diff --git a/backport-Backport-a-missing-bug-fix-from-master.patch b/backport-Backport-a-missing-bug-fix-from-master.patch new file mode 100644 index 0000000000000000000000000000000000000000..cb2d259f275cfb78127fe46399bef441d0308ba3 --- /dev/null +++ b/backport-Backport-a-missing-bug-fix-from-master.patch @@ -0,0 +1,65 @@ +From 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Thu, 19 May 2022 15:50:28 +0200 +Subject: [PATCH] Backport a missing bug-fix from master + +This is a backport of the following commit from master: + +commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 +Author: Matt Caswell +Date: Thu Nov 19 13:58:21 2020 +0000 + + Don't Overflow when printing Thawte Strong Extranet Version + + When printing human readable info on the Thawte Strong Extranet extension + the version number could overflow if the version number == LONG_MAX. This + is undefined behaviour. + + Issue found by OSSFuzz. + + Reviewed-by: Ben Kaduk + (Merged from https://github.com/openssl/openssl/pull/13452) + +Reviewed-by: Matt Caswell +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18347) +--- + crypto/x509v3/v3_sxnet.c | 18 +++++++++++++++--- + 1 files changed, 15 insertions(+), 3 deletions(-) + create mode 100644 fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 + +diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c +index 89cda01be2..0648553ae3 100644 +--- a/crypto/x509v3/v3_sxnet.c ++++ b/crypto/x509v3/v3_sxnet.c +@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET) + static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, + int indent) + { +- long v; ++ int64_t v; + char *tmp; + SXNETID *id; + int i; +- v = ASN1_INTEGER_get(sx->version); +- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); ++ ++ /* ++ * Since we add 1 to the version number to display it, we don't support ++ * LONG_MAX since that would cause on overflow. ++ */ ++ if (!ASN1_INTEGER_get_int64(&v, sx->version) ++ || v >= LONG_MAX ++ || v < LONG_MIN) { ++ BIO_printf(out, "%*sVersion: ", indent, ""); ++ } else { ++ long vl = (long)v; ++ ++ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); ++ } + for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { + id = sk_SXNETID_value(sx->ids, i); + tmp = i2s_ASN1_INTEGER(NULL, id->zone); +-- +2.38.1.windows.1 + diff --git a/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch b/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch new file mode 100644 index 0000000000000000000000000000000000000000..3a14ffb71f7be06c78dbd1d10dc81da78e9121df --- /dev/null +++ b/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch @@ -0,0 +1,44 @@ +From 38ac4415a9cc4cca307c866e5fc548b889fe2bb6 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Mon, 22 Nov 2021 21:50:04 +0100 +Subject: [PATCH] Prevent crash with engine using different openssl runtime + +This problem happens usually because an application +links libcrypto and/or libssl statically which +installs an atexit handler, but later an engine using +a shared instance of libcrypto is installed. +The problem is in simple words that both instances +of libcrypto have an atexit handler installed, +but both are unable to coordinate with each other, +which causes a crash, typically a use-after-free +in the engine's destroy function. + +Work around that by preventing the engine's +libcrypto to install the atexit handler. +This may result in a small memory leak, but that +memory is still reachable. + +Fixes #15898 + +Reviewed-by: Richard Levitte +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17541) +--- + include/openssl/engine.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/include/openssl/engine.h b/include/openssl/engine.h +index 0780f0fb5f..756751c6d3 100644 +--- a/include/openssl/engine.h ++++ b/include/openssl/engine.h +@@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ ++ OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } +-- +2.38.1.windows.1 + diff --git a/openssl.spec b/openssl.spec index 70823d0f7cd4c0a994913359ecc26ab6e8f2c31f..6a06595a42c4e27961f8752265ea012d0ca65135 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 13 +Release: 14 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -37,6 +37,8 @@ Patch26: Feature-Support-TLCP-protocol.patch Patch27: Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch Patch28: Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch Patch29: backport-Update-further-expiring-certificates-that-affect-tes.patch +Patch30: backport-Backport-a-missing-bug-fix-from-master.patch +Patch31: backport-Prevent-crash-with-engine-using-different-openssl-ru.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -239,6 +241,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Oct 28 2022 ExtinctFire - 1:1.1.1m-14 +- backport upstream patches + * Fri Oct 28 2022 zhujianwei - 1:1.1.1m-13 - update further expiring certificates