Hello community,
here is the log from the commit of package libopenssl0_9_8 for openSUSE:Factory checked in at 2016-03-07 13:26:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libopenssl0_9_8 (Old)
and /work/SRC/openSUSE:Factory/.libopenssl0_9_8.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libopenssl0_9_8"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libopenssl0_9_8/libopenssl0_9_8.changes 2014-02-02 07:36:02.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libopenssl0_9_8.new/libopenssl0_9_8.changes 2016-03-07 13:27:12.000000000 +0100
@@ -1,0 +2,39 @@
+Tue Mar 1 14:11:09 UTC 2016 - vcizek@suse.com
+
+- Fix CVE-2016-0797 (bnc#968048) via "openssl-CVE-2016-0797.patch".
+- Fix CVE-2016-0799 (bnc#968374) via "openssl-CVE-2016-0799.patch".
+- Fix CVE-2016-0800 (bnc#968046, "Drown")
+ * add openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
+
+-------------------------------------------------------------------
+Tue Mar 1 14:07:49 UTC 2016 - vcizek@suse.com
+
+- update to 0.9.8zh
+ * fixes many security vulnerabilities:
+ CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,
+ CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287,
+ CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,
+ CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204,
+ CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568,
+ CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,
+ CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221,
+ CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169,
+ CVE-2013-0166
+ * remove broken debug build targets
+ openssl-fix-config-test-sanity.patch
+
+-------------------------------------------------------------------
+Wed Feb 24 12:46:37 UTC 2016 - vcizek@suse.com
+
+- avoid running OPENSSL_config twice. This avoids breaking
+ engine loading. (bsc#952871, bsc#967787)
+ * add openssl-avoid-config-twice.patch
+
+-------------------------------------------------------------------
+Fri Feb 12 14:59:04 UTC 2016 - vcizek@suse.com
+
+- fix CVE-2015-3197 (bsc#963415)
+ * SSLv2 doesn't block disabled ciphers
+ * add openssl-CVE-2015-3197.patch
+
+-------------------------------------------------------------------
Old:
----
openssl-0.9.8x.tar.gz
New:
----
openssl-0.9.8zh.tar.gz
openssl-CVE-2015-3197.patch
openssl-CVE-2016-0797.patch
openssl-CVE-2016-0799.patch
openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
openssl-fix-config-test-sanity.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libopenssl0_9_8.spec ++++++
--- /var/tmp/diff_new_pack.AwTPxo/_old 2016-03-07 13:27:14.000000000 +0100
+++ /var/tmp/diff_new_pack.AwTPxo/_new 2016-03-07 13:27:14.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libopenssl0_9_8
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
#
-Version: 0.9.8x
+Version: 0.9.8zh
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: BSD-3-Clause
@@ -34,6 +34,12 @@
Source10: README.SuSE
Patch0: merge_from_0_9_8k.patch
Patch1: libopenssl_add_ppc64le.patch
+Patch3: openssl-CVE-2015-3197.patch
+# OpenSSL Security Advisory [1st March 2016]
+Patch6: openssl-CVE-2016-0797.patch
+Patch7: openssl-CVE-2016-0799.patch
+Patch8: openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
+Patch9: openssl-fix-config-test-sanity.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Recommends: openssl-certs
@@ -57,6 +63,11 @@
%setup -q -n openssl-%{version}
%patch0 -p1
%patch1 -p1
+%patch3 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
@@ -86,7 +97,7 @@
sed -i 's,/lib/engines,/%_lib/engines,' Configure
%build
-./config --test-sanity
+#./config --test-sanity
#
config_flags="threads shared no-rc5 no-idea \
enable-camellia \
++++++ merge_from_0_9_8k.patch ++++++
--- /var/tmp/diff_new_pack.AwTPxo/_old 2016-03-07 13:27:14.000000000 +0100
+++ /var/tmp/diff_new_pack.AwTPxo/_new 2016-03-07 13:27:14.000000000 +0100
@@ -1,8 +1,8 @@
-Index: openssl-0.9.8m/Configure
+Index: openssl-0.9.8zh/Configure
===================================================================
---- openssl-0.9.8m.orig/Configure
-+++ openssl-0.9.8m/Configure
-@@ -874,7 +874,7 @@ PROCESS_ARGS:
+--- openssl-0.9.8zh.orig/Configure 2016-03-01 13:53:13.724478828 +0100
++++ openssl-0.9.8zh/Configure 2016-03-01 13:53:21.821612882 +0100
+@@ -878,7 +878,7 @@ PROCESS_ARGS:
}
else
{
