security fix for -CVE-2009-2702
This commit is contained in:
parent
959bba2926
commit
19c3b1623e
69
kdelibs-4.3.1-CVE-2009-2702.patch
Normal file
69
kdelibs-4.3.1-CVE-2009-2702.patch
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
diff -Nur kdelibs-4.3.1.orig/kio/kssl/kopenssl.cpp kdelibs-4.3.1/kio/kssl/kopenssl.cpp
|
||||||
|
--- kdelibs-4.3.1.orig/kio/kssl/kopenssl.cpp 2008-10-23 01:05:00.000000000 +0200
|
||||||
|
+++ kdelibs-4.3.1/kio/kssl/kopenssl.cpp 2009-09-04 14:09:22.000000000 +0200
|
||||||
|
@@ -196,6 +196,7 @@
|
||||||
|
static X509_NAME *(*K_X509_NAME_new)() = 0L;
|
||||||
|
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
|
||||||
|
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
|
||||||
|
+static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
|
||||||
|
static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
|
||||||
|
|
||||||
|
#endif
|
||||||
|
@@ -530,6 +531,7 @@
|
||||||
|
K_X509_NAME_new = (X509_NAME *(*)()) d->cryptoLib->resolveFunction("X509_NAME_new");
|
||||||
|
K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) d->cryptoLib->resolveFunction("X509_REQ_set_subject_name");
|
||||||
|
K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_data");
|
||||||
|
+ K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_length");
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1577,6 +1579,13 @@
|
||||||
|
return 0L;
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
+int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
|
||||||
|
+ if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
|
||||||
|
+ return 0L;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
|
||||||
|
if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
|
||||||
|
return 0L;
|
||||||
|
diff -Nur kdelibs-4.3.1.orig/kio/kssl/kopenssl.h kdelibs-4.3.1/kio/kssl/kopenssl.h
|
||||||
|
--- kdelibs-4.3.1.orig/kio/kssl/kopenssl.h 2009-05-19 14:06:53.000000000 +0200
|
||||||
|
+++ kdelibs-4.3.1/kio/kssl/kopenssl.h 2009-09-04 14:09:22.000000000 +0200
|
||||||
|
@@ -589,13 +589,17 @@
|
||||||
|
*/
|
||||||
|
void ASN1_INTEGER_free(ASN1_INTEGER *x);
|
||||||
|
|
||||||
|
-
|
||||||
|
/*
|
||||||
|
* ASN1_STRING_data
|
||||||
|
*/
|
||||||
|
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
|
||||||
|
|
||||||
|
/*
|
||||||
|
+ * ASN1_STRING_length
|
||||||
|
+ */
|
||||||
|
+ int ASN1_STRING_length(ASN1_STRING *x);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
int OBJ_obj2nid(ASN1_OBJECT *o);
|
||||||
|
diff -Nur kdelibs-4.3.1.orig/kio/kssl/ksslcertificate.cpp kdelibs-4.3.1/kio/kssl/ksslcertificate.cpp
|
||||||
|
--- kdelibs-4.3.1.orig/kio/kssl/ksslcertificate.cpp 2009-01-16 16:07:05.000000000 +0100
|
||||||
|
+++ kdelibs-4.3.1/kio/kssl/ksslcertificate.cpp 2009-09-04 14:09:22.000000000 +0200
|
||||||
|
@@ -1305,7 +1305,9 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
|
||||||
|
- if (!s.isEmpty()) {
|
||||||
|
+ if (!s.isEmpty() &&
|
||||||
|
+ /* skip subjectAltNames with embedded NULs */
|
||||||
|
+ s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
|
||||||
|
rc += s;
|
||||||
|
}
|
||||||
|
}
|
36
kdelibs.spec
36
kdelibs.spec
@ -4,17 +4,13 @@
|
|||||||
|
|
||||||
Summary: K Desktop Environment 4 - Libraries
|
Summary: K Desktop Environment 4 - Libraries
|
||||||
Version: 4.3.1
|
Version: 4.3.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
|
|
||||||
%if 0%{?fedora} > 8
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
Obsoletes: kdelibs4 < %{version}-%{release}
|
Obsoletes: kdelibs4 < %{version}-%{release}
|
||||||
Provides: kdelibs4 = %{version}-%{release}
