pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/openssl



Module Name:    pkgsrc
Committed By:   jperkin
Date:           Thu Sep 22 12:28:55 UTC 2016

Modified Files:
        pkgsrc/security/openssl: Makefile PLIST.common distinfo
Removed Files:
        pkgsrc/security/openssl/patches: patch-crypto_rand_randfile.c

Log Message:
Update security/openssl to 1.0.2i.

 Changes between 1.0.2h and 1.0.2i [22 Sep 2016]

  *) OCSP Status Request extension unbounded memory growth

     A malicious client can send an excessively large OCSP Status Request
     extension. If that client continually requests renegotiation, sending a
     large OCSP Status Request extension each time, then there will be unbounded
     memory growth on the server. This will eventually lead to a Denial Of
     Service attack through memory exhaustion. Servers with a default
     configuration are vulnerable even if they do not support OCSP. Builds using
     the "no-ocsp" build time option are not affected.

     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
     (CVE-2016-6304)
     [Matt Caswell]

  *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
     HIGH to MEDIUM.

     This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
     Leurent (INRIA)
     (CVE-2016-2183)
     [Rich Salz]

  *) OOB write in MDC2_Update()

     An overflow can occur in MDC2_Update() either if called directly or
     through the EVP_DigestUpdate() function using MDC2. If an attacker
     is able to supply very large amounts of input data after a previous
     call to EVP_EncryptUpdate() with a partial block then a length check
     can overflow resulting in a heap corruption.

     The amount of data needed is comparable to SIZE_MAX which is impractical
     on most platforms.

     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
     (CVE-2016-6303)
     [Stephen Henson]

  *) Malformed SHA512 ticket DoS

     If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
     DoS attack where a malformed ticket will result in an OOB read which will
     ultimately crash.

     The use of SHA512 in TLS session tickets is comparatively rare as it requires
     a custom server callback and ticket lookup mechanism.

     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
     (CVE-2016-6302)
     [Stephen Henson]

  *) OOB write in BN_bn2dec()

     The function BN_bn2dec() does not check the return value of BN_div_word().
     This can cause an OOB write if an application uses this function with an
     overly large BIGNUM. This could be a problem if an overly large certificate
     or CRL is printed out from an untrusted source. TLS is not affected because
     record limits will reject an oversized certificate before it is parsed.

     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
     (CVE-2016-2182)
     [Stephen Henson]

  *) OOB read in TS_OBJ_print_bio()

     The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
     the total length the OID text representation would use and not the amount
     of data written. This will result in OOB reads when large OIDs are
     presented.

     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
     (CVE-2016-2180)
     [Stephen Henson]

  *) Pointer arithmetic undefined behaviour

     Avoid some undefined pointer arithmetic

     A common idiom in the codebase is to check limits in the following manner:
     "p + len > limit"

     Where "p" points to some malloc'd data of SIZE bytes and
     limit == p + SIZE

     "len" here could be from some externally supplied data (e.g. from a TLS
     message).

     The rules of C pointer arithmetic are such that "p + len" is only well
     defined where len <= SIZE. Therefore the above idiom is actually
     undefined behaviour.

     For example this could cause problems if some malloc implementation
     provides an address for "p" such that "p + len" actually overflows for
     values of len that are too big and therefore p + len < limit.

     This issue was reported to OpenSSL by Guido Vranken
     (CVE-2016-2177)
     [Matt Caswell]

  *) Constant time flag not preserved in DSA signing

     Operations in the DSA signing algorithm should run in constant time in
     order to avoid side channel attacks. A flaw in the OpenSSL DSA
     implementation means that a non-constant time codepath is followed for
     certain operations. This has been demonstrated through a cache-timing
     attack to be sufficient for an attacker to recover the private DSA key.

     This issue was reported by César Pereida (Aalto University), Billy Brumley
     (Tampere University of Technology), and Yuval Yarom (The University of
     Adelaide and NICTA).
     (CVE-2016-2178)
     [César Pereida]

  *) DTLS buffered message DoS

     In a DTLS connection where handshake messages are delivered out-of-order
     those messages that OpenSSL is not yet ready to process will be buffered
     for later use. Under certain circumstances, a flaw in the logic means that
     those messages do not get removed from the buffer even though the handshake
     has been completed. An attacker could force up to approx. 15 messages to
     remain in the buffer when they are no longer required. These messages will
     be cleared when the DTLS connection is closed. The default maximum size for
     a message is 100k. Therefore the attacker could force an additional 1500k
     to be consumed per connection. By opening many simulataneous connections an
     attacker could cause a DoS attack through memory exhaustion.

     This issue was reported to OpenSSL by Quan Luo.
     (CVE-2016-2179)
     [Matt Caswell]

  *) DTLS replay protection DoS

     A flaw in the DTLS replay attack protection mechanism means that records
     that arrive for future epochs update the replay protection "window" before
     the MAC for the record has been validated. This could be exploited by an
     attacker by sending a record for the next epoch (which does not have to
     decrypt or have a valid MAC), with a very large sequence number. This means
     that all subsequent legitimate packets are dropped causing a denial of
     service for a specific DTLS connection.

     This issue was reported to OpenSSL by the OCAP audit team.
     (CVE-2016-2181)
     [Matt Caswell]

  *) Certificate message OOB reads

     In OpenSSL 1.0.2 and earlier some missing message length checks can result
     in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
     theoretical DoS risk but this has not been observed in practice on common
     platforms.

     The messages affected are client certificate, client certificate request
     and server certificate. As a result the attack can only be performed
     against a client or a server which enables client authentication.