@@ -11,7 +11,7 @@
$target=$_;
}
-@@ -1123,7 +1123,7 @@ else { $lflags=$prelflags; undef $pre
+@@ -1127,7 +1127,7 @@ else { $lflags=$prelflags; undef $pre
my $no_shared_warn=0;
my $no_user_cflags=0;
@@ -20,10 +20,10 @@
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
-Index: openssl-0.9.8m/config
+Index: openssl-0.9.8zh/config
===================================================================
---- openssl-0.9.8m.orig/config
-+++ openssl-0.9.8m/config
+--- openssl-0.9.8zh.orig/config 2016-03-01 13:53:13.725478845 +0100
++++ openssl-0.9.8zh/config 2016-03-01 13:53:21.822612899 +0100
@@ -526,7 +526,8 @@ case "$GUESSOS" in
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
@@ -72,23 +72,23 @@
# Finish Model transformations
options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
-Index: openssl-0.9.8m/crypto/camellia/cmll_locl.h
+Index: openssl-0.9.8zh/crypto/camellia/cmll_locl.h
===================================================================
---- openssl-0.9.8m.orig/crypto/camellia/cmll_locl.h
-+++ openssl-0.9.8m/crypto/camellia/cmll_locl.h
+--- openssl-0.9.8zh.orig/crypto/camellia/cmll_locl.h 2016-03-01 13:53:21.822612899 +0100
++++ openssl-0.9.8zh/crypto/camellia/cmll_locl.h 2016-03-01 13:54:38.726885587 +0100
@@ -97,7 +97,7 @@ extern "C" {
- (ct)[2] = (u8)((st) >> 8); \
- (ct)[3] = (u8)(st); }
+ (ct)[2] = (u8)((st) >> 8); \
+ (ct)[3] = (u8)(st); }
--#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
-+#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64) || defined(i386)))
- #define CAMELLIA_SWAP4(x) \
+-# if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
++# if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64) || defined(i386)))
+ # define CAMELLIA_SWAP4(x) \
do{\
asm("bswap %1" : "+r" (x));\
-Index: openssl-0.9.8m/crypto/perlasm/x86unix.pl
+Index: openssl-0.9.8zh/crypto/perlasm/x86unix.pl
===================================================================
---- openssl-0.9.8m.orig/crypto/perlasm/x86unix.pl
-+++ openssl-0.9.8m/crypto/perlasm/x86unix.pl
+--- openssl-0.9.8zh.orig/crypto/perlasm/x86unix.pl 2016-03-01 13:53:13.725478845 +0100
++++ openssl-0.9.8zh/crypto/perlasm/x86unix.pl 2016-03-01 13:53:21.822612899 +0100
@@ -547,8 +547,6 @@ sub main'file_end
push (@out,"\n.section\t.bss\n");
@@ -106,10 +106,10 @@
}
sub main'data_byte
-Index: openssl-0.9.8m/engines/Makefile
+Index: openssl-0.9.8zh/engines/Makefile
===================================================================
---- openssl-0.9.8m.orig/engines/Makefile
-+++ openssl-0.9.8m/engines/Makefile
+--- openssl-0.9.8zh.orig/engines/Makefile 2016-03-01 13:53:13.725478845 +0100
++++ openssl-0.9.8zh/engines/Makefile 2016-03-01 13:53:21.822612899 +0100
@@ -92,7 +92,7 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
++++++ openssl-CVE-2015-3197.patch ++++++
From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni
Date: Wed, 30 Dec 2015 22:44:51 -0500
Subject: [PATCH] Better SSLv2 cipher-suite enforcement
Based on patch by: Nimrod Aviram
CVE-2015-3197
Reviewed-by: Tim Hudson
Reviewed-by: Richard Levitte
---
ssl/s2_srvr.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
Index: openssl-0.9.8zh/ssl/s2_srvr.c
===================================================================
--- openssl-0.9.8zh.orig/ssl/s2_srvr.c 2016-03-01 14:05:00.363092713 +0100
+++ openssl-0.9.8zh/ssl/s2_srvr.c 2016-03-01 14:09:41.685698352 +0100
@@ -396,7 +396,7 @@ static int get_client_master_key(SSL *s)
}
cp = ssl2_get_cipher_by_char(p);
- if (cp == NULL) {
+ if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
ssl2_return_error(s, SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
return (-1);
@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
prio = cs;
allow = cl;
}
+
+ /* Generate list of SSLv2 ciphers shared between client and server */
for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
- if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
+ const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
+ if ((cp->algorithms & SSL_SSLV2) == 0 ||
+ sk_SSL_CIPHER_find(allow, cp) < 0) {
(void)sk_SSL_CIPHER_delete(prio, z);
z--;
}
@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers = prio;
}
+
+ /* Make sure we have at least one cipher in common */
+ if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
+ return -1;
+ }
/*
