From ecfc04f3961ec4ffa2c972bd72253ba1a03a3c1e Mon Sep 17 00:00:00 2001 From: Daniel Sabogal Date: Fri, 2 Sep 2016 21:24:32 -0400 Subject: main/openssl: fix for CVE-2016-2180 --- main/openssl/APKBUILD | 12 ++++++++---- main/openssl/CVE-2016-2180.patch | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 main/openssl/CVE-2016-2180.patch diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 90e8986b912..81159a8fc02 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teras pkgname=openssl pkgver=1.0.2h -pkgrel=1 +pkgrel=2 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -29,6 +29,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch CVE-2016-2177.patch CVE-2016-2178.patch + CVE-2016-2180.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -130,7 +131,8 @@ ed6e779e9799aeb7e029929a5719e631 0005-fix-parallel-build.patch aa16c89b283faf0fe546e3f897279c44 1002-backport-changes-from-upstream-padlock-module.patch 57cca845e22c178c3b317010be56edf0 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 1accc0880b6e95726ea9f668808cd8ba CVE-2016-2177.patch -5c8e962b3d7e0082c1af432f6d0ad221 CVE-2016-2178.patch" +5c8e962b3d7e0082c1af432f6d0ad221 CVE-2016-2178.patch +6d2276c87a17ae8615b47a1dea306d41 CVE-2016-2180.patch" sha256sums="1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 openssl-1.0.2h.tar.gz b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400 0002-busybox-basename.patch c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd 0003-use-termios.patch @@ -145,7 +147,8 @@ fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f 0010-ssl-env-z aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 1002-backport-changes-from-upstream-padlock-module.patch c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch e321860623758c8a98b15dfa0b4671244e2cff34b5c62a489c43437d1053ed06 CVE-2016-2177.patch -7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e CVE-2016-2178.patch" +7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e CVE-2016-2178.patch +fa906541a97bf0dbb1faa600055e28a1515b073f8c2b607edbcbbb53bdd97c99 CVE-2016-2180.patch" sha512sums="780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 openssl-1.0.2h.tar.gz 2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch 58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch @@ -160,4 +163,5 @@ fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aac a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch 6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 6e149213d1c4cbab06e0aedeb04562f96c1430e6e8f9b9836ff4ddd79da361db2bcfbdf83f6615369e8feaaefecfc0dc5f9cee3b56c2eeeca57233a2daf25d2c CVE-2016-2177.patch -9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b CVE-2016-2178.patch" +9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b CVE-2016-2178.patch +6c330a4a204311b21c0319de4fae7ff99819d462313cb36b4486d3e322d1d7c6393392308ff6c9f7b5a7c070584be46de232a940626ff979db88656299c87d48 CVE-2016-2180.patch" diff --git a/main/openssl/CVE-2016-2180.patch b/main/openssl/CVE-2016-2180.patch new file mode 100644 index 00000000000..4974b6d4fae --- /dev/null +++ b/main/openssl/CVE-2016-2180.patch @@ -0,0 +1,38 @@ +From 0ed26acce328ec16a3aa635f1ca37365e8c7403a Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Thu, 21 Jul 2016 15:24:16 +0100 +Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio(). + +TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result +as a null terminated buffer. The length value returned is the total +length the complete text reprsentation would need not the amount of +data written. + +CVE-2016-2180 + +Thanks to Shi Lei for reporting this bug. + +Reviewed-by: Matt Caswell +--- + crypto/ts/ts_lib.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c +index bde1bd7..e18f1f3 100644 +--- a/crypto/ts/ts_lib.c ++++ b/crypto/ts/ts_lib.c +@@ -40,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) + { + char obj_txt[128]; + +- int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); +- BIO_write(bio, obj_txt, len); +- BIO_write(bio, "\n", 1); ++ OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); ++ BIO_printf(bio, "%s\n", obj_txt); + + return 1; + } +-- +2.9.3 + -- cgit v1.2.3