From 1404796880ab9701394284f8ec5b33c41da83b57 Mon Sep 17 00:00:00 2001 From: Imre Kaloz Date: Thu, 12 Nov 2009 10:39:10 +0000 Subject: [PATCH] update openssl to 0.9.8l -- thanks puchu SVN-Revision: 18398 --- package/openssl/Makefile | 6 +-- .../openssl/patches/900-CVE-2009-1377.patch | 53 +++++++++++++++++++ .../openssl/patches/900-CVE-2009-1378.patch | 24 +++++++++ .../openssl/patches/900-CVE-2009-1379.patch | 22 ++++++++ package/openssl/patches/901-remove_rej.patch | 20 +++++++ 5 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 package/openssl/patches/900-CVE-2009-1377.patch create mode 100644 package/openssl/patches/900-CVE-2009-1378.patch create mode 100644 package/openssl/patches/900-CVE-2009-1379.patch create mode 100644 package/openssl/patches/901-remove_rej.patch diff --git a/package/openssl/Makefile b/package/openssl/Makefile index e6788172d19..23695fcc2f8 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=0.9.8k -PKG_RELEASE:=2 +PKG_VERSION:=0.9.8l +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \ ftp://ftp.webmonster.de/pub/openssl/source/ \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=e555c6d58d276aec7fdc53363e338ab3 +PKG_MD5SUM:=05a0ece1372392a2cf310ebb96333025 PKG_BUILD_DEPENDS:=ocf-crypto-headers diff --git a/package/openssl/patches/900-CVE-2009-1377.patch b/package/openssl/patches/900-CVE-2009-1377.patch new file mode 100644 index 00000000000..cc5a19fb4e3 --- /dev/null +++ b/package/openssl/patches/900-CVE-2009-1377.patch @@ -0,0 +1,53 @@ +http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest + +Index: openssl/crypto/pqueue/pqueue.c +RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v +rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null +--- pqueue.c 2005/06/28 12:53:33 1.2.2.4 ++++ pqueue.c 2009/05/16 16:18:44 1.2.2.5 +@@ -234,3 +234,17 @@ + + return ret; + } ++ ++int ++pqueue_size(pqueue_s *pq) ++{ ++ pitem *item = pq->items; ++ int count = 0; ++ ++ while(item != NULL) ++ { ++ count++; ++ item = item->next; ++ } ++ return count; ++} +Index: openssl/crypto/pqueue/pqueue.h +RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v +rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null +--- pqueue.h 2005/05/30 22:34:27 1.2.2.1 ++++ pqueue.h 2009/05/16 16:18:44 1.2.2.2 +@@ -91,5 +91,6 @@ + pitem *pqueue_next(piterator *iter); + + void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); + + #endif /* ! HEADER_PQUEUE_H */ +Index: openssl/ssl/d1_pkt.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v +rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null +--- d1_pkt.c 2009/05/16 15:51:59 1.4.2.17 ++++ d1_pkt.c 2009/05/16 16:18:45 1.4.2.18 +@@ -167,6 +167,10 @@ + DTLS1_RECORD_DATA *rdata; + pitem *item; + ++ /* Limit the size of the queue to prevent DOS attacks */ ++ if (pqueue_size(queue->q) >= 100) ++ return 0; ++ + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); + item = pitem_new(priority, rdata); + if (rdata == NULL || item == NULL) diff --git a/package/openssl/patches/900-CVE-2009-1378.patch b/package/openssl/patches/900-CVE-2009-1378.patch new file mode 100644 index 00000000000..50f51cd8590 --- /dev/null +++ b/package/openssl/patches/900-CVE-2009-1378.patch @@ -0,0 +1,24 @@ +http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest + +Index: openssl/ssl/d1_both.c +=================================================================== +--- d1_both.c.orig ++++ d1_both.c +@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s, + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) + goto err; + +- if (msg_hdr->seq <= s->d1->handshake_read_seq) ++ /* Try to find item in queue, to prevent duplicate entries */ ++ pq_64bit_init(&seq64); ++ pq_64bit_assign_word(&seq64, msg_hdr->seq); ++ item = pqueue_find(s->d1->buffered_messages, seq64); ++ pq_64bit_free(&seq64); ++ ++ /* Discard the message if sequence number was already there, is ++ * too far in the future or the fragment is already in the queue */ ++ if (msg_hdr->seq <= s->d1->handshake_read_seq || ++ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) + { + unsigned char devnull [256]; + diff --git a/package/openssl/patches/900-CVE-2009-1379.patch b/package/openssl/patches/900-CVE-2009-1379.patch new file mode 100644 index 00000000000..70673243509 --- /dev/null +++ b/package/openssl/patches/900-CVE-2009-1379.patch @@ -0,0 +1,22 @@ +Index: openssl/ssl/d1_both.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v +rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null +--- d1_both.c 2009/04/22 12:17:02 1.14.2.6 ++++ d1_both.c 2009/05/13 11:51:30 1.14.2.7 +@@ -519,6 +519,7 @@ + + if ( s->d1->handshake_read_seq == frag->msg_header.seq) + { ++ unsigned long frag_len = frag->msg_header.frag_len; + pqueue_pop(s->d1->buffered_messages); + + al=dtls1_preprocess_fragment(s,&frag->msg_header,max); +@@ -536,7 +537,7 @@ + if (al==0) + { + *ok = 1; +- return frag->msg_header.frag_len; ++ return frag_len; + } + + ssl3_send_alert(s,SSL3_AL_FATAL,al); diff --git a/package/openssl/patches/901-remove_rej.patch b/package/openssl/patches/901-remove_rej.patch new file mode 100644 index 00000000000..a452c27049a --- /dev/null +++ b/package/openssl/patches/901-remove_rej.patch @@ -0,0 +1,20 @@ +diff -burN openssl-0.9.8l/Configure.rej openssl-0.9.8l.patched/Configure.rej +--- openssl-0.9.8l/Configure.rej 2009-11-05 13:07:06.000000000 +0100 ++++ openssl-0.9.8l.patched/Configure.rej 1970-01-01 01:00:00.000000000 +0100 +@@ -1,16 +0,0 @@ +-*************** +-*** 162,167 **** +- "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +- "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +- "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", +- "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +- "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +- "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +---- 162,168 ---- +- "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +- "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +- "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", +-+ "debug-ben-no-renegotiation", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DNO_RENEGOTIATION -g3 -O2 -pipe::(unknown)::::::", +- "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +- "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +- "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",