* s->session->ciphers should now have a list of ciphers that are on
* both the client and server. This list is ordered by the order the
++++++ openssl-CVE-2016-0797.patch ++++++
Index: openssl-0.9.8zh/crypto/bn/bn_print.c
===================================================================
--- openssl-0.9.8zh.orig/crypto/bn/bn_print.c 2016-03-01 14:12:00.432969639 +0100
+++ openssl-0.9.8zh/crypto/bn/bn_print.c 2016-03-01 14:15:14.463143015 +0100
@@ -58,6 +58,7 @@
#include
#include
+#include
#include "cryptlib.h"
#include
#include "bn_lcl.h"
@@ -189,7 +190,9 @@ int BN_hex2bn(BIGNUM **bn, const char *a
a++;
}
- for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
+ for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++);
+ if (i > INT_MAX/4)
+ goto err;
num = i + neg;
if (bn == NULL)
@@ -204,7 +207,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a
BN_zero(ret);
}
- /* i is the number of hex digests; */
+ /* i is the number of hex digits; */
if (bn_expand(ret, i * 4) == NULL)
goto err;
@@ -260,7 +263,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a
a++;
}
- for (i = 0; isdigit((unsigned char)a[i]); i++) ;
+ for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++);
+ if (i > INT_MAX/4)
+ goto err;
num = i + neg;
if (bn == NULL)
@@ -278,7 +283,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a
BN_zero(ret);
}
- /* i is the number of digests, a bit of an over expand; */
+ /* i is the number of digits, a bit of an over expand; */
if (bn_expand(ret, i * 4) == NULL)
goto err;
Index: openssl-0.9.8zh/crypto/bn/bn.h
===================================================================
--- openssl-0.9.8zh.orig/crypto/bn/bn.h 2016-03-01 14:12:01.388985272 +0100
+++ openssl-0.9.8zh/crypto/bn/bn.h 2016-03-01 14:21:34.848366586 +0100
@@ -77,6 +77,7 @@
# include /* FILE */
# endif
# include
+#include
#ifdef __cplusplus
extern "C" {
@@ -704,8 +705,16 @@ const BIGNUM *BN_get0_nist_prime_521(voi
/* library internal functions */
-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
- (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+#define bn_expand(a,bits) \
+ ( \
+ bits > (INT_MAX - BN_BITS2 + 1) ? \
+ NULL \
+ : \
+ (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
+ (a) \
+ : \
+ bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
+ )
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
BIGNUM *bn_expand2(BIGNUM *a, int words);
# ifndef OPENSSL_NO_DEPRECATED
++++++ openssl-CVE-2016-0799.patch ++++++
commit 578b956fe741bf8e84055547b1e83c28dd902c73
Author: Matt Caswell
Date: Thu Feb 25 13:09:46 2016 +0000
Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.
These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.
Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.
CVE-2016-0799
Issue reported by Guido Vranken.
Reviewed-by: Andy Polyakov
Index: openssl-0.9.8zh/crypto/bio/b_print.c
===================================================================
--- openssl-0.9.8zh.orig/crypto/bio/b_print.c 2016-03-01 14:30:45.722383423 +0100
+++ openssl-0.9.8zh/crypto/bio/b_print.c 2016-03-01 14:41:08.853586333 +0100
@@ -125,16 +125,16 @@
# define LLONG long
#endif
-static void fmtstr(char **, char **, size_t *, size_t *,
- const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
- LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
- LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
- size_t *maxlen, size_t *retlen, int *truncated,
- const char *format, va_list args);
+static int fmtstr(char **, char **, size_t *, size_t *,
+ const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+ LLONG, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
/* format read states */
#define DP_S_DEFAULT 0
@@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char *
#define char_to_int(p) (p - '0')
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-static void
+static int
_dopr(char **sbuffer,
char **buffer,
size_t *maxlen,
@@ -196,7 +196,8 @@ _dopr(char **sbuffer,
if (ch == '%')
state = DP_S_FLAGS;
else
- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+ return 0;
ch = *format++;
break;
case DP_S_FLAGS:
@@ -302,8 +303,9 @@ _dopr(char **sbuffer,
value = va_arg(args, int);
break;
}
- fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 10, min, max, flags);
+ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+ max, flags))
