Package: openssl / 1.0.1e-2+deb7u20

Metadata

Package Version Patches format
openssl 1.0.1e-2+deb7u20 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
ca.patch | (download)

apps/CA.pl.in | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---
config hurd.patch | (download)

config | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
debian targets.patch | (download)

Configure | 45 45 + 0 - 0 !
1 file changed, 45 insertions(+)

---
engines path.patch | (download)

Configure | 2 1 + 1 - 0 !
Makefile.org | 2 1 + 1 - 0 !
engines/Makefile | 10 5 + 5 - 0 !
engines/ccgost/Makefile | 6 3 + 3 - 0 !
4 files changed, 10 insertions(+), 10 deletions(-)

---
make targets.patch | (download)

Makefile.org | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
man dir.patch | (download)

Makefile.org | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
man section.patch | (download)

Makefile.org | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

---
no rpath.patch | (download)

Makefile.shared | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
no symbolic.patch | (download)

Makefile.shared | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
pic.patch | (download)

crypto/des/asm/desboth.pl | 17 14 + 3 - 0 !
crypto/perlasm/cbc.pl | 24 20 + 4 - 0 !
crypto/perlasm/x86gas.pl | 16 16 + 0 - 0 !
crypto/x86cpuid.pl | 10 5 + 5 - 0 !
4 files changed, 55 insertions(+), 12 deletions(-)

---
valgrind.patch | (download)

crypto/rand/md_rand.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---
rehash crt.patch | (download)

tools/c_rehash.in | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

---
rehash_pod.patch | (download)

doc/apps/c_rehash.pod | 55 55 + 0 - 0 !
1 file changed, 55 insertions(+)

---
shared lib ext.patch | (download)

Configure | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---
stddef.patch | (download)

crypto/sha/sha.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
version script.patch | (download)

Configure | 2 2 + 0 - 0 !
engines/ccgost/openssl.ld | 10 10 + 0 - 0 !
engines/openssl.ld | 10 10 + 0 - 0 !
openssl.ld | 4626 4626 + 0 - 0 !
4 files changed, 4648 insertions(+)

---
gnu_source.patch | (download)

crypto/dso/dso_dlfcn.c | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 always define _gnu_source

We need this atleast for kfreebsd because they also use glibc.
There shouldn't be a problem defining this on systems not using
glibc.

c_rehash compat.patch | (download)

tools/c_rehash.in | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch] also create old hash for compatibility


libdoc manpgs pod spell.patch | (download)

doc/crypto/ASN1_generate_nconf.pod | 2 1 + 1 - 0 !
doc/crypto/BN_BLINDING_new.pod | 2 1 + 1 - 0 !
doc/crypto/EVP_BytesToKey.pod | 2 1 + 1 - 0 !
doc/crypto/EVP_EncryptInit.pod | 2 1 + 1 - 0 !
doc/crypto/EVP_PKEY_cmp.pod | 2 1 + 1 - 0 !
doc/crypto/X509_STORE_CTX_get_error.pod | 2 2 + 0 - 0 !
doc/crypto/pem.pod | 2 1 + 1 - 0 !
doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 4 + 0 - 0 !
doc/ssl/SSL_CTX_set_verify.pod | 4 2 + 2 - 0 !
doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 8 8 + 0 - 0 !
doc/ssl/SSL_accept.pod | 8 8 + 0 - 0 !
doc/ssl/SSL_connect.pod | 18 9 + 9 - 0 !
doc/ssl/SSL_do_handshake.pod | 8 8 + 0 - 0 !
doc/ssl/SSL_shutdown.pod | 8 8 + 0 - 0 !
14 files changed, 55 insertions(+), 17 deletions(-)

---
libssl misspell.patch | (download)

crypto/asn1/asn1_err.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
openssl pod misspell.patch | (download)

apps/ca.c | 2 1 + 1 - 0 !
apps/ecparam.c | 4 2 + 2 - 0 !
crypto/evp/encode.c | 2 1 + 1 - 0 !
doc/apps/config.pod | 2 1 + 1 - 0 !
doc/apps/req.pod | 2 1 + 1 - 0 !
doc/apps/ts.pod | 4 2 + 2 - 0 !
doc/apps/tsget.pod | 2 1 + 1 - 0 !
doc/apps/x509v3_config.pod | 2 1 + 1 - 0 !
8 files changed, 10 insertions(+), 10 deletions(-)

