From 071cb9bc6e6a20d6edb792f285595ae0a3aa1c1b Mon Sep 17 00:00:00 2001 From: Tomáš Mráz Date: Jun 02 2010 09:03:07 +0000 Subject: - fix CVE-2010-0742 - set UTC timezone on pod2man run (#578842) --- diff --git a/openssl-0.9.8n-cve-2010-0742.patch b/openssl-0.9.8n-cve-2010-0742.patch new file mode 100644 index 0000000..58291b9 --- /dev/null +++ b/openssl-0.9.8n-cve-2010-0742.patch @@ -0,0 +1,14 @@ +diff -up openssl-0.9.8n/crypto/cms/cms_asn1.c.originfo openssl-0.9.8n/crypto/cms/cms_asn1.c +--- openssl-0.9.8n/crypto/cms/cms_asn1.c.originfo 2008-04-04 01:03:44.000000000 +0200 ++++ openssl-0.9.8n/crypto/cms/cms_asn1.c 2010-06-02 10:56:41.000000000 +0200 +@@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { + } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) + + ASN1_SEQUENCE(CMS_OriginatorInfo) = { +- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), +- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) ++ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), ++ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) + } ASN1_SEQUENCE_END(CMS_OriginatorInfo) + + ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { diff --git a/openssl-1.0.0-timezone.patch b/openssl-1.0.0-timezone.patch new file mode 100644 index 0000000..b1d6682 --- /dev/null +++ b/openssl-1.0.0-timezone.patch @@ -0,0 +1,21 @@ +diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org +--- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200 ++++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200 +@@ -609,7 +609,7 @@ install_docs: + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +- sh -c "$$pod2man \ ++ sh -c "TZ=UTC $$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ +@@ -626,7 +626,7 @@ install_docs: + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +- sh -c "$$pod2man \ ++ sh -c "TZ=UTC $$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ diff --git a/openssl.spec b/openssl.spec index 0364448..a9cc594 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 0.9.8n -Release: 1%{?dist} +Release: 2%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -42,6 +42,7 @@ Patch4: openssl-0.9.8m-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch Patch7: openssl-0.9.8k-shlib-version.patch +Patch8: openssl-1.0.0-timezone.patch # Bug fixes Patch22: openssl-0.9.8k-x509-name-cmp.patch Patch23: openssl-0.9.8m-default-paths.patch @@ -64,6 +65,7 @@ Patch49: openssl-0.9.8j-fips-no-pairwise.patch Patch50: openssl-0.9.8j-fips-rng-seed.patch Patch51: openssl-0.9.8m-multi-crl.patch # Backported fixes including security fixes +Patch60: openssl-0.9.8n-cve-2010-0742.patch License: OpenSSL Group: System Environment/Libraries @@ -125,6 +127,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost %patch7 -p1 -b .shlib-version +%patch8 -p1 -b .timezone %patch22 -p1 -b .name-cmp %patch23 -p1 -b .default-paths @@ -147,6 +150,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch50 -p1 -b .rng-seed %patch51 -p1 -b .multi-crl +%patch60 -p1 -b .originfo # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -404,6 +408,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Wed Jun 2 2010 Tomas Mraz 0.9.8n-2 +- fix CVE-2010-0742 +- set UTC timezone on pod2man run (#578842) + * Thu Mar 25 2010 Tomas Mraz 0.9.8n-1 - fix CVE-2010-0740