|
Provides: kdelibs4 = %{version}-%{release}
|
||||||
%{?_isa:Provides: kdelibs4%{?_isa} = %{version}-%{release}}
|
%{?_isa:Provides: kdelibs4%{?_isa} = %{version}-%{release}}
|
||||||
%else
|
|
||||||
Name: kdelibs4
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# http://techbase.kde.org/Policies/Licensing_Policy
|
# http://techbase.kde.org/Policies/Licensing_Policy
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -41,12 +37,8 @@ Requires: kde-filesystem >= 4-23
|
|||||||
Requires: kde-settings
|
Requires: kde-settings
|
||||||
%{?_kde4_macros_api:Requires: kde4-macros(api) = %{_kde4_macros_api} }
|
%{?_kde4_macros_api:Requires: kde4-macros(api) = %{_kde4_macros_api} }
|
||||||
Requires: shared-mime-info
|
Requires: shared-mime-info
|
||||||
%if "%{name}" == "kdelibs"
|
|
||||||
Requires: kdelibs-common
|
Requires: kdelibs-common
|
||||||
%endif
|
|
||||||
%if 0%{?fedora} >= 9
|
|
||||||
Requires: hunspell
|
Requires: hunspell
|
||||||
%endif
|
|
||||||
Requires: phonon%{?_isa} >= %{phonon_ver}
|
Requires: phonon%{?_isa} >= %{phonon_ver}
|
||||||
Requires: soprano%{?_isa} >= %{soprano_ver}
|
Requires: soprano%{?_isa} >= %{soprano_ver}
|
||||||
Requires: strigi-libs%{?_isa} >= %{strigi_ver}
|
Requires: strigi-libs%{?_isa} >= %{strigi_ver}
|
||||||
@ -80,12 +72,16 @@ Patch14: kdelibs-4.2.85-libexecdir.patch
|
|||||||
# kstandarddirs changes: search /etc/kde, find /usr/libexec/kde4
|
# kstandarddirs changes: search /etc/kde, find /usr/libexec/kde4
|
||||||
Patch18: kdelibs-4.1.72-kstandarddirs.patch
|
Patch18: kdelibs-4.1.72-kstandarddirs.patch
|
||||||
Patch20: kdelibs-4.1.70-cmake.patch
|
Patch20: kdelibs-4.1.70-cmake.patch
|
||||||
|
Patch21: kdelibs-4.3.1-ossl-1.x.patch
|
||||||
# patch to fix keditbookmarks crash (kde#160679)
|
# patch to fix keditbookmarks crash (kde#160679)
|
||||||
Patch22: kdelibs-4.3.0-bookmarks.patch
|
Patch22: kdelibs-4.3.0-bookmarks.patch
|
||||||
|
|
||||||
# upstream
|
# upstream
|
||||||
# 4.3 branch
|
# 4.3 branch
|
||||||
|
|
||||||
|
# security fix
|
||||||
|
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||||
|
|
||||||
BuildRequires: qt4-devel >= 4.5.0
|
BuildRequires: qt4-devel >= 4.5.0
|
||||||
# qt4%{_?_isa} isn't provided yet -- Rex
|
# qt4%{_?_isa} isn't provided yet -- Rex
|
||||||
#Requires: qt4%{?_isa} >= %{_qt4_version}
|
#Requires: qt4%{?_isa} >= %{_qt4_version}
|
||||||
@ -95,10 +91,6 @@ Requires(post): /sbin/ldconfig
|
|||||||
Requires(postun): /sbin/ldconfig
|
Requires(postun): /sbin/ldconfig
|
||||||
|
|
||||||
BuildRequires: alsa-lib-devel
|
BuildRequires: alsa-lib-devel
|
||||||
%if 0%{?fedora} < 9
|
|
||||||
# we don't want a hard dependency on aspell on F9+, use enchant only
|
|
||||||
BuildRequires: aspell-devel
|
|
||||||
%endif
|
|
||||||
BuildRequires: automoc4 >= 0.9.88
|
BuildRequires: automoc4 >= 0.9.88
|
||||||
BuildRequires: avahi-devel
|
BuildRequires: avahi-devel
|
||||||
BuildRequires: bzip2-devel
|
BuildRequires: bzip2-devel
|
||||||
@ -145,13 +137,11 @@ Provides: kross(qtscript) = %{version}-%{release}
|
|||||||
%description
|
%description
|
||||||
Libraries for the K Desktop Environment 4.
|
Libraries for the K Desktop Environment 4.
|
||||||
|
|
||||||
%if "%{name}" == "kdelibs"
|
|
||||||
%package common
|
%package common
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Summary: Common files for KDE 3 and KDE 4 libraries
|
Summary: Common files for KDE 3 and KDE 4 libraries
|
||||||
%description common
|
%description common
|
||||||
This package includes the common files for the KDE 3 and KDE 4 libraries.
