From fab4cf3961f5e1d004663485db68efefe44acc00 Mon Sep 17 00:00:00 2001 From: zhangxingrong Date: Fri, 16 Aug 2024 14:54:10 +0800 Subject: [PATCH] add some upstream patchs --- ...-Fix-prototypes-of-sk_TYPE_free-zero.patch | 32 +++++ ...x-off-by-one-issue-in-buf2hexstr_sep.patch | 29 +++++ ...ext-fail-on-odd-number-of-hex-digits.patch | 117 ++++++++++++++++++ ...ts_to_stack-Documented-return-values.patch | 58 +++++++++ ...efix-Fix-a-memory-leak-in-error-case.patch | 34 +++++ openssl.spec | 16 ++- 6 files changed, 285 insertions(+), 1 deletion(-) create mode 100644 backport-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-zero.patch create mode 100644 backport-Fix-off-by-one-issue-in-buf2hexstr_sep.patch create mode 100644 backport-Have-OSSL_PARAM_allocate_from_text-fail-on-odd-number-of-hex-digits.patch create mode 100644 backport-SSL_add_dir_cert_subjects_to_stack-Documented-return-values.patch create mode 100644 backport-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch diff --git a/backport-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-zero.patch b/backport-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-zero.patch new file mode 100644 index 0000000..acee8dd --- /dev/null +++ b/backport-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-zero.patch @@ -0,0 +1,32 @@ +From 90fe7b2b90346c3123f139e7b6d67334856b0c5a Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 2 Apr 2024 16:43:27 +0200 +Subject: [PATCH] DEFINE_STACK_OF.pod: Fix prototypes of sk_TYPE_free/zero() + +They take non-const STACK_OF(TYPE)* argument. + +Reviewed-by: Neil Horman +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/24023) + +(cherry picked from commit e898c367312c3ab6eb5eaac9b4be768f0d2e4b0e) +--- + doc/man3/DEFINE_STACK_OF.pod | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod +index 0775214fb5d7e..e29e0c8be0f42 100644 +--- a/doc/man3/DEFINE_STACK_OF.pod ++++ b/doc/man3/DEFINE_STACK_OF.pod +@@ -41,8 +41,8 @@ OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero + STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); + STACK_OF(TYPE) *sk_TYPE_new_null(void); + int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); +- void sk_TYPE_free(const STACK_OF(TYPE) *sk); +- void sk_TYPE_zero(const STACK_OF(TYPE) *sk); ++ void sk_TYPE_free(STACK_OF(TYPE) *sk); ++ void sk_TYPE_zero(STACK_OF(TYPE) *sk); + TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); + TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); + int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); diff --git a/backport-Fix-off-by-one-issue-in-buf2hexstr_sep.patch b/backport-Fix-off-by-one-issue-in-buf2hexstr_sep.patch new file mode 100644 index 0000000..b1c342d --- /dev/null +++ b/backport-Fix-off-by-one-issue-in-buf2hexstr_sep.patch @@ -0,0 +1,29 @@ +From d44aa28b0db3ba355fe68c5971c90c9a1414788f Mon Sep 17 00:00:00 2001 +From: shridhar kalavagunta +Date: Fri, 26 Jan 2024 21:10:32 -0600 +Subject: [PATCH] Fix off by one issue in buf2hexstr_sep() + +Fixes #23363 + +Reviewed-by: Tom Cosgrove +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/23404) + +(cherry picked from commit c5cc9c419a0a8d97a44f01f95f0e213f56da4574) +--- + crypto/o_str.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 7fa487dd5fcde..bfbc2ca5e372c 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -251,7 +251,7 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, + *q = CH_ZERO; + + #ifdef CHARSET_EBCDIC +- ebcdic2ascii(str, str, q - str - 1); ++ ebcdic2ascii(str, str, q - str); + #endif + return 1; + } diff --git a/backport-Have-OSSL_PARAM_allocate_from_text-fail-on-odd-number-of-hex-digits.patch b/backport-Have-OSSL_PARAM_allocate_from_text-fail-on-odd-number-of-hex-digits.patch new file mode 100644 index 0000000..23ca70a --- /dev/null +++ b/backport-Have-OSSL_PARAM_allocate_from_text-fail-on-odd-number-of-hex-digits.patch @@ -0,0 +1,117 @@ +From ebd24b37eccf8eb362ab7c5257b57f833eb2a873 