[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Mon Sep 26 10:06:25 UTC 2016 

The branch OpenSSL_1_0_2-stable has been updated
       via  f6e43fee7060ec5c335724fea8097060a4359f2f (commit)
       via  e216bf9d7ca761718f34e8b3094fcb32c7a143e4 (commit)
       via  ca430ece0d5cf5820d9e580252f3118602e40332 (commit)
       via  6e629b5be45face20b4ca71c4fcbfed78b864a2e (commit)
      from  f15a7e39a1f7d41716ca5f07faef74f55147d2cf (commit)


- Log -----------------------------------------------------------------
commit f6e43fee7060ec5c335724fea8097060a4359f2f
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 26 10:50:48 2016 +0100

    Prepare for 1.0.2k-dev
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit e216bf9d7ca761718f34e8b3094fcb32c7a143e4
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 26 10:49:49 2016 +0100

    Prepare for 1.0.2j release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit ca430ece0d5cf5820d9e580252f3118602e40332
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 26 09:51:30 2016 +0100

    Update CHANGES and NEWS for the new release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 6e629b5be45face20b4ca71c4fcbfed78b864a2e
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Aug 23 00:01:57 2016 +0100

    Add some sanity checks when checking CRL scores
    
    Note: this was accidentally omitted from OpenSSL 1.0.2 branch.
    Without this fix any attempt to use CRLs will crash.
    
    CVE-2016-7052
    
    Thanks to Bruce Stephens and Thomas Jakobi for reporting this issue.
    
    Reviewed-by: Stephen Henson <steve at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                | 14 +++++++++++++-
 NEWS                   |  6 +++++-
 README                 |  2 +-
 crypto/opensslv.h      |  6 +++---
 crypto/x509/x509_vfy.c |  4 ++--
 openssl.spec           |  2 +-
 6 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index c072379..009b7ef 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,22 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.2i and 1.0.2j [xx XXX xxxx]
+ Changes between 1.0.2j and 1.0.2k [xx XXX xxxx]
 
   *)
 
+ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
+
+  *) Missing CRL sanity check
+
+     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+     This issue only affects the OpenSSL 1.0.2i
+     (CVE-2016-7052)
+     [Matt Caswell]
+
  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
 
   *) OCSP Status Request extension unbounded memory growth
diff --git a/NEWS b/NEWS
index 6a787e6..24a1317 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [under development]
+  Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development]
 
       o
 
+  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
+
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
+
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
 
       o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
diff --git a/README b/README
index 9cba523..dece269 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2j-dev
+ OpenSSL 1.0.2k-dev
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index c40160b..0f4251f 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x100020a0L
+# define OPENSSL_VERSION_NUMBER  0x100020b0L
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-fips-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2k-fips-dev  xx XXX xxxx"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2k-dev  xx XXX xxxx"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8334b3f..b147201 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
         crl = sk_X509_CRL_value(crls, i);
         reasons = *preasons;
         crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-        if (crl_score < best_score)
+        if (crl_score < best_score || crl_score == 0)
             continue;
         /* If current CRL is equivalent use it if it is newer */
-        if (crl_score == best_score) {
+        if (crl_score == best_score && best_crl != NULL) {
             int day, sec;
             if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
                                X509_CRL_get_lastUpdate(crl)) == 0)
diff --git a/openssl.spec b/openssl.spec
index 880a5c3..7bbcdf6 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
 
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-Version: 1.0.2j
+Version: 1.0.2k
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 License: OpenSSL
 Group: System Environment/Libraries

More information about the openssl-commits mailing list