!162 backport upstream patches

From: @extinctfire Reviewed-by: @zcfsite Signed-off-by: @zcfsite
2022-10-31 02:33:48 +00:00 · 2022-10-31 02:33:48 +00:00 · 88df22c044
commit 88df22c044
parent ccdb481845 bd60fc6d43
3 changed files with 115 additions and 1 deletions
--- a/backport-Backport-a-missing-bug-fix-from-master.patch
+++ b/backport-Backport-a-missing-bug-fix-from-master.patch
@ -0,0 +1,65 @@
+From 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Thu, 19 May 2022 15:50:28 +0200
+Subject: [PATCH] Backport a missing bug-fix from master
+
+This is a backport of the following commit from master:
+
+commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
+Author: Matt Caswell <matt@openssl.org>
+Date:   Thu Nov 19 13:58:21 2020 +0000
+
+    Don't Overflow when printing Thawte Strong Extranet Version
+
+    When printing human readable info on the Thawte Strong Extranet extension
+    the version number could overflow if the version number == LONG_MAX. This
+    is undefined behaviour.
+
+    Issue found by OSSFuzz.
+
+    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+    (Merged from https://github.com/openssl/openssl/pull/13452)
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18347)
+---
+ crypto/x509v3/v3_sxnet.c                      |  18 +++++++++++++++---
+ 1 files changed, 15 insertions(+), 3 deletions(-)
+ create mode 100644 fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28
+
+diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
+index 89cda01be2..0648553ae3 100644
+--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
+@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                      int indent)
+ {
+-    long v;
+    int64_t v;
+     char *tmp;
+     SXNETID *id;
+     int i;
+-    v = ASN1_INTEGER_get(sx->version);
+-    BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+
+    /*
+     * Since we add 1 to the version number to display it, we don't support
+     * LONG_MAX since that would cause on overflow.
+     */
+    if (!ASN1_INTEGER_get_int64(&v, sx->version)
+            || v >= LONG_MAX
+            || v < LONG_MIN) {
+        BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
+    } else {
+        long vl = (long)v;
+
+        BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
+    }
+     for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+         id = sk_SXNETID_value(sx->ids, i);
+         tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+-- 
+2.38.1.windows.1
+
--- a/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch
+++ b/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch
@ -0,0 +1,44 @@
+From 38ac4415a9cc4cca307c866e5fc548b889fe2bb6 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Mon, 22 Nov 2021 21:50:04 +0100
+Subject: [PATCH] Prevent crash with engine using different openssl runtime
+
+This problem happens usually because an application
+links libcrypto and/or libssl statically which
+installs an atexit handler, but later an engine using
+a shared instance of libcrypto is installed.
+The problem is in simple words that both instances
+of libcrypto have an atexit handler installed,
+but both are unable to coordinate with each other,
+which causes a crash, typically a use-after-free
+in the engine's destroy function.
+
+Work around that by preventing the engine's
+libcrypto to install the atexit handler.
+This may result in a small memory leak, but that
+memory is still reachable.
+
+Fixes #15898
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17541)
+---
+ include/openssl/engine.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/openssl/engine.h b/include/openssl/engine.h
+index 0780f0fb5f..756751c6d3 100644
+--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
+@@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+             CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
+                                      fns->mem_fns.realloc_fn, \
+                                      fns->mem_fns.free_fn); \
+            OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
+         skip_cbs: \
+             if (!fn(e, id)) return 0; \
+             return 1; }
+-- 
+2.38.1.windows.1
+
--- a/openssl.spec
+++ b/openssl.spec
@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     13
+Release:     14
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@ -37,6 +37,8 @@ Patch26:     Feature-Support-TLCP-protocol.patch
 Patch27:     Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
 Patch28:     Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch
 Patch29:     backport-Update-further-expiring-certificates-that-affect-tes.patch
+Patch30:     backport-Backport-a-missing-bug-fix-from-master.patch
+Patch31:     backport-Prevent-crash-with-engine-using-different-openssl-ru.patch

 BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -239,6 +241,9 @@ make test || :
 %ldconfig_scriptlets libs

 %changelog
+* Fri Oct 28 2022 ExtinctFire <shenyining_00@126.com> - 1:1.1.1m-14
+- backport upstream patches
+
 * Fri Oct 28 2022 zhujianwei <zhujianwei7@huawei.com> - 1:1.1.1m-13
 - update further expiring certificates