Hello community, here is the log from the commit of package openssl checked in at Mon Oct 9 19:30:12 CEST 2006. -------- --- openssl/openssl.changes 2006-09-29 18:38:43.000000000 +0200 +++ /mounts/work_src_done/STABLE/openssl/openssl.changes 2006-10-04 15:08:55.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Oct 4 15:07:55 CEST 2006 - poeml@suse.de + +- add patch for the CVE-2006-2940 fix: the newly introduced limit + on DH modulus size could lead to a crash when exerted. [#208971] + Discovered and fixed after the 0.9.8d release. + +------------------------------------------------------------------- New: ---- openssl-CVE-2006-2940-fixup.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.O6yWaG/_old 2006-10-09 19:19:43.000000000 +0200 +++ /var/tmp/diff_new_pack.O6yWaG/_new 2006-10-09 19:19:43.000000000 +0200 @@ -24,7 +24,7 @@ Obsoletes: ssleay Autoreqprov: on Version: 0.9.8d -Release: 1 +Release: 2 Summary: Secure Sockets and Transport Layer Security URL: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -42,6 +42,7 @@ Patch11: openssl-s390-config.diff Patch20: openssl-0.9.8a.ca-app-segfault.bug128655.dif Patch21: bswap.diff +Patch22: openssl-CVE-2006-2940-fixup.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -334,6 +335,10 @@ %{_libdir}/engines %changelog -n openssl +* Wed Oct 04 2006 - poeml@suse.de +- add patch for the CVE-2006-2940 fix: the newly introduced limit + on DH modulus size could lead to a crash when exerted. [#208971] + Discovered and fixed after the 0.9.8d release. * Fri Sep 29 2006 - poeml@suse.de - update to 0.9.8d *) Introduce limits to prevent malicious keys being able to ++++++ openssl-CVE-2006-2940-fixup.patch ++++++ Fix for the CVE-2006-2940 fix The newly introduced limit on DH modulus size could lead to a crash when exerted. This was fixed after the 0.9.8d release in the OpenSSL CVS: http://cvs.openssl.org/chngview?cn=15607 --- crypto/dh/dh_key.c 2005-08-20 20:35:53.000000000 +0200 +++ crypto/dh/dh_key.c 2006-10-04 13:25:02.000000000 +0200 @@ -173,7 +173,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - BN_CTX *ctx; + BN_CTX *ctx=NULL; BN_MONT_CTX *mont=NULL; BIGNUM *tmp; int ret= -1; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org