Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
CVE-2007-5135: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. According to Moritz Jodeit this is related to an improper fix for CVE-2006-3738.
The patch to the OpenSSL_0_9_8-stable branch can be found here: http://cvs.openssl.org/chngview?cn=16587 base-system, please advise.
openssl-0.9.8e-r3 in the tree with the patch
Thanks, vapier. Arches, please stabilize dev-libs/openssl-0.9.8e-r3 Targets are:"alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd ~sparc-fbsd" BSD, you don't have keywords for any 0.9.8 version. Are you interested?
ppc64 stable
For BDS: yes, definitely! I'm trying to build 0.9.8e-r3 on BSD now, and I'll keyword it when successful. BTW, it looks like system includes (previously installed by openssl) are being referenced during the build: gmake[2]: Entering directory `/var/tmp/portage/dev-libs/openssl-0.9.8e-r3/work/openssl-0.9.8e/crypto/mdc2' i686-gentoo-freebsd6.2-gcc -I.. -I../.. -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -O2 -mtune=i686 -pipe -Wa,--noexecstack -c -o mdc2dgst.o mdc2dgst.c mdc2dgst.c:88: error: conflicting types for 'MDC2_Update' /usr/include/openssl/mdc2.h:87: error: previous declaration of 'MDC2_Update' was here Note that it's using /usr/include/openssl/mdc2.h... I'll look at this more tomorrow, but even if the compile works, it should not be relying on old installs or using includes from them (could lead to insidious issues).
base-system, please have a look at comment #5.
completely unrelated and nothing new there is already a different open bug on the topic
x86 stable
ppc stable
Created an attachment (id=132255) [details] openssl-0.9.8e-r3.ebuild This ebuild patch fixes the "find" command that uses the "-lname" option. This is a GNU option not available in BSD. With this patch, we will be able to keyword x86-fbsd, and it appears to work. I am hesitant to modify r3, however, since two archs have stabled, and this has not been tested on these (although it should work). They really should check it again with this patch. I can check this in as r4 - please advise. SpanKY, BTW, your patch from bug #146316 fixed the BSD compile problem. Thanks!
1. Emerges on SPARC. 2. No collisions. 3. Tests run fine. (In reply to comment #10) > Created an attachment (id=132255) [edit] [details] > openssl-0.9.8e-r3.ebuild I've used the patch for testing 0.9.8e-r4. Tested with: dev-libs/openssl-0.9.8e-r3 (test) dev-libs/openssl-0.9.8e-r3 (test zlib) dev-libs/openssl-0.9.8e-r4 (test zlib) dev-libs/openssl-0.9.8e-r4 (test) emerge --info: Portage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.17-gentoo-r8 sparc64) ================================================================= System uname: 2.6.17-gentoo-r8 sparc64 sun4u Timestamp of tree: Sun, 30 Sep 2007 20:50:01 +0000 app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="sparc" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-O2 -mcpu=ultrasparc3 -pipe" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -mcpu=ultrasparc3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protection distlocks metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.gentoo-pt.org/pub/gentoo ftp://mirrors1.netvisao.pt/gentoo/ http://trumpetti.tut.atm.fi/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://atl64.acores.pt/gentoo-portage" USE="bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv isdnlog midi mudflap nls nptl nptlonly openmp pam pcre ppds pppd reflection session sparc spl tcpd test truetype-fonts type1-fonts unicode vhosts xorg" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="dummy fbdev glint mach64 mga r128 radeon sunbw2 suncg14 suncg3 suncg6 sunffb sunleo tdfx v4l voodoo" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
this bug is for stabilizing due to CVE-2007-5135, not for dumping random issues file new bugs
mips stable.
OK, I will make a r4 version with the patch, and I'll file a new bug so we can keyword BSD. Thanks to Jorge for testing my patch on sparc.
Keyworded ~x86-fbsd
alpha/ia64/sparc stable, thanks Jorge Manuel
Keyworded ~sparc-fbsd.
Stable for HPPA.
dev-libs/openssl-0.9.8e-r3 USE="(sse2) test zlib -bindist -emacs" 1. Emerges on AMD64. 2. No collisions and passes tests etc. 3. Have used it for a couple of hours with openssh. Both with pw auth and key auth. Portage 2.1.3.9 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r2 x86_64) ================================================================= System uname: 2.6.22-gentoo-r2 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Timestamp of tree: Sun, 30 Sep 2007 21:50:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://ds.thn.htu.se/linux/gentoo" LC_ALL="en_DK.utf8" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/php-testing /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection samba sdl session spell spl sse sse2 sse3 ssl svg tcpd test threads tiff truetype truetype-fonts type1-fonts unicode vorbis x264 xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
amd64 done, thanks Jonas
Last supported arch done, please file a GLSA request.
GLSA 200710-06
