[pkgsrc/trunk]: pkgsrc/security/openssl Add a patch to address CVE-2006-4339

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5f173c3e4b0a
branches:  trunk
changeset: 518352:5f173c3e4b0a
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Thu Sep 07 09:44:31 2006 +0000

description:
Add a patch to address CVE-2006-4339

diffstat:

 security/openssl/Makefile         |   4 ++--
 security/openssl/distinfo         |   3 ++-
 security/openssl/patches/patch-am |  28 ++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diffs (64 lines):

diff -r e43706023dc2 -r 5f173c3e4b0a security/openssl/Makefile
--- a/security/openssl/Makefile Thu Sep 07 09:42:30 2006 +0000
+++ b/security/openssl/Makefile Thu Sep 07 09:44:31 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.115 2006/03/14 16:00:42 jlam Exp $
+# $NetBSD: Makefile,v 1.116 2006/09/07 09:44:31 adrianp Exp $
 
 OPENSSL_SNAPSHOT?=     # empty
 OPENSSL_STABLE?=       # empty
@@ -24,7 +24,7 @@
 .  endif
 .endif
 
-PKGREVISION=   1
+PKGREVISION=   2
 SVR4_PKGNAME=  ossl
 CATEGORIES=    security
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r e43706023dc2 -r 5f173c3e4b0a security/openssl/distinfo
--- a/security/openssl/distinfo Thu Sep 07 09:42:30 2006 +0000
+++ b/security/openssl/distinfo Thu Sep 07 09:44:31 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2006/06/13 12:00:43 joerg Exp $
+$NetBSD: distinfo,v 1.52 2006/09/07 09:44:31 adrianp Exp $
 
 SHA1 (openssl-0.9.7i.tar.gz) = 4c23925744d43272fa19615454da44e01465eb06
 RMD160 (openssl-0.9.7i.tar.gz) = 0dce52c5793a0c37f17b620f7d26bbf9e4fcf755
@@ -10,3 +10,4 @@
 SHA1 (patch-af) = e8a9d803d362658e0db3f044b35794b2084b7667
 SHA1 (patch-ak) = 7f9960a97cbe83c381c2a4565ca3a6e4e661bf54
 SHA1 (patch-al) = 64fd0be6adf30821b4c4bba3c9088c6dcbff3ba7
+SHA1 (patch-am) = 209aad896f976e5acc9bf66f5e3fdf6193d2ff3d
diff -r e43706023dc2 -r 5f173c3e4b0a security/openssl/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/openssl/patches/patch-am Thu Sep 07 09:44:31 2006 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-am,v 1.3 2006/09/07 09:44:31 adrianp Exp $
+
+--- crypto/rsa/rsa_sign.c.orig 2004-12-05 01:04:42.000000000 +0000
++++ crypto/rsa/rsa_sign.c
+@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned
+               sig=d2i_X509_SIG(NULL,&p,(long)i);
+ 
+               if (sig == NULL) goto err;
++
++              /* Excess data can be used to create forgeries */
++              if(p != s+i)
++                      {
++                      RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
++                      goto err;
++                      }
++
++              /* Parameters to the signature algorithm can also be used to
++                 create forgeries */
++              if(sig->algor->parameter
++                 && sig->algor->parameter->type != V_ASN1_NULL)
++                      {
++                      RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
++                      goto err;
++                      }
++
+               sigtype=OBJ_obj2nid(sig->algor->algorithm);
+ 
+