+ return 0;
break;
case 'X':
flags |= DP_F_UP;
@@ -326,17 +328,19 @@ _dopr(char **sbuffer,
value = (LLONG) va_arg(args, unsigned int);
break;
}
- fmtint(sbuffer, buffer, &currlen, maxlen, value,
- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
- min, max, flags);
+ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+ min, max, flags))
+ return 0;
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
- fmtfp(sbuffer, buffer, &currlen, maxlen,
- fvalue, min, max, flags);
+ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+ flags))
+ return 0;
break;
case 'E':
flags |= DP_F_UP;
@@ -355,8 +359,9 @@ _dopr(char **sbuffer,
fvalue = va_arg(args, double);
break;
case 'c':
- doapr_outch(sbuffer, buffer, &currlen, maxlen,
- va_arg(args, int));
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+ va_arg(args, int)))
+ return 0;
break;
case 's':
strvalue = va_arg(args, char *);
@@ -366,13 +371,15 @@ _dopr(char **sbuffer,
else
max = *maxlen;
}
- fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
- flags, min, max);
+ if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+ flags, min, max))
+ return 0;
break;
case 'p':
value = (long)va_arg(args, void *);
- fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 16, min, max, flags | DP_F_NUM);
+ if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+ value, 16, min, max, flags | DP_F_NUM))
+ return 0;
break;
case 'n': /* XXX */
if (cflags == DP_C_SHORT) {
@@ -394,7 +401,8 @@ _dopr(char **sbuffer,
}
break;
case '%':
- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+ return 0;
break;
case 'w':
/* not supported yet, treat as next char */
@@ -418,46 +426,56 @@ _dopr(char **sbuffer,
*truncated = (currlen > *maxlen - 1);
if (*truncated)
currlen = *maxlen - 1;
- doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+ return 0;
*retlen = currlen - 1;
- return;
+ return 1;
}
-static void
+static int
fmtstr(char **sbuffer,
char **buffer,
size_t *currlen,
size_t *maxlen, const char *value, int flags, int min, int max)
{
- int padlen, strln;
+ int padlen;
+ size_t strln;
int cnt = 0;
if (value == 0)
value = "<NULL>";
- for (strln = 0; value[strln]; ++strln) ;
+
+ strln = strlen(value);
+ if (strln > INT_MAX)
+ strln = INT_MAX;
+
padlen = min - strln;
- if (padlen < 0)
+ if (min < 0 || padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen;
while ((padlen > 0) && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
--padlen;
++cnt;
}
while (*value && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+ return 0;
++cnt;
}
while ((padlen < 0) && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
++padlen;
++cnt;
}
+ return 1;
}
-static void
+static int
fmtint(char **sbuffer,
char **buffer,
size_t *currlen,
@@ -517,37 +535,44 @@ fmtint(char **sbuffer,
/* spaces */
while (spadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
--spadlen;
}
/* sign */
if (signvalue)
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+ return 0;
/* prefix */
while (*prefix) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+ return 0;
prefix++;
}
/* zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+ return 0;
--zpadlen;
}
}
/* digits */
- while (place > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+ while (place > 0) {
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+ return 0;
+ }
/* left justified spaces */
while (spadlen < 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
++spadlen;
}
- return;
+ return 1;
}
static LDOUBLE abs_val(LDOUBLE value)
@@ -578,7 +603,7 @@ static long roundv(LDOUBLE value)
return intpart;
}
-static void
+static int
fmtfp(char **sbuffer,
char **buffer,
size_t *currlen,
@@ -660,71 +685,91 @@ fmtfp(char **sbuffer,
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+ return 0;
--padlen;
signvalue = 0;
}
while (padlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+ return 0;
--padlen;
}
}
while (padlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
--padlen;
}
- if (signvalue)
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+ return 0;
- while (iplace > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+ while (iplace > 0) {
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+ return 0;
+ }
/*
* Decimal point. This should probably use locale to find the correct
* char to print out.
