[Pkg-openssl-changes] r561 - in openssl/branches/squeeze/debian: . patches

Kurt Roeckx kroeckx at alioth.debian.org
Thu Apr 19 18:41:44 UTC 2012


Author: kroeckx
Date: 2012-04-19 18:41:44 +0000 (Thu, 19 Apr 2012)
New Revision: 561

Modified:
   openssl/branches/squeeze/debian/changelog
   openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
Log:
update CVE-2012-0884 patch to include detecting symmetric crypto errors in PKCS7_decrypt


Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog	2012-04-19 18:36:15 UTC (rev 560)
+++ openssl/branches/squeeze/debian/changelog	2012-04-19 18:41:44 UTC (rev 561)
@@ -1,6 +1,8 @@
 openssl (0.9.8o-4squeeze10) squeeze-security; urgency=low
 
   * Fix CVE-2012-2110
+  * update CVE-2012-0884 patch to include detecting symmetric crypto errors
+    in PKCS7_decrypt
 
  -- Kurt Roeckx <kurt at roeckx.be>  Thu, 19 Apr 2012 20:30:38 +0200
 

Modified: openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch	2012-04-19 18:36:15 UTC (rev 560)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch	2012-04-19 18:41:44 UTC (rev 561)
@@ -1,4 +1,3 @@
-index 7407ae1..b8c0ee8 100644
 --- a/apps/cms.c
 +++ b/apps/cms.c
 @@ -226,6 +226,8 @@ int MAIN(int argc, char **argv)
@@ -19,7 +18,6 @@
  
  		if (secret_key)
  			{
-index 25f8874..75e3be0 100644
 --- a/crypto/cms/cms.h
 +++ b/crypto/cms/cms.h
 @@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
@@ -30,7 +28,6 @@
  
  const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
  
-index bab2623..580083b 100644
 --- a/crypto/cms/cms_enc.c
 +++ b/crypto/cms/cms_enc.c
 @@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
@@ -126,7 +123,6 @@
  	if (ok)
  		return b;
  	BIO_free(b);
-index d499ae8..b8685fa 100644
 --- a/crypto/cms/cms_env.c
 +++ b/crypto/cms/cms_env.c
 @@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
@@ -155,7 +151,6 @@
  
  	err:
  	if (!ret && ek)
-index 7d60fac..ce65d6e 100644
 --- a/crypto/cms/cms_lcl.h
 +++ b/crypto/cms/cms_lcl.h
 @@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
@@ -167,7 +162,6 @@
  	};
  
  struct CMS_RecipientInfo_st
-index f35883a..2be07c2 100644
 --- a/crypto/cms/cms_smime.c
 +++ b/crypto/cms/cms_smime.c
 @@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
@@ -239,7 +233,6 @@
  	cont = CMS_dataInit(cms, dcont);
  	if (!cont)
  		return 0;
-index c8f1eb1..8b3024e 100644
 --- a/crypto/pkcs7/pk7_doit.c
 +++ b/crypto/pkcs7/pk7_doit.c
 @@ -420,6 +420,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
@@ -364,3 +357,39 @@
  		if (out == NULL)
  			out=etmp;
  		else
+--- a/crypto/pkcs7/pk7_smime.c	2009/03/15 13:36:01	1.24.2.9
++++ b/crypto/pkcs7/pk7_smime.c	2012/02/27 15:23:20	1.24.2.10
+@@ -486,15 +486,30 @@
+ 			return 0;
+ 		}
+ 		ret = SMIME_text(bread, data);
++		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++			{
++			if (!BIO_get_cipher_status(tmpmem))
++				ret = 0;
++			}
+ 		BIO_free_all(bread);
+ 		return ret;
+ 	} else {
+ 		for(;;) {
+ 			i = BIO_read(tmpmem, buf, sizeof(buf));
+-			if(i <= 0) break;
++			if(i <= 0)
++				{
++				ret = 1;
++				if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
++					{
++					if (!BIO_get_cipher_status(tmpmem))
++						ret = 0;
++					}
++					
++				break;
++				}
+ 			BIO_write(data, buf, i);
+ 		}
+ 		BIO_free_all(tmpmem);
+-		return 1;
++		return ret;
+ 	}
+ }
+




More information about the Pkg-openssl-changes mailing list