000000..7b59638 --- /dev/null +++ b/openssl-1.0.0d-CVE-2011-3210.diff @@ -0,0 +1,112 @@ + +http://cvs.openssl.org/chngview?cn=21337 + +diff -Naurp openssl-1.0.0d/ssl/d1_srvr.c openssl-1.0.0d.oden/ssl/d1_srvr.c +--- openssl-1.0.0d/ssl/d1_srvr.c 2010-02-01 16:49:42.000000000 +0000 ++++ openssl-1.0.0d.oden/ssl/d1_srvr.c 2011-09-23 06:39:03.000000000 +0000 +@@ -1017,12 +1017,11 @@ int dtls1_send_server_key_exchange(SSL * + SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); + goto err; + } +- if (!EC_KEY_up_ref(ecdhp)) ++ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) + { + SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); + goto err; + } +- ecdh = ecdhp; + + s->s3->tmp.ecdh=ecdh; + if ((EC_KEY_get0_public_key(ecdh) == NULL) || +diff -Naurp openssl-1.0.0d/ssl/s3_lib.c openssl-1.0.0d.oden/ssl/s3_lib.c +--- openssl-1.0.0d/ssl/s3_lib.c 2009-10-16 15:24:19.000000000 +0000 ++++ openssl-1.0.0d.oden/ssl/s3_lib.c 2011-09-23 06:39:03.000000000 +0000 +@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s) + } + #ifndef OPENSSL_NO_DH + if (s->s3->tmp.dh != NULL) ++ { + DH_free(s->s3->tmp.dh); ++ s->s3->tmp.dh = NULL; ++ } + #endif + #ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) ++ { + EC_KEY_free(s->s3->tmp.ecdh); ++ s->s3->tmp.ecdh = NULL; ++ } + #endif + + rp = s->s3->rbuf.buf; +diff -Naurp openssl-1.0.0d/ssl/s3_srvr.c openssl-1.0.0d.oden/ssl/s3_srvr.c +--- openssl-1.0.0d/ssl/s3_srvr.c 2010-12-02 18:24:55.000000000 +0000 ++++ openssl-1.0.0d.oden/ssl/s3_srvr.c 2011-09-23 06:39:03.000000000 +0000 +@@ -768,9 +768,7 @@ int ssl3_check_client_hello(SSL *s) + if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) + { + /* Throw away what we have done so far in the current handshake, +- * which will now be aborted. (A full SSL_clear would be too much.) +- * I hope that tmp.dh is the only thing that may need to be cleared +- * when a handshake is not completed ... */ ++ * which will now be aborted. (A full SSL_clear would be too much.) */ + #ifndef OPENSSL_NO_DH + if (s->s3->tmp.dh != NULL) + { +@@ -778,6 +776,13 @@ int ssl3_check_client_hello(SSL *s) + s->s3->tmp.dh = NULL; + } + #endif ++#ifndef OPENSSL_NO_ECDH ++ if (s->s3->tmp.ecdh != NULL) ++ { ++ EC_KEY_free(s->s3->tmp.ecdh); ++ s->s3->tmp.ecdh = NULL; ++ } ++#endif + return 2; + } + return 1; +@@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s + + if (s->s3->tmp.dh != NULL) + { +- DH_free(dh); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } +@@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s + + if (s->s3->tmp.ecdh != NULL) + { +- EC_KEY_free(s->s3->tmp.ecdh); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } +@@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); + goto err; + } +- if (!EC_KEY_up_ref(ecdhp)) ++ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); + goto err; + } +- ecdh = ecdhp; + + s->s3->tmp.ecdh=ecdh; + if ((EC_KEY_get0_public_key(ecdh) == NULL) || +@@ -2440,6 +2442,12 @@ int ssl3_get_client_key_exchange(SSL *s) + /* Get encoded point length */ + i = *p; + p += 1; ++ if (n != 1 + i) ++ { ++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ++ ERR_R_EC_LIB); ++ goto err; ++ } + if (EC_POINT_oct2point(group, + clnt_ecpoint, p, i, bn_ctx) == 0) + { diff --git a/openssl-1.0.0d-CVE-2011-4108.diff b/openssl-1.0.0d-CVE-2011-4108.diff