packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!162 backport upstream patches

Browse Source 
From: @extinctfire 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
This commit is contained in:
openeuler-ci-bot 2022-10-31 02:33:48 +00:00 committed by Gitee
commit 88df22c044
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 115 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
backport-Backport-a-missing-bug-fix-from-master.patch Normal file
View File

@ -0,0 +1,65 @@
From 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu, 19 May 2022 15:50:28 +0200
Subject: [PATCH] Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
---
crypto/x509v3/v3_sxnet.c | 18 +++++++++++++++---
1 files changed, 15 insertions(+), 3 deletions(-)
create mode 100644 fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index 89cda01be2..0648553ae3 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
int indent)
{
- long v;
+ int64_t v;
char *tmp;
SXNETID *id;
int i;
- v = ASN1_INTEGER_get(sx->version);
- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+
+ /*
+ * Since we add 1 to the version number to display it, we don't support
+ * LONG_MAX since that would cause on overflow.
+ */
+ if (!ASN1_INTEGER_get_int64(&v, sx->version)
+ || v >= LONG_MAX
+ || v < LONG_MIN) {
+ BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
+ } else {
+ long vl = (long)v;
+
+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
+ }
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
--
2.38.1.windows.1

44
backport-Prevent-crash-with-engine-using-different-openssl-ru.patch Normal file
View File

@ -0,0 +1,44 @@
From 38ac4415a9cc4cca307c866e5fc548b889fe2bb6 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 22 Nov 2021 21:50:04 +0100
Subject: [PATCH] Prevent crash with engine using different openssl runtime
This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.
Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.
Fixes #15898
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
---
include/openssl/engine.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 0780f0fb5f..756751c6d3 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
fns->mem_fns.realloc_fn, \
fns->mem_fns.free_fn); \
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
skip_cbs: \
if (!fn(e, id)) return 0; \
return 1; }
--
2.38.1.windows.1

7
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl Name: openssl
Epoch: 1 Epoch: 1
Version: 1.1.1m Version: 1.1.1m
Release: 13 Release: 14
Summary: Cryptography and SSL/TLS Toolkit Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay License: OpenSSL and SSLeay
URL: https://www.openssl.org/ URL: https://www.openssl.org/
@ -37,6 +37,8 @@ Patch26: Feature-Support-TLCP-protocol.patch
Patch27: Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch Patch27: Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
Patch28: Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch Patch28: Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch
Patch29: backport-Update-further-expiring-certificates-that-affect-tes.patch Patch29: backport-Update-further-expiring-certificates-that-affect-tes.patch
Patch30: backport-Backport-a-missing-bug-fix-from-master.patch
Patch31: backport-Prevent-crash-with-engine-using-different-openssl-ru.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -239,6 +241,9 @@ make test || :
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Fri Oct 28 2022 ExtinctFire <shenyining_00@126.com> - 1:1.1.1m-14
- backport upstream patches
* Fri Oct 28 2022 zhujianwei <zhujianwei7@huawei.com> - 1:1.1.1m-13 * Fri Oct 28 2022 zhujianwei <zhujianwei7@huawei.com> - 1:1.1.1m-13
- update further expiring certificates - update further expiring certificates