From 71e3157ac34cbb33878713d6de358397d3898a6b Mon Sep 17 00:00:00 2001 From: hzero1996 Date: Mon, 16 May 2022 21:33:45 +0800 Subject: [PATCH] fix the cve-2022-1292.patch --- CVE-2022-1292.patch | 76 +++++++++++++++++++++++++++++++++++++++++++++ openssl.spec | 6 +++- 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-1292.patch diff --git a/CVE-2022-1292.patch b/CVE-2022-1292.patch new file mode 100644 index 0000000..6eb59df --- /dev/null +++ b/CVE-2022-1292.patch @@ -0,0 +1,76 @@ +From e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 26 Apr 2022 12:40:24 +0200 +Subject: [PATCH] c_rehash: Do not use shell to invoke openssl + +Except on VMS where it is safe. + +This fixes CVE-2022-1292. + +Reviewed-by: Matthias St. Pierre +Reviewed-by: Matt Caswell + +--- + tools/c_rehash.in | 29 +++++++++++++++++++++++++---- + 1 file changed, 25 insertions(+), 4 deletions(-) + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index 421fd89..e7cb5fa 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -152,6 +152,23 @@ sub check_file { + return ($is_cert, $is_crl); + } + ++sub compute_hash { ++ my $fh; ++ if ( $^O eq "VMS" ) { ++ # VMS uses the open through shell ++ # The file names are safe there and list form is unsupported ++ if (!open($fh, "-|", join(' ', @_))) { ++ print STDERR "Cannot compute hash on '$fname'\n"; ++ return; ++ } ++ } else { ++ if (!open($fh, "-|", @_)) { ++ print STDERR "Cannot compute hash on '$fname'\n"; ++ return; ++ } ++ } ++ return (<$fh>, <$fh>); ++} + + # Link a certificate to its subject name hash value, each hash is of + # the form . where n is an integer. If the hash value already exists +@@ -161,10 +178,12 @@ sub check_file { + + sub link_hash_cert { + my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; ++ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, ++ "-fingerprint", "-noout", ++ "-in", $fname); + chomp $hash; + chomp $fprint; ++ return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; +@@ -202,10 +221,12 @@ sub link_hash_cert { + + sub link_hash_crl { + my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; ++ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, ++ "-fingerprint", "-noout", ++ "-in", $fname); + chomp $hash; + chomp $fprint; ++ return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; +-- +2.19.1 \ No newline at end of file diff --git a/openssl.spec b/openssl.spec index efc3f65..364adae 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1f -Release: 15 +Release: 16 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -91,6 +91,7 @@ Patch80: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch Patch81: CVE-2021-4160.patch Patch82: CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch Patch83: CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch +Patch84: CVE-2022-1292.patch BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel @@ -268,6 +269,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Mon May 16 2022 wangcheng - 1:1.1.1f-16 +- fix CVE-2022-1292 + * Mon Mar 21 2022 wangcheng - 1:1.1.1f-15 - fix CVE-2022-0778 -- Gitee