new file mode 100644 index 0000000..a4d2db2 --- /dev/null +++ b/openssl-1.0.0d-CVE-2011-4108.diff @@ -0,0 +1,68 @@ + +http://cvs.openssl.org/chngview?cn=21931 + +--- ssl/d1_pkt.c 2011-01-04 19:33:22.000000000 +0000 ++++ ssl/d1_pkt.c.oden 2012-01-09 15:18:39.000000000 +0000 +@@ -375,6 +375,7 @@ dtls1_process_record(SSL *s) + SSL3_RECORD *rr; + unsigned int mac_size; + unsigned char md[EVP_MAX_MD_SIZE]; ++ int decryption_failed_or_bad_record_mac = 0; + + + rr= &(s->s3->rrec); +@@ -409,13 +410,10 @@ dtls1_process_record(SSL *s) + enc_err = s->method->ssl3_enc->enc(s,0); + if (enc_err <= 0) + { +- if (enc_err == 0) +- /* SSLerr() and ssl3_send_alert() have been called */ +- goto err; +- +- /* otherwise enc_err == -1 */ +- al=SSL_AD_BAD_RECORD_MAC; +- goto f_err; ++ /* To minimize information leaked via timing, we will always ++ * perform all computations before discarding the message. ++ */ ++ decryption_failed_or_bad_record_mac = 1; + } + + #ifdef TLS_DEBUG +@@ -445,7 +443,7 @@ printf("\n"); + SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); + goto f_err; + #else +- goto err; ++ decryption_failed_or_bad_record_mac = 1; + #endif + } + /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ +@@ -456,17 +454,25 @@ printf("\n"); + SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); + goto f_err; + #else +- goto err; ++ decryption_failed_or_bad_record_mac = 1; + #endif + } + rr->length-=mac_size; + i=s->method->ssl3_enc->mac(s,md,0); + if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + { +- goto err; ++ decryption_failed_or_bad_record_mac = 1; + } + } + ++ if (decryption_failed_or_bad_record_mac) ++ { ++ /* decryption failed, silently discard message */ ++ rr->length = 0; ++ s->packet_length = 0; ++ goto err; ++ } ++ + /* r->length is now just compressed */ + if (s->expand != NULL) + { diff --git a/openssl-1.0.0d-CVE-2012-0050.diff b/openssl-1.0.0d-CVE-2012-0050.diff new file mode 100644 index 0000000..9bae085 --- /dev/null +++ b/openssl-1.0.0d-CVE-2012-0050.diff @@ -0,0 +1,39 @@ + +http://cvs.openssl.org/chngview?cn=22037 + +--- ssl/d1_pkt.c 2012-01-29 10:39:58.000000000 +0000 ++++ ssl/d1_pkt.c.oden 2012-01-29 10:39:45.000000000 +0000 +@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s) + unsigned int mac_size; + unsigned char md[EVP_MAX_MD_SIZE]; + int decryption_failed_or_bad_record_mac = 0; ++ unsigned char *mac = NULL; + + + rr= &(s->s3->rrec); +@@ -447,19 +448,15 @@ printf("\n"); + #endif + } + /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ +- if (rr->length < mac_size) ++ if (rr->length >= mac_size) + { +-#if 0 /* OK only for stream ciphers */ +- al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); +- goto f_err; +-#else +- decryption_failed_or_bad_record_mac = 1; +-#endif ++ rr->length -= mac_size; ++ mac = &rr->data[rr->length]; + } +- rr->length-=mac_size; ++ else ++ rr->length = 0; + i=s->method->ssl3_enc->mac(s,md,0); +- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) ++ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) + { + decryption_failed_or_bad_record_mac = 1; + } diff --git a/openssl-1.0.0d-CVE-2012-0884.diff b/openssl-1.0.0d-CVE-2012-0884.diff new file mode 100644 index 0000000..29ca28c --- /dev/null +++ b/openssl-1.0.0d-CVE-2012-0884.diff @@ -0,0 +1,363 @@ + +http://cvs.openssl.org/chngview?cn=22228 + +diff -Naurp openssl-1.0.0d/crypto/cms/cms.h openssl-1.0.0d.oden/crypto/cms/cms.h +--- openssl-1.0.0d/crypto/cms/cms.h 2008-05-02 17:27:00.