---
pod_req_misspell2.patch | (download)

doc/apps/req.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
pod_pksc12.misspell.patch | (download)

doc/apps/pkcs12.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
pod_s_server.misspell.patch | (download)

doc/apps/s_server.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
pod_x509setflags.misspell.patch | (download)

doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
pod_ec.misspell.patch | (download)

doc/apps/ec.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
pkcs12 doc.patch | (download)

doc/apps/pkcs12.pod | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

---
dgst_hmac.patch | (download)

apps/dgst.c | 2 2 + 0 - 0 !
doc/apps/dgst.pod | 10 10 + 0 - 0 !
2 files changed, 12 insertions(+)

 document openssl dgst -hmac option

I've committed the thing below in MirBSD; since the apps code
changes very little between OpenSSL versions, it will probably
apply to the Debian package as well. I'm open for better wor-
ding though, especially considering the FIPS option, which I
found as undocumented too.

block_diginotar.patch | (download)

crypto/x509/x509_vfy.c | 27 27 + 0 - 0 !
1 file changed, 27 insertions(+)

 make x509_verify_cert indicate that any certificate whose
 name contains "DigiNotar" is revoked.
block_digicert_malaysia.patch | (download)

crypto/x509/x509_vfy.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 make x509_verify_cert indicate that any certificate whose
 name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
c_rehash multi.patch | (download)

tools/c_rehash.in | 72 44 + 28 - 0 !
1 file changed, 44 insertions(+), 28 deletions(-)

 generate hashes for all certs in a file
Bug: http://bugs.debian.org/628780
Forwared: no


default_bits.patch | (download)

apps/openssl.cnf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
ssltest_no_sslv2.patch | (download)

ssl/ssltest.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 fix in ssltest is no-ssl2 configured

cpuid.patch | (download)

crypto/x86cpuid.pl | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 x86cpuid.pl: make it work with older cpus.
aesni mac.patch | (download)

crypto/evp/e_aes_cbc_hmac_sha1.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on aes-ni plaforms.
dtls_version.patch | (download)

ssl/s3_cbc.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 check dtls_bad_ver for version number.
get_certificate.patch | (download)

ssl/ssl_lib.c | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 fix for ssl_get_certificate
CVE 2013 6449.patch | (download)

ssl/s3_both.c | 2 2 + 0 - 0 !
ssl/s3_lib.c | 2 1 + 1 - 0 !
ssl/s3_pkt.c | 8 7 + 1 - 0 !
ssl/t1_enc.c | 11 6 + 5 - 0 !
4 files changed, 16 insertions(+), 7 deletions(-)

 fix cve-2013-6449

This is a combination of upstream commits:
0294b2be5f4c11e60620c0018674ff0e17b14238
ca989269a2876bae79393bd54c3e72d49975fc75

CVE 2013 6450.patch | (download)

crypto/evp/digest.c | 7 5 + 2 - 0 !
ssl/d1_both.c | 6 6 + 0 - 0 !
ssl/ssl_locl.h | 2 2 + 0 - 0 !
ssl/t1_enc.c | 17 11 + 6 - 0 !
4 files changed, 24 insertions(+), 8 deletions(-)

 [patch] fix dtls retransmission from previous session.
disable_rdrand.patch | (download)

crypto/engine/eng_rdrand.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] don't use rdrand engine as default unless explicitly
 requested.
disable_dual_ec_drbg.patch | (download)

crypto/rand/rand.h | 1 1 + 0 - 0 !
crypto/rand/rand_err.c | 1 1 + 0 - 0 !
crypto/rand/rand_lib.c | 8 8 + 0 - 0 !
3 files changed, 10 insertions(+)

 [patch] disable dual ec drbg.
CVE 2013 4353.patch | (download)

ssl/s3_both.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch] fix for tls record tampering bug cve-2013-4353
dont_change_version.patch | (download)

ssl/s3_pkt.c | 2 1 + 1 - 0 !
ssl/s3_srvr.c | 3 2 + 1 - 0 !
2 files changed, 3 insertions(+), 2 deletions(-)

 [patch] don't change version number if session established
CVE 2014 0160.patch | (download)

ssl/d1_both.c | 26 18 + 8 - 0 !
ssl/t1_lib.c | 14 9 + 5 - 0 !
2 files changed, 27 insertions(+), 13 deletions(-)

 [patch] add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)

CVE 2010 5298.patch | (download)

ssl/s3_pkt.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] don't release the buffer when there still is data in it

RT: 2167, 3265

CVE 2014 XXXX Extension checking fixes.patch | (download)

crypto/x509v3/v3_purp.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] extension checking fixes.

When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309.

