From 03ede0cf39c4fa283978580f90b42840c97460e3 Mon Sep 17 00:00:00 2001 From: steven Date: Wed, 18 Mar 2020 21:05:42 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=99=A4=E9=9B=B6?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- use-the-correct-maximum-indent.patch | 32 ++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 use-the-correct-maximum-indent.patch diff --git a/use-the-correct-maximum-indent.patch b/use-the-correct-maximum-indent.patch new file mode 100644 index 0000000..e0439b0 --- /dev/null +++ b/use-the-correct-maximum-indent.patch @@ -0,0 +1,32 @@ +From a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d Mon Sep 17 00:00:00 2001 +From: Kurt Roeckx +Date: Fri, 20 Sep 2019 20:26:42 +0200 +Subject: [PATCH] Use the correct maximum indent + +Found by OSS-Fuzz + +Reviewed-by: Richard Levitte +Reviewed-by: Paul Dale + +GH: #9959 +--- + crypto/bio/b_dump.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c +index e4ad3615f4..018c4acb27 100644 +--- a/crypto/bio/b_dump.c ++++ b/crypto/bio/b_dump.c +@@ -37,8 +37,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + + if (indent < 0) + indent = 0; +- else if (indent > 128) +- indent = 128; ++ else if (indent > 64) ++ indent = 64; + + dump_width = DUMP_WIDTH_LESS_INDENT(indent); + rows = len / dump_width; +-- +1.8.3.1 -- Gitee From 5e61b635cfaefd08a0d04fa69ca763843dc17691 Mon Sep 17 00:00:00 2001 From: steven Date: Wed, 18 Mar 2020 21:08:19 +0800 Subject: [PATCH 2/3] fix division zero issue which found by oss-fuzz --- openssl.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index 4f5e7e6..cc7ce97 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1d -Release: 8 +Release: 9 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -11,6 +11,7 @@ Source1: Makefile.certificate Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch Patch3: CVE-2019-1551.patch +Patch4: use-the-correct-maximum-indent BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel @@ -186,6 +187,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Wed Mar 18 2020 steven - 1:1.1.1d-9 +- fix division zero issue which found by oss-fuzz + * Tue Mar 3 2020 openEuler Buildteam - 1:1.1.1d-8 - add missiong /sbin/ldconfig -- Gitee From 6acccda18a1f18ba765e391648598c03a989409b Mon Sep 17 00:00:00 2001 From: steven Date: Wed, 18 Mar 2020 21:08:47 +0800 Subject: [PATCH 3/3] update openssl.spec. --- openssl.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index cc7ce97..3786b6e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -11,7 +11,7 @@ Source1: Makefile.certificate Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch Patch3: CVE-2019-1551.patch -Patch4: use-the-correct-maximum-indent +Patch4: use-the-correct-maximum-indent.patch BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel -- Gitee