     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
     (CVE-2016-6306)
     [Stephen Henson]


To generate a diff of this commit:
cvs rdiff -u -r1.225 -r1.226 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/security/openssl/PLIST.common
cvs rdiff -u -r1.123 -r1.124 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/security/openssl/patches/patch-crypto_rand_randfile.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.225 pkgsrc/security/openssl/Makefile:1.226
--- pkgsrc/security/openssl/Makefile:1.225      Sat Jul  9 06:38:56 2016
+++ pkgsrc/security/openssl/Makefile    Thu Sep 22 12:28:55 2016
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.225 2016/07/09 06:38:56 wiz Exp $
+# $NetBSD: Makefile,v 1.226 2016/09/22 12:28:55 jperkin Exp $
 
-DISTNAME=      openssl-1.0.2h
-PKGREVISION=   2
+DISTNAME=      openssl-1.0.2i
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 

Index: pkgsrc/security/openssl/PLIST.common
diff -u pkgsrc/security/openssl/PLIST.common:1.29 pkgsrc/security/openssl/PLIST.common:1.30
--- pkgsrc/security/openssl/PLIST.common:1.29   Tue May  3 14:51:16 2016
+++ pkgsrc/security/openssl/PLIST.common        Thu Sep 22 12:28:55 2016
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST.common,v 1.29 2016/05/03 14:51:16 jperkin Exp $
+@comment $NetBSD: PLIST.common,v 1.30 2016/09/22 12:28:55 jperkin Exp $
 bin/c_rehash
 bin/openssl
 include/openssl/aes.h
@@ -1572,6 +1572,7 @@ man/man3/bn_sqr_words.3
 man/man3/bn_sub_words.3
 man/man3/bn_wexpand.3
 man/man3/d2i_ASN1_OBJECT.3
+man/man3/d2i_AutoPrivateKey.3
 man/man3/d2i_CMS_ContentInfo.3
 man/man3/d2i_DHparams.3
 man/man3/d2i_DSAPrivateKey.3
@@ -1589,6 +1590,8 @@ man/man3/d2i_Netscape_RSA.3
 man/man3/d2i_PKCS8PrivateKey.3
 man/man3/d2i_PKCS8PrivateKey_bio.3
 man/man3/d2i_PKCS8PrivateKey_fp.3
+man/man3/d2i_PrivateKey.3
+man/man3/d2i_Private_key.3
 man/man3/d2i_RSAPrivateKey.3
 man/man3/d2i_RSAPublicKey.3
 man/man3/d2i_RSA_PUBKEY.3
@@ -1629,6 +1632,7 @@ man/man3/i2d_PKCS8PrivateKey_bio.3
 man/man3/i2d_PKCS8PrivateKey_fp.3
 man/man3/i2d_PKCS8PrivateKey_nid_bio.3
 man/man3/i2d_PKCS8PrivateKey_nid_fp.3
+man/man3/i2d_PrivateKey.3
 man/man3/i2d_RSAPrivateKey.3
 man/man3/i2d_RSAPublicKey.3
 man/man3/i2d_RSA_PUBKEY.3

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.123 pkgsrc/security/openssl/distinfo:1.124
--- pkgsrc/security/openssl/distinfo:1.123      Thu Sep  8 15:43:13 2016
+++ pkgsrc/security/openssl/distinfo    Thu Sep 22 12:28:55 2016
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.123 2016/09/08 15:43:13 jperkin Exp $
+$NetBSD: distinfo,v 1.124 2016/09/22 12:28:55 jperkin Exp $
 
-SHA1 (openssl-1.0.2h.tar.gz) = 577585f5f5d299c44dd3c993d3c0ac7a219e4949
-RMD160 (openssl-1.0.2h.tar.gz) = b7ab97d34582b7467929bbcd2bb8fbc4d19ac05e
-SHA512 (openssl-1.0.2h.tar.gz) = 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303
-Size (openssl-1.0.2h.tar.gz) = 5274412 bytes
+SHA1 (openssl-1.0.2i.tar.gz) = 25a92574ebad029dcf2fa26c02e10400a0882111
+RMD160 (openssl-1.0.2i.tar.gz) = d33628eea2838e392390a348b516425569308c3b
+SHA512 (openssl-1.0.2i.tar.gz) = 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3
+Size (openssl-1.0.2i.tar.gz) = 5308232 bytes
 SHA1 (patch-Configure) = bebb9c435914b89ab9d5afabceb7d95903d4b56a
 SHA1 (patch-Makefile.org) = d2a9295003a8b88718a328b01ff6bcbbc102ec0b
 SHA1 (patch-Makefile.shared) = d317004d6ade167fc3b6e533bb8a1e93657188b2
@@ -11,6 +11,5 @@ SHA1 (patch-apps_Makefile) = 60113291f2a
 SHA1 (patch-config) = 345cadece3bdf0ef0a273a6c9ba6d0cbb1026a31
 SHA1 (patch-crypto_bn_bn__prime.pl) = a516f3709a862d85e659d466e895419b1e0a94c8
 SHA1 (patch-crypto_des_Makefile) = 7a23f9883ff6c93ec0e5d08e1332cc95de8cdba2
-SHA1 (patch-crypto_rand_randfile.c) = 48b703df088cbb703109c73b051010bc9907bb58
 SHA1 (patch-engines_ccgost_Makefile) = 5ff1e2705f6cb46075d5e005af9e804bb81d65e5
 SHA1 (patch-tools_Makefile) = 67f0b9b501969382fd89b678c277d32bf5d294bc



Home | Main Index | Thread Index | Old Index