|
This package includes the common files for the KDE 3 and KDE 4 libraries.
|
||||||
%endif
|
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
@ -161,10 +151,8 @@ Conflicts: kdebase-runtime < 4.2.90
|
|||||||
Conflicts: kdebase-workspace-devel < 4.2.90
|
Conflicts: kdebase-workspace-devel < 4.2.90
|
||||||
Provides: plasma-devel = %{version}-%{release}
|
Provides: plasma-devel = %{version}-%{release}
|
||||||
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
|
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||||
%if "%{name}" != "kdelibs4"
|
|
||||||
Obsoletes: kdelibs4-devel < %{version}-%{release}
|
Obsoletes: kdelibs4-devel < %{version}-%{release}
|
||||||
Provides: kdelibs4-devel = %{version}-%{release}
|
Provides: kdelibs4-devel = %{version}-%{release}
|
||||||
%endif
|
|
||||||
Requires: cmake >= 2.6.2-3
|
Requires: cmake >= 2.6.2-3
|
||||||
Requires: automoc4 >= 0.9.88
|
Requires: automoc4 >= 0.9.88
|
||||||
Requires: qt4-devel
|
Requires: qt4-devel
|
||||||
@ -184,14 +172,7 @@ Summary: KDE 4 API documentation
|
|||||||
# Not strictly required -- Rex
|
# Not strictly required -- Rex
|
||||||
# Requires: %{name} = %{?epoch:%{epoch}:}%{version}
|
# Requires: %{name} = %{?epoch:%{epoch}:}%{version}
|
||||||
Requires: kde-filesystem
|
Requires: kde-filesystem
|
||||||
%if "%{name}" != "kdelibs4"
|
|
||||||
Provides: kdelibs4-apidocs = %{version}-%{release}
|
Provides: kdelibs4-apidocs = %{version}-%{release}
|
||||||
#else
|
|
||||||
# Don't do that for now, we'd need to make sure all Requires: kdelibs-apidocs
|
|
||||||
# (in kdevelop etc.) are fixed to kdelibs3-apidocs first and it may not be
|
|
||||||
# worth it anyway.
|
|
||||||
#Provides: kdelibs-apidocs = 6:%{version}-%{release}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description apidocs
|
%description apidocs
|
||||||
This package includes the KDE 4 API documentation in HTML
|
This package includes the KDE 4 API documentation in HTML
|
||||||
@ -211,11 +192,14 @@ format for easy browsing.
|
|||||||
%patch14 -p1 -b .libexecdir
|
%patch14 -p1 -b .libexecdir
|
||||||
%patch18 -p1 -b .kstandarddirs
|
%patch18 -p1 -b .kstandarddirs
|
||||||
%patch20 -p1 -b .xxcmake
|
%patch20 -p1 -b .xxcmake
|
||||||
|
%patch21 -p1 -b .ossl-1.x
|
||||||
%patch22 -p1 -b .bookmarks
|
%patch22 -p1 -b .bookmarks
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
# 4.3
|
# 4.3
|
||||||
|
|
||||||
|
# security fix
|
||||||
|
%patch200 -p1 -b .CVE-2009-2702
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -400,11 +384,15 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 04 2009 Than Ngo <than@redhat.com> - 4.3.1-3
|
||||||
|
- security fix for -CVE-2009-2702
|
||||||
|
|
||||||
* Wed Sep 02 2009 Ben Boeckel <MathStuf@gmail.com> - 4.3.1-2
|
* Wed Sep 02 2009 Ben Boeckel <MathStuf@gmail.com> - 4.3.1-2
|
||||||
- Patch for kde#160679
|
- Patch for kde#160679
|
||||||
|
|
||||||
* Fri Aug 28 2009 Than Ngo <than@redhat.com> - 4.3.1-1
|
* Fri Aug 28 2009 Than Ngo <than@redhat.com> - 4.3.1-1
|
||||||
- 4.3.1
|
- 4.3.1
|
||||||
|
- openssl-1.0 build fixes
|
||||||
|
|
||||||
* Wed Aug 26 2009 Rex Dieter <rdieter@fedoraproject.org> - 4.3.0-8
|
* Wed Aug 26 2009 Rex Dieter <rdieter@fedoraproject.org> - 4.3.0-8
|
||||||
- BR: xz-devel
|
- BR: xz-devel
|
||||||
|
Loading…
Reference in New Issue
Block a user