From ce33e8e7b9227478170d2f90b2345a4141bc9545 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Thu, 5 Jun 2014 18:20:47 +0200 Subject: [PATCH] - up to 1.0.1h; fixes: * SSL/TLS MITM vulnerability (CVE-2014-0224) * DTLS recursion flaw (CVE-2014-0221) * DTLS invalid fragment vulnerability (CVE-2014-0195) * SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) * SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) * Anonymous ECDH denial of service (CVE-2014-3470) --- openssl-fix_use_after_free.patch | 13 - openssl-pod.patch | 448 ------------------------------- openssl.spec | 13 +- 3 files changed, 3 insertions(+), 471 deletions(-) delete mode 100644 openssl-fix_use_after_free.patch delete mode 100644 openssl-pod.patch diff --git a/openssl-fix_use_after_free.patch b/openssl-fix_use_after_free.patch deleted file mode 100644 index af1b5ef..0000000 --- a/openssl-fix_use_after_free.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c -index b9e45c7..d601a18 100644 ---- a/ssl/s3_pkt.c -+++ b/ssl/s3_pkt.c -@@ -1334,7 +1334,7 @@ start: - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; -- if (s->mode & SSL_MODE_RELEASE_BUFFERS) -+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - } diff --git a/openssl-pod.patch b/openssl-pod.patch deleted file mode 100644 index 0b1bdfc..0000000 --- a/openssl-pod.patch +++ /dev/null @@ -1,448 +0,0 @@ -diff -urN openssl-1.0.1f.org/doc/apps/cms.pod openssl-1.0.1f/doc/apps/cms.pod ---- openssl-1.0.1f.org/doc/apps/cms.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/apps/cms.pod 2014-01-19 01:10:11.205967419 +0100 -@@ -450,28 +450,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. -diff -urN openssl-1.0.1f.org/doc/apps/smime.pod openssl-1.0.1f/doc/apps/smime.pod ---- openssl-1.0.1f.org/doc/apps/smime.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/apps/smime.pod 2014-01-19 01:10:11.229301529 +0100 -@@ -308,28 +308,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. -diff -urN openssl-1.0.1f.org/doc/apps/ts.pod openssl-1.0.1f/doc/apps/ts.pod ---- openssl-1.0.1f.org/doc/apps/ts.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/apps/ts.pod 2014-01-19 01:10:11.239301862 +0100 -@@ -58,19 +58,19 @@ - - =over 4 - --=item 1. -+=item C<1>. - - The TSA client computes a one-way hash value for a data file and sends - the hash to the TSA. - --=item 2. -+=item C<2>. - - The TSA attaches the current date and time to the received hash value, - signs them and sends the time stamp token back to the client. By - creating this token the TSA certifies the existence of the original - data file at the time of response generation. - --=item 3. -+=item C<3>. - - The TSA client receives the time stamp token and verifies the - signature on it. It also checks if the token contains the same hash -diff -urN openssl-1.0.1f.org/doc/crypto/rand.pod openssl-1.0.1f/doc/crypto/rand.pod ---- openssl-1.0.1f.org/doc/crypto/rand.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/crypto/rand.pod 2014-01-19 01:10:11.382639970 +0100 -@@ -74,16 +74,16 @@ - - =over 4 - --=item 1 -+=item C<1> - - A good hashing algorithm to mix things up and to convert the RNG 'state' - to random numbers. - --=item 2 -+=item C<2> - - An initial source of random 'state'. - --=item 3 -+=item C<3> - - The state should be very large. If the RNG is being used to generate - 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). -@@ -93,13 +93,13 @@ - a bad idea to keep quite a lot of RNG state. It should be easier to - break a cipher than guess the RNG seed data. - --=item 4 -+=item C<4> - - Any RNG seed data should influence all subsequent random numbers - generated. This implies that any random seed data entered will have - an influence on all subsequent random numbers generated. - --=item 5 -+=item C<5> - - When using data to seed the RNG state, the data used should not be - extractable from the RNG state. I believe this should be a -@@ -108,12 +108,12 @@ - not be disclosed by either subsequent random numbers or a - 'core' dump left by a program crash. - --=item 6 -+=item C<6> - - Given the same initial 'state', 2 systems should deviate in their RNG state - (and hence the random numbers generated) over time if at all possible. - --=item 7 -+=item C<7> - - Given the random number output stream, it should not be possible to determine - the RNG state or the next random number. -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_accept.pod openssl-1.0.1f/doc/ssl/SSL_accept.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_accept.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-01-19 01:10:11.409307524 +0100 -@@ -44,13 +44,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_clear.pod openssl-1.0.1f/doc/ssl/SSL_clear.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_clear.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-01-19 01:10:11.415974413 +0100 -@@ -56,12 +56,12 @@ - - =over 4 - --=item 0 -+=item C<0> - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item C<1> - - The SSL_clear() operation was successful. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-19 01:10:11.415974413 +0100 -@@ -53,11 +53,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation succeeded. - --=item 1 -+=item C<1> - - The operation failed. Check the error queue to find out the reason. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_connect.pod openssl-1.0.1f/doc/ssl/SSL_connect.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_connect.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-01-19 01:10:11.415974413 +0100 -@@ -41,13 +41,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-01-19 01:10:11.419307858 +0100 -@@ -52,13 +52,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-19 01:10:11.422641302 +0100 -@@ -100,13 +100,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed because B and B are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-19 01:10:11.429308190 +0100 -@@ -66,13 +66,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B. Check the error stack - to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-19 01:10:11.439308524 +0100 -@@ -64,13 +64,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The length B of the session id context B exceeded - the maximum allowed length of B. The error - is logged to the error stack. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-19 01:10:11.439308524 +0100 -@@ -42,11 +42,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-19 01:10:11.445975412 +0100 -@@ -96,7 +96,7 @@ - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item C<0> - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_do_handshake.pod openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_do_handshake.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-01-19 01:10:11.445975412 +0100 -@@ -45,13 +45,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_read.pod openssl-1.0.1f/doc/ssl/SSL_read.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_read.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-01-19 01:10:11.459309190 +0100 -@@ -86,7 +86,7 @@ - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item C<0> - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_session_reused.pod openssl-1.0.1f/doc/ssl/SSL_session_reused.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_session_reused.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-01-19 01:10:11.465976078 +0100 -@@ -27,11 +27,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - A new session was negotiated. - --=item 1 -+=item C<1> - - A session was reused. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_set_fd.pod openssl-1.0.1f/doc/ssl/SSL_set_fd.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_set_fd.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-01-19 01:10:11.469309522 +0100 -@@ -35,11 +35,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_set_session.pod openssl-1.0.1f/doc/ssl/SSL_set_session.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_set_session.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-01-19 01:10:11.469309522 +0100 -@@ -37,11 +37,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_shutdown.pod openssl-1.0.1f/doc/ssl/SSL_shutdown.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_shutdown.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-01-19 01:10:11.469309522 +0100 -@@ -92,14 +92,14 @@ - - =over 4 - --=item 0 -+=item C<0> - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. - The output of L may be misleading, as an - erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - --=item 1 -+=item C<1> - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. -diff -urN openssl-1.0.1f.org/doc/ssl/SSL_write.pod openssl-1.0.1f/doc/ssl/SSL_write.pod ---- openssl-1.0.1f.org/doc/ssl/SSL_write.pod 2014-01-06 14:47:42.000000000 +0100 -+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-01-19 01:10:11.475976412 +0100 -@@ -79,7 +79,7 @@ - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item C<0> - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B to find out, diff --git a/openssl.spec b/openssl.spec index ddc441a..c3cfbfe 100644 --- a/openssl.spec +++ b/openssl.spec @@ -16,12 +16,12 @@ Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocol Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer Name: openssl -Version: 1.0.1g -Release: 2 +Version: 1.0.1h +Release: 1 License: Apache-like Group: Libraries Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz -# Source0-md5: de62b43dfcd858e66a74bee1c834e959 +# Source0-md5: 8d6d684a9430d5cc98a62a5d8fbda8cf Source2: %{name}.1.pl Source3: %{name}-ssl-certificate.sh Source4: %{name}-c_rehash.sh @@ -34,16 +34,12 @@ Patch5: %{name}-asflag.patch Patch6: %{name}-ca-certificates.patch Patch7: %{name}-ldflags.patch Patch8: %{name}-find.patch -Patch9: %{name}-pod.patch # from debian Patch10: default_bits.patch Patch11: pic.patch Patch12: stddef.patch -# from upstream -Patch13: %{name}-fix_use_after_free.patch - URL: http://www.openssl.org/ BuildRequires: bc BuildRequires: perl-devel >= 1:5.6.1 @@ -259,14 +255,11 @@ RC4, RSA и SSL. Включает статические библиотеки д %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 -%patch13 -p1 - sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure %build -- 2.43.0