Hello community,
here is the log from the commit of package openssl
checked in at Sat Oct 13 18:03:23 CEST 2007.
--------
--- openssl/openssl.changes 2007-09-05 11:39:56.000000000 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes 2007-10-01 16:10:09.000000000 +0200
@@ -1,0 +2,5 @@
+Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de
+
+- fix buffer overflow CVE-2007-5135 [#329208]
+
+-------------------------------------------------------------------
New:
----
openssl-CVE-2007-5135.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl.spec ++++++
--- /var/tmp/diff_new_pack.G14377/_old 2007-10-13 18:03:11.000000000 +0200
+++ /var/tmp/diff_new_pack.G14377/_new 2007-10-13 18:03:11.000000000 +0200
@@ -17,11 +17,11 @@
License: BSD 3-Clause
Group: Productivity/Networking/Security
Provides: ssl
-Autoreqprov: on
+AutoReqProv: on
Version: 0.9.8e
-Release: 41
+Release: 47
Summary: Secure Sockets and Transport Layer Security
-URL: http://www.openssl.org/
+Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
Source10: README.SuSE
Source20: ICP-Brasil.pem
@@ -41,6 +41,7 @@
Patch22: openssl-0.9.8-key_length.patch
Patch23: openssl-gcc42.patch
Patch24: openssl-gcc42_b.patch
+Patch25: openssl-CVE-2007-5135.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: libopenssl0_9_8
@@ -202,6 +203,7 @@
%patch22 -p1
%patch23
%patch24
+%patch25 -p1
cp -p %{S:10} .
cp -p %{S:20} certs/
cp -p %{S:21} certs/
@@ -415,8 +417,9 @@
%files certs
%defattr(-, root, root)
%{ssletcdir}/certs
-
%changelog
+* Mon Oct 01 2007 - mkoenig@suse.de
+- fix buffer overflow CVE-2007-5135 [#329208]
* Wed Sep 05 2007 - mkoenig@suse.de
- fix another gcc 4.2 build problem [#307669]
* Fri Aug 03 2007 - coolo@suse.de
++++++ openssl-CVE-2007-5135.patch ++++++
--- a/ssl/ssl_lib.c 2007/08/12 18:59:02 1.133.2.9
+++ b/ssl/ssl_lib.c 2007/09/19 12:16:21 1.133.2.10
@@ -1210,7 +1210,6 @@
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
{
char *p;
- const char *cp;
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int i;
@@ -1223,20 +1222,21 @@
sk=s->session->ciphers;
for (i=0; i