Mail archive
alpine-aports

[alpine-aports] [PATCH v2] main/openssl: fix for CVE-2016-2180

From: Daniel Sabogal <dsabogalcc_at_gmail.com>
Date: Fri, 2 Sep 2016 21:24:32 -0400

---
 main/openssl/APKBUILD            | 12 ++++++++----
 main/openssl/CVE-2016-2180.patch | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 main/openssl/CVE-2016-2180.patch
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 90e8986..81159a8 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
_at_@ -1,7 +1,7 @@
 # Maintainer: Timo Teras <timo.teras_at_iki.fi>
 pkgname=openssl
 pkgver=1.0.2h
-pkgrel=1
+pkgrel=2
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
 depends=
_at_@ -29,6 +29,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
 	1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 	CVE-2016-2177.patch
 	CVE-2016-2178.patch
+	CVE-2016-2180.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
_at_@ -130,7 +131,8 @@ ed6e779e9799aeb7e029929a5719e631  0005-fix-parallel-build.patch
 aa16c89b283faf0fe546e3f897279c44  1002-backport-changes-from-upstream-padlock-module.patch
 57cca845e22c178c3b317010be56edf0  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 1accc0880b6e95726ea9f668808cd8ba  CVE-2016-2177.patch
-5c8e962b3d7e0082c1af432f6d0ad221  CVE-2016-2178.patch"
+5c8e962b3d7e0082c1af432f6d0ad221  CVE-2016-2178.patch
+6d2276c87a17ae8615b47a1dea306d41  CVE-2016-2180.patch"
 sha256sums="1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919  openssl-1.0.2h.tar.gz
 b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400  0002-busybox-basename.patch
 c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd  0003-use-termios.patch
_at_@ -145,7 +147,8 @@ fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f  0010-ssl-env-z
 aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260  1002-backport-changes-from-upstream-padlock-module.patch
 c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 e321860623758c8a98b15dfa0b4671244e2cff34b5c62a489c43437d1053ed06  CVE-2016-2177.patch
-7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e  CVE-2016-2178.patch"
+7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e  CVE-2016-2178.patch
+fa906541a97bf0dbb1faa600055e28a1515b073f8c2b607edbcbbb53bdd97c99  CVE-2016-2180.patch"
 sha512sums="780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303  openssl-1.0.2h.tar.gz
 2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c  0002-busybox-basename.patch
 58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4  0003-use-termios.patch
_at_@ -160,4 +163,5 @@ fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aac
 a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389  1002-backport-changes-from-upstream-padlock-module.patch
 6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 6e149213d1c4cbab06e0aedeb04562f96c1430e6e8f9b9836ff4ddd79da361db2bcfbdf83f6615369e8feaaefecfc0dc5f9cee3b56c2eeeca57233a2daf25d2c  CVE-2016-2177.patch
-9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b  CVE-2016-2178.patch"
+9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b  CVE-2016-2178.patch
+6c330a4a204311b21c0319de4fae7ff99819d462313cb36b4486d3e322d1d7c6393392308ff6c9f7b5a7c070584be46de232a940626ff979db88656299c87d48  CVE-2016-2180.patch"
diff --git a/main/openssl/CVE-2016-2180.patch b/main/openssl/CVE-2016-2180.patch
new file mode 100644
index 0000000..4974b6d
--- /dev/null
+++ b/main/openssl/CVE-2016-2180.patch
_at_@ -0,0 +1,38 @@
+From 0ed26acce328ec16a3aa635f1ca37365e8c7403a Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve_at_openssl.org>
+Date: Thu, 21 Jul 2016 15:24:16 +0100
+Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio().
+
+TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
+as a null terminated buffer. The length value returned is the total
+length the complete text reprsentation would need not the amount of
+data written.
+
+CVE-2016-2180
+
+Thanks to Shi Lei for reporting this bug.
+
+Reviewed-by: Matt Caswell <matt_at_openssl.org>
+---
+ crypto/ts/ts_lib.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
+index bde1bd7..e18f1f3 100644
+--- a/crypto/ts/ts_lib.c
++++ b/crypto/ts/ts_lib.c
+_at_@ -40,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+ {
+     char obj_txt[128];
+ 
+-    int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+-    BIO_write(bio, obj_txt, len);
+-    BIO_write(bio, "\n", 1);
++    OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
++    BIO_printf(bio, "%s\n", obj_txt);
+ 
+     return 1;
+ }
+-- 
+2.9.3
+
-- 
2.9.3
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Sep 02 2016 - 21:24:32 GMT