Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at Fri Jun 18 05:17:29 CEST 2010. -------- --- openssl/openssl.changes 2010-05-31 22:05:19.000000000 +0200 +++ openssl/openssl.changes 2010-06-15 11:54:53.000000000 +0200 @@ -1,0 +2,12 @@ +Tue Jun 15 09:53:54 UTC 2010 - bg@novell.com + +- -fstack-protector is not supported on hppa + +------------------------------------------------------------------- +Fri Jun 4 07:11:28 UTC 2010 - gjhe@novell.com + +- fix bug #610642 + CVE-2010-0742 + CVE-2010-1633 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- CVE-2010-1633_and_CVE-2010-0742.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.B8EtPL/_old 2010-06-18 05:15:19.000000000 +0200 +++ /var/tmp/diff_new_pack.B8EtPL/_new 2010-06-18 05:15:19.000000000 +0200 @@ -32,7 +32,7 @@ %endif # Version: 1.0.0 -Release: 4 +Release: 5 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -43,6 +43,7 @@ Patch0: merge_from_0.9.8k.patch Patch1: openssl-1.0.0-c_rehash-compat.diff Patch2: bug610223.patch +Patch3: CVE-2010-1633_and_CVE-2010-0742.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -172,6 +173,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags @@ -221,8 +223,12 @@ -fomit-frame-pointer \ -fno-strict-aliasing \ -DTERMIO \ +%ifnarch hppa -Wall \ -fstack-protector " +%else +-Wall " +%endif # #%{!?do_profiling:%define do_profiling 0} #%if %do_profiling ++++++ CVE-2010-1633_and_CVE-2010-0742.patch ++++++ Index: openssl-1.0.0/crypto/cms/cms_asn1.c =================================================================== --- openssl-1.0.0.orig/crypto/cms/cms_asn1.c +++ openssl-1.0.0/crypto/cms/cms_asn1.c @@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { Index: openssl-1.0.0/crypto/rsa/rsa_pmeth.c =================================================================== --- openssl-1.0.0.orig/crypto/rsa/rsa_pmeth.c +++ openssl-1.0.0/crypto/rsa/rsa_pmeth.c @@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PK ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0, rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; ret = sltmp; } else ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org