diff options
| author | ghen <ghen@pkgsrc.org> | 2006-09-07 11:32:00 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2006-09-07 11:32:00 +0000 |
| commit | 14108d01559e30c5fb08146a2dff6f138afe93ec (patch) | |
| tree | a308cd468b9fe18e807432933a9acaf740d6abd2 | |
| parent | 99eff6c2e25577e9a6a26cd1089b9b0ba9a871c1 (diff) | |
| download | pkgsrc-14108d01559e30c5fb08146a2dff6f138afe93ec.tar.gz | |
Pullup ticket 1817 - requested by adrianp
security fix for openssl
Revisions pulled up:
- pkgsrc/security/openssl/Makefile 1.116
- pkgsrc/security/openssl/distinfo 1.52
- pkgsrc/security/openssl/patches/patch-am 1.3
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Sep 7 09:44:31 UTC 2006
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-am
Log Message:
Add a patch to address CVE-2006-4339
| -rw-r--r-- | security/openssl/Makefile | 4 | ||||
| -rw-r--r-- | security/openssl/distinfo | 3 | ||||
| -rw-r--r-- | security/openssl/patches/patch-am | 28 |
3 files changed, 32 insertions, 3 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index bfcc645694f..fc06767687c 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.115 2006/03/14 16:00:42 jlam Exp $ +# $NetBSD: Makefile,v 1.115.4.1 2006/09/07 11:32:00 ghen Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty @@ -24,7 +24,7 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ . endif .endif -PKGREVISION= 1 +PKGREVISION= 2 SVR4_PKGNAME= ossl CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/security/openssl/distinfo b/security/openssl/distinfo index e7895905f26..9eaa3f2cf06 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.51 2006/06/13 12:00:43 joerg Exp $ +$NetBSD: distinfo,v 1.51.2.1 2006/09/07 11:32:00 ghen Exp $ SHA1 (openssl-0.9.7i.tar.gz) = 4c23925744d43272fa19615454da44e01465eb06 RMD160 (openssl-0.9.7i.tar.gz) = 0dce52c5793a0c37f17b620f7d26bbf9e4fcf755 @@ -10,3 +10,4 @@ SHA1 (patch-ae) = cb3ce622ef9efc4098d57b10059e5424272520c8 SHA1 (patch-af) = e8a9d803d362658e0db3f044b35794b2084b7667 SHA1 (patch-ak) = 7f9960a97cbe83c381c2a4565ca3a6e4e661bf54 SHA1 (patch-al) = 64fd0be6adf30821b4c4bba3c9088c6dcbff3ba7 +SHA1 (patch-am) = 209aad896f976e5acc9bf66f5e3fdf6193d2ff3d diff --git a/security/openssl/patches/patch-am b/security/openssl/patches/patch-am new file mode 100644 index 00000000000..1d3ea217025 --- /dev/null +++ b/security/openssl/patches/patch-am @@ -0,0 +1,28 @@ +$NetBSD: patch-am,v 1.2.22.1 2006/09/07 11:32:01 ghen Exp $ + +--- crypto/rsa/rsa_sign.c.orig 2004-12-05 01:04:42.000000000 +0000 ++++ crypto/rsa/rsa_sign.c +@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned + sig=d2i_X509_SIG(NULL,&p,(long)i); + + if (sig == NULL) goto err; ++ ++ /* Excess data can be used to create forgeries */ ++ if(p != s+i) ++ { ++ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); ++ goto err; ++ } ++ ++ /* Parameters to the signature algorithm can also be used to ++ create forgeries */ ++ if(sig->algor->parameter ++ && sig->algor->parameter->type != V_ASN1_NULL) ++ { ++ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); ++ goto err; ++ } ++ + sigtype=OBJ_obj2nid(sig->algor->algorithm); + + |