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/cms/cms.h 2012-03-26 11:45:36.000000000 +0000 +@@ -111,6 +111,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentI + #define CMS_PARTIAL 0x4000 + #define CMS_REUSE_DIGEST 0x8000 + #define CMS_USE_KEYID 0x10000 ++#define CMS_DEBUG_DECRYPT 0x20000 + + const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +diff -Naurp openssl-1.0.0d/crypto/cms/cms_enc.c openssl-1.0.0d.oden/crypto/cms/cms_enc.c +--- openssl-1.0.0d/crypto/cms/cms_enc.c 2008-03-29 21:08:37.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/cms/cms_enc.c 2012-03-26 11:45:36.000000000 +0000 +@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + const EVP_CIPHER *ciph; + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; ++ unsigned char *tkey = NULL; ++ size_t tkeylen; + + int ok = 0; + +@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } +- +- +- if (enc && !ec->key) ++ /* Generate random session key */ ++ if (!enc || !ec->key) + { +- /* Generate random key */ +- if (!ec->keylen) +- ec->keylen = EVP_CIPHER_CTX_key_length(ctx); +- ec->key = OPENSSL_malloc(ec->keylen); +- if (!ec->key) ++ tkeylen = EVP_CIPHER_CTX_key_length(ctx); ++ tkey = OPENSSL_malloc(tkeylen); ++ if (!tkey) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + goto err; + } +- if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0) ++ if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0) + goto err; +- keep_key = 1; + } +- else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx)) ++ ++ if (!ec->key) ++ { ++ ec->key = tkey; ++ ec->keylen = tkeylen; ++ tkey = NULL; ++ if (enc) ++ keep_key = 1; ++ else ++ ERR_clear_error(); ++ ++ } ++ ++ if (ec->keylen != tkeylen) + { + /* If necessary set key length */ + if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) + { +- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, +- CMS_R_INVALID_KEY_LENGTH); +- goto err; ++ /* Only reveal failure if debugging so we don't ++ * leak information which may be useful in MMA. ++ */ ++ if (ec->debug) ++ { ++ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ++ CMS_R_INVALID_KEY_LENGTH); ++ goto err; ++ } ++ else ++ { ++ /* Use random key */ ++ OPENSSL_cleanse(ec->key, ec->keylen); ++ OPENSSL_free(ec->key); ++ ec->key = tkey; ++ ec->keylen = tkeylen; ++ tkey = NULL; ++ ERR_clear_error(); ++ } + } + } + +@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + OPENSSL_free(ec->key); + ec->key = NULL; + } ++ if (tkey) ++ { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ } + if (ok) + return b; + BIO_free(b); +diff -Naurp openssl-1.0.0d/crypto/cms/cms_env.c openssl-1.0.0d.oden/crypto/cms/cms_env.c +--- openssl-1.0.0d/crypto/cms/cms_env.c 2008-03-26 17:40:22.