Update openssl pacakge to 0.9.8s.
OpenSSL CHANGES
_______________
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
of the Vaudenay padding oracle attack on CBC mode encryption
which enables an efficient plaintext recovery attack against
the OpenSSL implementation of DTLS. Their attack exploits timing
differences arising during decryption processing. A research
paper describing this attack can be found at:
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
<seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
for preparing the fix. (CVE-2011-4108)
[Robin Seggelmann, Michael Tuexen]
*) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
[Ben Laurie, Kasper <ekasper@google.com>]
*) Clear bytes used for block padding of SSL 3.0 records.
(CVE-2011-4576)
[Adam Langley (Google)]
*) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
[Adam Langley (Google)]
*) Prevent malformed RFC3779 data triggering an assertion failure.
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
[Rob Austein <sra@hactrn.net>]
*) Fix ssl_ciph.c set-up race.
[Adam Langley (Google)]
*) Fix spurious failures in ecdsatest.c.
[Emilia Käóper (Google)]
*) Fix the BIO_f_buffer() implementation (which was mixing different
interpretations of the '..._len' fields).
[Adam Langley (Google)]
*) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
threads won't reuse the same blinding coefficients.
This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
lock to call BN_BLINDING_invert_ex, and avoids one use of
BN_BLINDING_update for each BN_BLINDING structure (previously,
the last update always remained unused).
[Emilia Käóper (Google)]
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH.
[Adam Langley (Google)]
*) Fix x509_name_ex_d2i memory leak on bad inputs.
[Bodo Moeller]
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]
Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
*) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
[Neel Mehta, Adam Langley, Bodo Moeller (Google)]
*) Fix bug in string printing code: if *any* escaping is enabled we must
escape the escape character (backslash) or the resulting string is
ambiguous.
[Steve Henson]
Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
*) Disable code workaround for ancient and obsolete Netscape browsers
and servers: an attacker can use it in a ciphersuite downgrade attack.
Thanks to Martin Rex for discovering this bug. CVE-2010-4180
[Steve Henson]
*) Fixed J-PAKE implementation error, originally discovered by
Sebastien Martini, further info and confirmation from Stefan
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
[Ben Laurie]
This commit is contained in:
taca
parent
e82c4a07bf
commit
dc906c9390
4 changed files with 6 additions and 67 deletions
|
|
@ -1,8 +1,8 @@
|
|||
# $NetBSD: Makefile,v 1.158 2011/11/02 22:51:07 jnemeth Exp $
|
||||
# $NetBSD: Makefile,v 1.159 2012/01/06 03:26:23 taca Exp $
|
||||
|
||||
OPENSSL_SNAPSHOT?= # empty
|
||||
OPENSSL_STABLE?= # empty
|
||||
OPENSSL_VERS?= 0.9.8q
|
||||
OPENSSL_VERS?= 0.9.8s
|
||||
|
||||
.if empty(OPENSSL_SNAPSHOT)
|
||||
DISTNAME= openssl-${OPENSSL_VERS}
|
||||
|
|
@ -22,7 +22,6 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/
|
|||
.endif
|
||||
|
||||
SVR4_PKGNAME= ossl
|
||||
PKGREVISION= 3
|
||||
CATEGORIES= security
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
HOMEPAGE= http://www.openssl.org/
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
$NetBSD: distinfo,v 1.82 2011/07/04 14:42:56 tez Exp $
|
||||
$NetBSD: distinfo,v 1.83 2012/01/06 03:26:23 taca Exp $
|
||||
|
||||
SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d
|
||||
RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450
|
||||
Size (openssl-0.9.8q.tar.gz) = 3773961 bytes
|
||||
SHA1 (openssl-0.9.8s.tar.gz) = a7410b0991f37e125bf835dfd1315822fca64d56
|
||||
RMD160 (openssl-0.9.8s.tar.gz) = 61c98766dfca33e4a60c1e13196bc32c1c65930a
|
||||
Size (openssl-0.9.8s.tar.gz) = 3779406 bytes
|
||||
SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1
|
||||
SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
|
||||
SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
|
||||
|
|
@ -11,5 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
|
|||
SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
|
||||
SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
|
||||
SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
|
||||
SHA1 (patch-crypto_ecdsa_ecs__ossl.c) = d5eeefca9df411d7478f731809133dea8f1978f5
|
||||
SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
$NetBSD: patch-crypto_ecdsa_ecs__ossl.c,v 1.2 2011/07/04 14:42:57 tez Exp $
|
||||
|
||||
Add protection against ECDSA timing attacks as mentioned in the paper
|
||||
by Billy Bob Brumley and Nicola Tuveri, see:
|
||||
http://eprint.iacr.org/2011/232.pdf
|
||||
[Billy Bob Brumley and Nicola Tuveri]
|
||||
|
||||
#ifdef conditional removed per
|
||||
http://www.mail-archive.com/openssl-dev@openssl.org/msg29283.html
|
||||
|
||||
--- crypto/ecdsa/ecs_ossl.c.orig 2009-12-01 11:32:16.000000000 -0600
|
||||
+++ crypto/ecdsa/ecs_ossl.c 2011-06-03 10:10:10.161291300 -0500
|
||||
@@ -144,6 +144,14 @@
|
||||
}
|
||||
while (BN_is_zero(k));
|
||||
|
||||
+ /* We do not want timing information to leak the length of k,
|
||||
+ * so we compute G*k using an equivalent scalar of fixed
|
||||
+ * bit-length. */
|
||||
+
|
||||
+ if (!BN_add(k, k, order)) goto err;
|
||||
+ if (BN_num_bits(k) <= BN_num_bits(order))
|
||||
+ if (!BN_add(k, k, order)) goto err;
|
||||
+
|
||||
/* compute r the x-coordinate of generator * k */
|
||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
|
||||
{
|
||||
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
$NetBSD: patch-ssl_t1__lib.c,v 1.1 2011/02/09 00:15:30 taca Exp $
|
||||
|
||||
Fix for security issue CVE-2011-0014.
|
||||
|
||||
--- ssl/t1_lib.c.orig 2010-11-16 14:26:18.000000000 +0000
|
||||
+++ ssl/t1_lib.c
|
||||
@@ -521,6 +521,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
|
||||
}
|
||||
n2s(data, idsize);
|
||||
dsize -= 2 + idsize;
|
||||
+ size -= 2 + idsize;
|
||||
if (dsize < 0)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
@@ -559,9 +560,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
|
||||
}
|
||||
|
||||
/* Read in request_extensions */
|
||||
+ if (size < 2)
|
||||
+ {
|
||||
+ *al = SSL_AD_DECODE_ERROR;
|
||||
+ return 0;
|
||||
+ }
|
||||
n2s(data,dsize);
|
||||
size -= 2;
|
||||
- if (dsize > size)
|
||||
+ if (dsize != size)
|
||||
{
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
Loading…
Reference in a new issue