From d25b665162092b2802ef21955d16d5413f12faae Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 18 2022 08:21:04 +0000 Subject: import openssl-1.0.2k-24.el7_9 --- diff --git a/SOURCES/openssl-1.0.2k-cve-2021-3712.patch b/SOURCES/openssl-1.0.2k-cve-2021-3712.patch index 43a1687..dfa10ca 100644 --- a/SOURCES/openssl-1.0.2k-cve-2021-3712.patch +++ b/SOURCES/openssl-1.0.2k-cve-2021-3712.patch @@ -300,8 +300,8 @@ diff -up openssl-1.0.2k/crypto/x509v3/v3_utl.c.read-buff openssl-1.0.2k/crypto/x - emtmp = BUF_strdup((char *)email->data); - if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + } -+ if (sk_OPENSSL_STRING_push(*sk, emtmp)) { -+ OPENSSL_free(emtmp); ++ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { ++ OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; return 0; diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index 2c52b48..0b83f8c 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.2k -Release: 23%{?dist} +Release: 24%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -559,6 +559,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Thu Jan 13 2022 Sahana Prasad 1.0.2k-24 +- Updates patch openssl-1.0.2k-cve-2021-3712.patch to only free on push failure. +- Resolves: rhbz#2039993 + * Sat Nov 20 2021 Sahana Prasad 1.0.2k-23 - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#1996054