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/cms/cms_env.c 2012-03-26 11:45:36.000000000 +0000 +@@ -371,6 +371,8 @@ static int cms_RecipientInfo_ktri_decryp + unsigned char *ek = NULL; + size_t eklen; + int ret = 0; ++ CMS_EncryptedContentInfo *ec; ++ ec = cms->d.envelopedData->encryptedContentInfo; + + if (ktri->pkey == NULL) + { +@@ -417,8 +419,14 @@ static int cms_RecipientInfo_ktri_decryp + + ret = 1; + +- cms->d.envelopedData->encryptedContentInfo->key = ek; +- cms->d.envelopedData->encryptedContentInfo->keylen = eklen; ++ if (ec->key) ++ { ++ OPENSSL_cleanse(ec->key, ec->keylen); ++ OPENSSL_free(ec->key); ++ } ++ ++ ec->key = ek; ++ ec->keylen = eklen; + + err: + if (pctx) +diff -Naurp openssl-1.0.0d/crypto/cms/cms_lcl.h openssl-1.0.0d.oden/crypto/cms/cms_lcl.h +--- openssl-1.0.0d/crypto/cms/cms_lcl.h 2008-03-28 19:43:16.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/cms/cms_lcl.h 2012-03-26 11:45:36.000000000 +0000 +@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st + const EVP_CIPHER *cipher; + unsigned char *key; + size_t keylen; ++ /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ ++ int debug; + }; + + struct CMS_RecipientInfo_st +diff -Naurp openssl-1.0.0d/crypto/cms/cms_smime.c openssl-1.0.0d.oden/crypto/cms/cms_smime.c +--- openssl-1.0.0d/crypto/cms/cms_smime.c 2009-03-25 12:53:51.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/cms/cms_smime.c 2012-03-26 11:45:36.000000000 +0000 +@@ -611,7 +611,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf + STACK_OF(CMS_RecipientInfo) *ris; + CMS_RecipientInfo *ri; + int i, r; ++ int debug = 0; + ris = CMS_get0_RecipientInfos(cms); ++ if (ris) ++ debug = cms->d.envelopedData->encryptedContentInfo->debug; + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) + { + ri = sk_CMS_RecipientInfo_value(ris, i); +@@ -625,17 +628,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf + CMS_RecipientInfo_set0_pkey(ri, pk); + r = CMS_RecipientInfo_decrypt(cms, ri); + CMS_RecipientInfo_set0_pkey(ri, NULL); +- if (r > 0) +- return 1; + if (cert) + { ++ /* If not debugging clear any error and ++ * return success to avoid leaking of ++ * information useful to MMA ++ */ ++ if (!debug) ++ { ++ ERR_clear_error(); ++ return 1; ++ } ++ if (r > 0) ++ return 1; + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, + CMS_R_DECRYPT_ERROR); + return 0; + } +- ERR_clear_error(); ++ /* If no cert and not debugging don't leave loop ++ * after first successful decrypt. Always attempt ++ * to decrypt all recipients to avoid leaking timing ++ * of a successful decrypt. ++ */ ++ else if (r > 0 && debug) ++ return 1; + } + } ++ /* If no cert and not debugging always return success */ ++ if (!cert && !debug) ++ { ++ ERR_clear_error(); ++ return 1; ++ } + + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); + return 0; +@@ -694,9 +718,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV + } + if (!dcont && !check_content(cms)) + return 0; ++ if (flags & CMS_DEBUG_DECRYPT) ++ cms->d.envelopedData->encryptedContentInfo->debug = 1; ++ else ++ cms->d.envelopedData->encryptedContentInfo->debug = 0; ++ if (!pk && !cert && !dcont && !out) ++ return 1; + if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) + return 0; +- + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; +diff -Naurp openssl-1.0.0d/crypto/pkcs7/pk7_doit.c openssl-1.0.0d.oden/crypto/pkcs7/pk7_doit.c +--- openssl-1.0.0d/crypto/pkcs7/pk7_doit.c 2010-06-15 17:25:10.000000000 +0000 ++++ openssl-1.0.0d.oden/crypto/pkcs7/pk7_doit.c 2012-03-26 11:45:36.000000000 +0000 +@@ -204,11 +204,11 @@ static int pkcs7_decrypt_rinfo(unsigned + unsigned char *ek = NULL; + size_t eklen; + +- int ret = 0; ++ int ret = -1; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) +- return 0; ++ return -1; + + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; +@@ -235,12 +235,19 @@ static int pkcs7_decrypt_rinfo(unsigned + if (EVP_PKEY_decrypt(pctx, ek, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + { ++ ret = 0; + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); + goto err; + } + + ret = 1; + ++ if (*pek) ++ { ++ OPENSSL_cleanse(*pek, *peklen); ++ OPENSSL_free(*pek); ++ } ++ + *pek = ek; + *peklen = eklen; + +@@ -500,8 +507,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + int max; + X509_OBJECT ret; + #endif +- unsigned char *ek = NULL; +- int eklen; ++ unsigned char *ek = NULL, *tkey = NULL; ++ int eklen, tkeylen; + + if ((etmp=BIO_new(BIO_f_cipher())) == NULL) + { +@@ -534,29 +541,28 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + } + + /* If we haven't got a certificate try each ri in turn */ +- + if (pcert == NULL) + { ++ /* Always attempt to decrypt all rinfo even ++ * after sucess as a defence against MMA timing ++ * attacks. ++ */ + for (i=0; i 0) +- break; ++ ri, pkey) < 0) ++ goto err; + ERR_clear_error(); +- ri = NULL; +- } +- if (ri == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE, +- PKCS7_R_NO_RECIPIENT_MATCHES_KEY); +- goto err; + } + } + else + { +- if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0) ++ /* Only exit on fatal errors, not decrypt failure */ ++ if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + goto err; ++ ERR_clear_error(); + } + + evp_ctx=NULL; +@@ -565,6 +571,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + goto err; + if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) + goto err; ++ /* Generate random key as MMA defence */ ++ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); ++ tkey = OPENSSL_malloc(tkeylen); ++ if (!tkey) ++ goto err; ++ if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) ++ goto err; ++ if (ek == NULL) ++ { ++ ek = tkey; ++ eklen = tkeylen; ++ tkey = NULL; ++ } + + if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { + /* Some S/MIME clients don't use the same key +@@ -573,11 +592,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + */ + if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) + { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE, +- PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); +- goto err; ++ /* Use random key as MMA defence */ ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); ++ ek = tkey; ++ eklen = tkeylen; ++ tkey = NULL; + } + } ++ /* Clear errors so we don't leak information useful in MMA */ ++ ERR_clear_error(); + if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) + goto err; + +@@ -586,6 +610,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + OPENSSL_cleanse(ek,eklen); + OPENSSL_free(ek); + } ++ if (tkey) ++ { ++ OPENSSL_cleanse(tkey,tkeylen); ++ OPENSSL_free(tkey); ++ } + + if (out == NULL) + out=etmp; diff --git a/openssl-1.0.0d-CVE-2012-2333.diff b/openssl-1.0.0d-CVE-2012-2333.diff new file mode 100644 index 0000000..73a7a9c --- /dev/null +++ b/openssl-1.0.0d-CVE-2012-2333.diff @@ -0,0 +1,15 @@ + +http://cvs.openssl.org/chngview?cn=22547 +http://openssl.org/news/secadv_20120510.txt + +--- ssl/d1_enc.c 2011-01-04 19:33:22.000000000 +0000 ++++ ssl/d1_enc.c.oden 2012-05-11 