*/
if (max > 0 || (flags & DP_F_NUM)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+ return 0;
- while (fplace > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+ while (fplace > 0) {
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
+ fconvert[--fplace]))
+ return 0;
+ }
}
while (zpadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+ return 0;
--zpadlen;
}
while (padlen < 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
++padlen;
}
+ return 1;
}
-static void
+#define BUFFER_INC 1024
+
+static int
doapr_outch(char **sbuffer,
char **buffer, size_t *currlen, size_t *maxlen, int c)
{
/* If we haven't at least one buffer, someone has doe a big booboo */
assert(*sbuffer != NULL || buffer != NULL);
- if (buffer) {
- while (*currlen >= *maxlen) {
- if (*buffer == NULL) {
- if (*maxlen == 0)
- *maxlen = 1024;
- *buffer = OPENSSL_malloc(*maxlen);
- if (*currlen > 0) {
- assert(*sbuffer != NULL);
- memcpy(*buffer, *sbuffer, *currlen);
- }
- *sbuffer = NULL;
- } else {
- *maxlen += 1024;
- *buffer = OPENSSL_realloc(*buffer, *maxlen);
+ /* |currlen| must always be <= |*maxlen| */
+ assert(*currlen <= *maxlen);
+
+ if (buffer && *currlen == *maxlen) {
+ if (*maxlen > INT_MAX - BUFFER_INC)
+ return 0;
+
+ *maxlen += BUFFER_INC;
+ if (*buffer == NULL) {
+ *buffer = OPENSSL_malloc(*maxlen);
+ if (*buffer == NULL)
+ return 0;
+ if (*currlen > 0) {
+ assert(*sbuffer != NULL);
+ memcpy(*buffer, *sbuffer, *currlen);
}
+ *sbuffer = NULL;
+ } else {
+ char *tmpbuf;
+ tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+ if (tmpbuf == NULL)
+ return 0;
+ *buffer = tmpbuf;
}
- /* What to do if *buffer is NULL? */
- assert(*sbuffer != NULL || *buffer != NULL);
}
if (*currlen < *maxlen) {
@@ -734,7 +779,7 @@ doapr_outch(char **sbuffer,
(*buffer)[(*currlen)++] = (char)c;
}
- return;
+ return 1;
}
/***************************************************************************/
@@ -766,7 +811,11 @@ int BIO_vprintf(BIO *bio, const char *fo
dynbuf = NULL;
CRYPTO_push_info("doapr()");
- _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
+ if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+ args)) {
+ OPENSSL_free(dynbuf);
+ return -1;
+ }
if (dynbuf) {
ret = BIO_write(bio, dynbuf, (int)retlen);
OPENSSL_free(dynbuf);
@@ -801,7 +850,8 @@ int BIO_vsnprintf(char *buf, size_t n, c
size_t retlen;
int truncated;
- _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+ if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+ return -1;
if (truncated)
/*
++++++ openssl-CVE-2016-0800-DROWN-disable-ssl2.patch ++++++
Index: openssl-0.9.8zh/ssl/ssl_lib.c
===================================================================
--- openssl-0.9.8zh.orig/ssl/ssl_lib.c 2016-03-01 14:45:01.841401757 +0100
+++ openssl-0.9.8zh/ssl/ssl_lib.c 2016-03-01 14:45:02.711416004 +0100
@@ -1610,6 +1610,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
#endif
+ /* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */
+ if (!getenv("OPENSSL_ALLOW_SSL2"))
+ ret->options |= SSL_OP_NO_SSLv2;
+
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
Index: openssl-0.9.8zh/ssl/ssl_ciph.c
===================================================================
--- openssl-0.9.8zh.orig/ssl/ssl_ciph.c 2016-03-01 14:45:02.711416004 +0100
+++ openssl-0.9.8zh/ssl/ssl_ciph.c 2016-03-01 14:47:33.139891339 +0100
@@ -517,6 +517,7 @@ static void ssl_cipher_collect_ciphers(c
{
int i, co_list_num;
SSL_CIPHER *c;
+ int support_export = !!getenv("OPENSSL_ALLOW_EXPORT");
/*
* We have num_of_ciphers descriptions compiled in, depending on the
@@ -531,12 +532,11 @@ static void ssl_cipher_collect_ciphers(c
c = ssl_method->get_cipher(i);
#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
/* drop those that use any of that is not available */
+ if ((c != NULL) && c->valid && !IS_MASKED(c) &&
#ifdef OPENSSL_FIPS
- if ((c != NULL) && c->valid && !IS_MASKED(c)
- && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
-#else
- if ((c != NULL) && c->valid && !IS_MASKED(c))
+ (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
#endif
+ (!(c->algo_strength & SSL_EXPORT) || support_export))
{
co_list[co_list_num].cipher = c;
co_list[co_list_num].next = NULL;
++++++ openssl-fix-config-test-sanity.patch ++++++
Remove broken build targets that cause SANITY ERRORS.
Index: openssl-0.9.8zh/Configure
===================================================================
--- openssl-0.9.8zh.orig/Configure 2016-03-01 15:11:51.278111254 +0100
+++ openssl-0.9.8zh/Configure 2016-03-01 16:47:43.352239856 +0100
@@ -162,11 +162,9 @@ my %table=(
"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
-"debug-ben-debug-64", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",