Mon Sep 17 00:00:00 2001 +From: Richard Levitte +Date: Tue, 23 Jan 2024 13:17:31 +0100 +Subject: [PATCH] Have OSSL_PARAM_allocate_from_text() fail on odd number of + hex digits + +The failure would be caught later on, so this went unnoticed, until someone +tried with just one hex digit, which was simply ignored. + +Fixes #23373 + +Reviewed-by: Tom Cosgrove +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/23374) + +(cherry picked from commit ea6268cfceaba24328d66bd14bfc97c4fac14a58) +--- + crypto/params_from_text.c | 8 ++++++- + test/params_test.c | 44 +++++++++++++++++++++++++++++++++++++++ + 2 files changed, 51 insertions(+), 1 deletion(-) + +diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c +index 360f8933e1355..3fe65af3c51fa 100644 +--- a/crypto/params_from_text.c ++++ b/crypto/params_from_text.c +@@ -118,7 +118,13 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key, + break; + case OSSL_PARAM_OCTET_STRING: + if (*ishex) { +- *buf_n = strlen(value) >> 1; ++ size_t hexdigits = strlen(value); ++ if ((hexdigits % 2) != 0) { ++ /* We don't accept an odd number of hex digits */ ++ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS); ++ return 0; ++ } ++ *buf_n = hexdigits >> 1; + } else { + *buf_n = value_n; + } +diff --git a/test/params_test.c b/test/params_test.c +index 6a970feaa4591..3df1669812df3 100644 +--- a/test/params_test.c ++++ b/test/params_test.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + #include + #include "internal/numbers.h" + #include "internal/nelem.h" +@@ -558,6 +559,7 @@ static const OSSL_PARAM params_from_text[] = { + /* Arbitrary size buffer. Make sure the result fits in a long */ + OSSL_PARAM_DEFN("num", OSSL_PARAM_INTEGER, NULL, 0), + OSSL_PARAM_DEFN("unum", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0), ++ OSSL_PARAM_DEFN("octets", OSSL_PARAM_OCTET_STRING, NULL, 0), + OSSL_PARAM_END, + }; + +@@ -655,14 +657,56 @@ static int check_int_from_text(const struct int_from_text_test_st a) + return a.expected_res; + } + ++static int check_octetstr_from_hexstr(void) ++{ ++ OSSL_PARAM param; ++ static const char *values[] = { "", "F", "FF", "FFF", "FFFF", NULL }; ++ int i; ++ int errcnt = 0; ++ ++ /* Test odd vs even number of hex digits */ ++ for (i = 0; values[i] != NULL; i++) { ++ int expected = (strlen(values[i]) % 2) != 1; ++ int result; ++ ++ ERR_clear_error(); ++ memset(¶m, 0, sizeof(param)); ++ if (expected) ++ result = ++ TEST_true(OSSL_PARAM_allocate_from_text(¶m, ++ params_from_text, ++ "hexoctets", values[i], 0, ++ NULL)); ++ else ++ result = ++ TEST_false(OSSL_PARAM_allocate_from_text(¶m, ++ params_from_text, ++ "hexoctets", values[i], 0, ++ NULL)); ++ if (!result) { ++ TEST_error("unexpected OSSL_PARAM_allocate_from_text() %s for 'octets' \"%s\"", ++ (expected ? "failure" : "success"), values[i]); ++ errcnt++; ++ } ++ OPENSSL_free(param.data); ++ } ++ return errcnt == 0; ++} ++ + static int test_allocate_from_text(int i) + { + return check_int_from_text(int_from_text_test_cases[i]); + } + ++static int test_more_allocate_from_text(void) ++{ ++ return check_octetstr_from_hexstr(); ++} ++ + int setup_tests(void) + { + ADD_ALL_TESTS(test_case, OSSL_NELEM(test_cases)); + ADD_ALL_TESTS(test_allocate_from_text, OSSL_NELEM(int_from_text_test_cases)); ++ ADD_TEST(test_more_allocate_from_text); + return 1; + } diff --git a/backport-SSL_add_dir_cert_subjects_to_stack-Documented-return-values.patch b/backport-SSL_add_dir_cert_subjects_to_stack-Documented-return-values.patch new file mode 100644 index 0000000..54f1a90 --- /dev/null +++ b/backport-SSL_add_dir_cert_subjects_to_stack-Documented-return-values.patch @@ -0,0 +1,58 @@ +From a58bfb7a97aa2ed8cb78417ea2bcc779f1ac9c0a Mon Sep 17 00:00:00 2001 +From: Shakti Shah +Date: Wed, 31 Jan 2024 00:26:32 +0530 +Subject: [PATCH] SSL_add_dir_cert_subjects_to_stack(): Documented return + values + +In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions +returning int have undocumented return values. + +Fixes #23171 + +Signed-off-by: Shakti Shah + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/23433) + +(cherry picked from commit 9f3a7ca2cfff948b21f8fdbe92069b3eea1c01fa) +--- + doc/man3/SSL_load_client_CA_file.pod | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod +index 988c7e8934075..117f6bb1a94fc 100644 +--- a/doc/man3/SSL_load_client_CA_file.pod ++++ b/doc/man3/SSL_load_client_CA_file.pod +@@ -54,7 +54,8 @@ it is not limited to CA certificates. + + =head1 RETURN VALUES + +-The following return values can occur: ++The following return values can occur for SSL_load_client_CA_file_ex(), and ++SSL_load_client_CA_file(): + + =over 4 + +@@ -68,6 +69,21 @@ Pointer to the subject names of the successfully read certificates. + + =back + ++The following return values can occur for SSL_add_file_cert_subjects_to_stack(), ++SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack(): ++ ++=over 4 ++ ++=item 0 (Failure) ++ ++The operation failed. ++ ++=item 1 (Success) ++ ++The operation succeeded. ++ ++=back ++ + =head1 EXAMPLES + + Load names of CAs from file and use it as a client CA list: diff --git a/backport-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch b/backport-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch new file mode 100644 index 0000000..7117aca --- /dev/null +++ b/backport-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch @@ -0,0 +1,34 @@ +From 0f7276865c54af41e99d1cc9f38b52a72b081b27 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 11 Apr 2024 09:40:18 +0200 +Subject: [PATCH] make_addressPrefix(): Fix a memory leak in error case + +Fixes #24098 + +Reviewed-by: Tom Cosgrove +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/24102) + +(cherry picked from commit 682ed1b86ebe97036ab37897d528343d0e4def69) +--- + crypto/x509/v3_addr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c +index 4930f33124222..20f3d2ba70dea 100644 +--- a/crypto/x509/v3_addr.c ++++ b/crypto/x509/v3_addr.c +@@ -397,11 +397,11 @@ static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, + const int prefixlen, const int afilen) + { + int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; +- IPAddressOrRange *aor = IPAddressOrRange_new(); ++ IPAddressOrRange *aor; + + if (prefixlen < 0 || prefixlen > (afilen * 8)) + return 0; +- if (aor == NULL) ++ if ((aor = IPAddressOrRange_new()) == NULL) + return 0; + aor->type = IPAddressOrRange_addressPrefix; + if (aor->u.addressPrefix == NULL && diff --git a/openssl.spec b/openssl.spec index 36b67eb..f1bc8d6 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 3.0.12 -Release: 8 +Release: 9 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -48,6 +48,12 @@ Patch36: Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing. Patch37: Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch Patch38: Backport-CVE-2024-5535-Fix-SSL_select_next_proto.patch Patch39: Backport-CVE-2024-5535-Add-a-test-for-ALPN-and-NPN.patch +Patch40: backport-Have-OSSL_PARAM_allocate_from_text-fail-on-odd-number-of-hex-digits.patch +Patch41: backport-Fix-off-by-one-issue-in-buf2hexstr_sep.patch +Patch42: backport-SSL_add_dir_cert_subjects_to_stack-Documented-return-values.patch +Patch43: backport-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-zero.patch +Patch44: backport-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch + BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -248,6 +254,14 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Aug 16 2024 zhangxingrong - 1:3.0.12-9 +- backport patch + Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits + Fix off by one issue in buf2hexstr_sep() + SSL_add_dir_cert_subjects_to_stack(): Documented return values + DEFINE_STACK_OF.pod: Fix prototypes of sk_TYPE_free/zero() + make_addressPrefix(): Fix a memory leak in error case + * Fri Jun 28 2024 yinyongkang - 1:3.0.12-8 - fix CVE-2024-5535 -- Gitee