rpms/openssl/devel openssl-0.9.8b-cve-2007-3108.patch, 1.1, 1.2 openssl.spec, 1.93, 1.94

Tomas Mraz (tmraz) fedora-extras-commits at redhat.com
Fri Oct 12 12:16:04 UTC 2007 

Author: tmraz

Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv630

Modified Files:
	openssl-0.9.8b-cve-2007-3108.patch openssl.spec 
Log Message:
* Fri Oct 12 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8b-16
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
- add alpha sub-archs (#296031)


openssl-0.9.8b-cve-2007-3108.patch:

Index: openssl-0.9.8b-cve-2007-3108.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl-0.9.8b-cve-2007-3108.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssl-0.9.8b-cve-2007-3108.patch	3 Aug 2007 12:16:54 -0000	1.1
+++ openssl-0.9.8b-cve-2007-3108.patch	12 Oct 2007 12:16:00 -0000	1.2
@@ -336,7 +336,7 @@
  
  	r->neg=a->neg^n->neg;
  	np=n->d;
-@@ -228,37 +228,56 @@ int BN_from_montgomery(BIGNUM *ret, cons
+@@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons
  		}
  	bn_correct_top(r);
  	
@@ -413,10 +413,12 @@
 -#endif
 +	for (ri+=4; i<ri; i++)
 +		rp[i]=nrp[i], ap[i]=0;
++	bn_correct_top(r);
++	bn_correct_top(ret);
  #else /* !MONT_WORD */ 
  	BIGNUM *t1,*t2;
  
-@@ -276,12 +295,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
+@@ -276,12 +297,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
  	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
  	if (!BN_add(t2,a,t1)) goto err;
  	if (!BN_rshift(ret,t2,mont->ri)) goto err;


Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- openssl.spec	21 Aug 2007 19:42:52 -0000	1.93
+++ openssl.spec	12 Oct 2007 12:16:00 -0000	1.94
@@ -66,6 +66,8 @@
 Patch64: openssl-0.9.8b-test-use-localhost.patch
 Patch65: openssl-0.9.8b-cve-2007-3108.patch
 Patch66: openssl-0.9.7a-ssl-strict-matching.patch
+Patch67: openssl-0.9.8b-cve-2007-4995.patch
+Patch68: openssl-0.9.8b-cve-2007-5135.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -142,6 +144,8 @@
 %patch64 -p1 -b .use-localhost
 %patch65 -p1 -b .no-branch
 %patch66 -p1 -b .strict-matching
+%patch67 -p1 -b .dtls-fixes
+%patch68 -p1 -b .shciphers
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -164,7 +168,7 @@
 sslarch=linux-sparcv9
 sslflags=no-asm
 %endif
-%ifarch alpha
+%ifarch alpha alphaev56 alphaev6 alphaev67
 sslarch=linux-alpha-gcc
 %endif
 %ifarch s390
@@ -382,6 +386,11 @@
 %postun -p /sbin/ldconfig
 
 %changelog
+* Fri Oct 12 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8b-16
+- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
+- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
+- add alpha sub-archs (#296031)
+
 * Tue Aug 21 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8b-15
 - rebuild

More information about the fedora-extras-commits mailing list