CVE 2014 0076.patch | (download)

crypto/bn/bn.h | 11 11 + 0 - 0 !
crypto/bn/bn_lib.c | 52 52 + 0 - 0 !
crypto/ec/ec2_mult.c | 27 16 + 11 - 0 !
3 files changed, 79 insertions(+), 11 deletions(-)

 [patch] fix for cve-2014-0076

Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
ECDHE ECDSA_Safari.patch | (download)

doc/ssl/SSL_CTX_set_options.pod | 5 3 + 2 - 0 !
ssl/s3_lib.c | 12 12 + 0 - 0 !
ssl/ssl.h | 5 4 + 1 - 0 !
ssl/ssl3.h | 9 9 + 0 - 0 !
ssl/t1_lib.c | 88 88 + 0 - 0 !
5 files changed, 116 insertions(+), 3 deletions(-)

 [patch] don't prefer ecdhe-ecdsa ciphers when the client appears to
 be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA
 ciphers.
CVE 2014 0198.patch | (download)

ssl/s3_pkt.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 [patch] fixed null pointer dereference. see pr#3321


CVE 2014 0224.patch | (download)

ssl/s3_clnt.c | 4 4 + 0 - 0 !
ssl/s3_pkt.c | 11 10 + 1 - 0 !
ssl/s3_srvr.c | 5 5 + 0 - 0 !
ssl/ssl3.h | 1 1 + 0 - 0 !
4 files changed, 20 insertions(+), 1 deletion(-)

 fix for cve-2014-0224
    
    Only accept change cipher spec when it is expected instead of at any
    time. This prevents premature setting of session keys before the master
    secret is determined which an attacker could use as a MITM attack.
    
    Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
    and providing the initial fix this patch is based on.

CVE 2014 3470.patch | (download)

ssl/s3_clnt.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

---
CVE 2014 0195.patch | (download)

ssl/d1_both.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 fix for cve-2014-0195
    
    A buffer overrun attack can be triggered by sending invalid DTLS fragments
    to an OpenSSL DTLS client or server. This is potentially exploitable to
    run arbitrary code on a vulnerable client or server.
    
    Fixed by adding consistency check for DTLS fragments.
    
    Thanks to Jüri Aedla for reporting this issue.

CVE 2014 0221.patch | (download)

ssl/d1_both.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix cve-2014-0221

    Unnecessary recursion when receiving a DTLS hello request can be used to
    crash a DTLS client. Fixed by handling DTLS hello request without recursion.
    
    Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.

CVE 2012 4929.patch | (download)

ssl/ssl_ciph.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable zlib compression by default

This fixes CVE-2012-4929 (CRiME).

Avoid double free when processing DTLS packets.patch | (download)

ssl/d1_both.c | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 [patch 01/16] avoid double free when processing dtls packets.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The |item| variable, in both of these cases, may contain a pointer to a
|pitem| structure within |s->d1->buffered_messages|. It was being freed
in the error case while still being in |buffered_messages|. When the
error later caused the |SSL*| to be destroyed, the item would be double
freed.

Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was
inconsistent with the other error paths (but correct).

Fixes CVE-2014-3505

Added comment for the frag reassembly NULL case as p.patch | (download)

ssl/d1_both.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 02/16] added comment for the frag->reassembly == null case as
 per feedback from Emilia
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix DTLS handshake message size checks.patch | (download)

ssl/d1_both.c | 29 16 + 13 - 0 !
1 file changed, 16 insertions(+), 13 deletions(-)

 [patch 03/16] fix dtls handshake message size checks.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In |dtls1_reassemble_fragment|, the value of
|msg_hdr->frag_off+frag_len| was being checked against the maximum
handshake message size, but then |msg_len| bytes were allocated for the
fragment buffer. This means that so long as the fragment was within the
allowed size, the pending handshake message could consume 16MB + 2MB
(for the reassembly bitmap). Approx 10 outstanding handshake messages
are allowed, meaning that an attacker could consume ~180MB per DTLS
connection.

In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
check was applied.

Fixes CVE-2014-3506

Wholly based on patch by Adam Langley with one minor amendment.

Fix memory leak from zero length DTLS fragments.patch | (download)

ssl/d1_both.c | 22 19 + 3 - 0 !
1 file changed, 19 insertions(+), 3 deletions(-)

 [patch 04/16] fix memory leak from zero-length dtls fragments.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507

Fix return code for truncated DTLS fragment.patch | (download)

ssl/d1_both.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 [patch 05/16] fix return code for truncated dtls fragment.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.