[Pkg-openssl-changes] r561 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Thu Apr 19 18:41:44 UTC 2012
Author: kroeckx
Date: 2012-04-19 18:41:44 +0000 (Thu, 19 Apr 2012)
New Revision: 561
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
Log:
update CVE-2012-0884 patch to include detecting symmetric crypto errors in PKCS7_decrypt
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2012-04-19 18:36:15 UTC (rev 560)
+++ openssl/branches/squeeze/debian/changelog 2012-04-19 18:41:44 UTC (rev 561)
@@ -1,6 +1,8 @@
openssl (0.9.8o-4squeeze10) squeeze-security; urgency=low
* Fix CVE-2012-2110
+ * update CVE-2012-0884 patch to include detecting symmetric crypto errors
+ in PKCS7_decrypt
-- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Apr 2012 20:30:38 +0200
Modified: openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch 2012-04-19 18:36:15 UTC (rev 560)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch 2012-04-19 18:41:44 UTC (rev 561)
@@ -1,4 +1,3 @@
-index 7407ae1..b8c0ee8 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -226,6 +226,8 @@ int MAIN(int argc, char **argv)
@@ -19,7 +18,6 @@
if (secret_key)
{
-index 25f8874..75e3be0 100644
--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
@@ -30,7 +28,6 @@
const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-index bab2623..580083b 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
@@ -126,7 +123,6 @@
if (ok)
return b;
BIO_free(b);
-index d499ae8..b8685fa 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
@@ -155,7 +151,6 @@
err:
if (!ret && ek)
-index 7d60fac..ce65d6e 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
@@ -167,7 +162,6 @@
};
struct CMS_RecipientInfo_st
-index f35883a..2be07c2 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
@@ -239,7 +233,6 @@
cont = CMS_dataInit(cms, dcont);
if (!cont)
return 0;
-index c8f1eb1..8b3024e 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -420,6 +420,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
@@ -364,3 +357,39 @@
if (out == NULL)
out=etmp;
else
+--- a/crypto/pkcs7/pk7_smime.c 2009/03/15 13:36:01 1.24.2.9
++++ b/crypto/pkcs7/pk7_smime.c 2012/02/27 15:23:20 1.24.2.10
+@@ -486,15 +486,30 @@
+ return 0;
+ }
+ ret = SMIME_text(bread, data);
++ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++ {
++ if (!BIO_get_cipher_status(tmpmem))
++ ret = 0;
++ }
+ BIO_free_all(bread);
+ return ret;
+ } else {
+ for(;;) {
+ i = BIO_read(tmpmem, buf, sizeof(buf));
+- if(i <= 0) break;
++ if(i <= 0)
++ {
++ ret = 1;
++ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++ {
++ if (!BIO_get_cipher_status(tmpmem))
++ ret = 0;
++ }
++
++ break;
++ }
+ BIO_write(data, buf, i);
+ }
+ BIO_free_all(tmpmem);
+- return 1;
++ return ret;
+ }
+ }
+
More information about the Pkg-openssl-changes
mailing list