09:49:13.000000000 +0000 +@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send) + } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ +- if (i > (int)rec->length) ++ if (i + bs > (int)rec->length) + { + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is diff --git a/openssl.spec b/openssl.spec index c4a434a..b7432b8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -18,7 +18,8 @@ Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: %{maj}d -Release: %mkrel 3 +%define subrel 6 +Release: %mkrel 2 License: BSD-like Group: System/Libraries URL: http://www.openssl.org/ @@ -44,6 +45,18 @@ Patch13: openssl-0.9.7-beta5-version-add-engines.patch Patch15: openssl-0.9.8e-crt.patch # http://blogs.sun.com/janp/ Patch16: pkcs11_engine-1.0.0.diff +Patch17: openssl-1.0.0d-CVE-2011-1945.diff +Patch18: openssl-1.0.0d-CVE-2011-3207.diff +Patch19: openssl-1.0.0d-CVE-2011-3210.diff +Patch20: openssl-1.0.0d-CVE-2011-4108.diff +Patch21: openssl-1.0.0a-CVE-2011-4576.diff +Patch22: openssl-1.0.0a-CVE-2011-4619.diff +Patch23: openssl-1.0.0a-CVE-2012-0027.diff +Patch24: openssl-1.0.0d-CVE-2012-0050.diff +Patch25: openssl-1.0.0a-CVE-2006-7250_CVE-2012-1165.diff +Patch26: openssl-1.0.0d-CVE-2012-0884.diff +Patch27: openssl-1.0.0a-CVE-2012-2110.diff +Patch28: openssl-1.0.0d-CVE-2012-2333.diff # MIPS and ARM support Patch300: openssl-1.0.0-mips.patch Patch301: openssl-1.0.0-arm.patch @@ -135,6 +148,19 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %patch15 -p1 -b .crt %patch16 -p1 -b .pkcs11_engine +%patch17 -p1 -b .CVE-2011-1945 +%patch18 -p0 -b .CVE-2011-3207 +%patch19 -p1 -b .CVE-2011-3210 +%patch20 -p0 -b .CVE-2011-4108 +%patch21 -p0 -b .CVE-2011-4576 +%patch22 -p1 -b .CVE-2011-4619 +%patch23 -p1 -b .CVE-2012-0027 +%patch24 -p0 -b .CVE-2012-0050 +%patch25 -p0 -b .CVE-2006-7250_CVE-2012-1165 +%patch26 -p1 -b .CVE-2012-0884 +%patch27 -p1 -b .CVE-2012-2110 +%patch28 -p0 -b .CVE-2012-2333 + %patch300 -p1 -b .mips %patch301 -p1 -b .arm %patch302 -p1 -b .engines @@ -174,6 +200,7 @@ sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" %endif + # ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and @@ -189,6 +216,7 @@ sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" + make depend make all build-shared @@ -354,8 +382,29 @@ rm -fr %{buildroot} %changelog -* Tue Feb 21 2012 abf -- The release updated by ABF +* Fri May 11 2012 Oden Eriksson 1.0.0d-2.6 +- P28: security fix for CVE-2012-2333 (upstream) + +* Thu Apr 19 2012 Oden Eriksson 1.0.0d-2.5 +- P27: security fix for CVE-2012-2110 (upstream) + +* Mon Mar 26 2012 Oden Eriksson 1.0.0d-2.4 +- P25: security fix for CVE-2006-7250_CVE-2012-1165 (upstream) +- P26: security fix for CVE-2012-0884 (upstream) + +* Sun Jan 29 2012 Oden Eriksson 1.0.0d-2.3 +- P24: security fix for CVE-2012-0050 (upstream) + +* Mon Jan 09 2012 Oden Eriksson 1.0.0d-2.2 +- P20: security fix for CVE-2011-4108 (upstream) +- P21: security fix for CVE-2011-4576 (upstream) +- P22: security fix for CVE-2011-4619 (upstream) +- P23: security fix for CVE-2012-0027 (upstream) + +* Fri Sep 23 2011 Oden Eriksson 1.0.0d-2.1 +- P17: security fix for CVE-2011-1945 (upstream) +- P18: security fix for CVE-2011-3207 (upstream) +- P19: security fix for CVE-2011-3210 (upstream) * Mon May 02 2011 Oden Eriksson 1.0.0d-2mdv2011.0 + Revision: 661710