diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2015-03-04 07:34:28 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-03-04 07:34:28 +0000 |
| commit | ecda8c9d0af5f1caa9c357cfd0b2317caa4a3e14 (patch) | |
| tree | 5e2e0b016d58316bb9c29e4146144c2dbe1aa199 /dev-libs/openssl/files | |
| parent | Version bump (bug #540128). Removed old (diff) | |
| download | gentoo-2-ecda8c9d0af5f1caa9c357cfd0b2317caa4a3e14.tar.gz gentoo-2-ecda8c9d0af5f1caa9c357cfd0b2317caa4a3e14.tar.bz2 gentoo-2-ecda8c9d0af5f1caa9c357cfd0b2317caa4a3e14.zip | |
Add fix from upstream for CVE-2015-0209 #541502 by Agostino Sarubbo and CVE-2015-0288 #542038 by Kristian Fiskerstrand.
(Portage version: 2.2.17/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Diffstat (limited to 'dev-libs/openssl/files')
| -rw-r--r-- | dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch | 49 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch | 31 |
2 files changed, 80 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch new file mode 100644 index 000000000000..6d396b42bef5 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch @@ -0,0 +1,49 @@ +https://bugs.gentoo.org/541502 + +From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Mon, 9 Feb 2015 11:38:41 +0000 +Subject: [PATCH] Fix a failure to NULL a pointer freed on error. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> + +CVE-2015-0209 + +Reviewed-by: Emilia Käsper <emilia@openssl.org> +--- + crypto/ec/ec_asn1.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 30b7df4..d3e8316 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); + goto err; + } +- if (a) +- *a = ret; + } else + ret = *a; + +@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) + } + } + ++ if (a) ++ *a = ret; + ok = 1; + err: + if (!ok) { +- if (ret) ++ if (ret && (a == NULL || *a != ret)) + EC_KEY_free(ret); + ret = NULL; + } +-- +2.3.1 + diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch new file mode 100644 index 000000000000..a6a10b0a2ca1 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch @@ -0,0 +1,31 @@ +https://bugs.gentoo.org/542038 + +From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" <steve@openssl.org> +Date: Wed, 18 Feb 2015 00:34:59 +0000 +Subject: [PATCH] Check public key is not NULL. + +CVE-2015-0288 +PR#3708 + +Reviewed-by: Matt Caswell <matt@openssl.org> +--- + crypto/x509/x509_req.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c +index bc6e566..01795f4 100644 +--- a/crypto/x509/x509_req.c ++++ b/crypto/x509/x509_req.c +@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + goto err; + + pktmp = X509_get_pubkey(x); ++ if (pktmp == NULL) ++ goto err; + i = X509_REQ_set_pubkey(ret, pktmp); + EVP_PKEY_free(pktmp); + if (!i) +-- +2.3.1 + |