rpms/perl-Crypt-OpenSSL-DSA/F-9 Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch, NONE, 1.1 perl-Crypt-OpenSSL-DSA.spec, 1.5, 1.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Author: hardaker

Update of /cvs/extras/rpms/perl-Crypt-OpenSSL-DSA/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9607/F-9

Modified Files:
	perl-Crypt-OpenSSL-DSA.spec 
Added Files:
	Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch 
Log Message:
update to fix CVE-2009-0129

Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch:

--- NEW FILE Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch ---
# Author: Damyan Ivanov <dmn@xxxxxxxxxx>
# Description: make do_verify() croak on error in the same way
#              verify() already does
#              Document that verify()/do_verify() croak on errors
# Debian-Bug: http://bugs.debian.org/511519
--- a/DSA.xs
+++ b/DSA.xs
@@ -139,6 +139,8 @@ do_verify(dsa, dgst, sig)
     CODE:
         dgst_pv = SvPV(dgst, dgst_len);
         RETVAL = DSA_do_verify(dgst_pv, dgst_len, sig, dsa);
+        if (RETVAL == -1)
+          croak("Error in DSA_do_verify: %s",ERR_error_string(ERR_get_error(), NULL));
     OUTPUT:
         RETVAL
 
--- a/lib/Crypt/OpenSSL/DSA.pm
+++ b/lib/Crypt/OpenSSL/DSA.pm
@@ -124,10 +124,14 @@ Verifies that the $sig signature for $me
 
 $dsa is the signer's public key.
 
+Note it croaks if the underlying library call returns error (-1).
+
 =item $valid = $dsa->do_verify( $message, $sig_obj );
 
 Similar to C<verify>, but uses a L<Crypt::OpenSSL::DSA::Signature> object.
 
+Note it croaks if the underlying library call returns error (-1).
+
 =item $dsa->write_params( $filename );
 
 Writes the parameters into a PEM file.

 	  	 


Index: perl-Crypt-OpenSSL-DSA.spec
===================================================================
RCS file: /cvs/extras/rpms/perl-Crypt-OpenSSL-DSA/F-9/perl-Crypt-OpenSSL-DSA.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- perl-Crypt-OpenSSL-DSA.spec	5 Mar 2008 22:50:22 -0000	1.5
+++ perl-Crypt-OpenSSL-DSA.spec	18 Feb 2009 21:18:32 -0000	1.6
@@ -1,6 +1,6 @@
 Name:           perl-Crypt-OpenSSL-DSA
 Version:        0.13
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        Perl interface to OpenSSL for DSA
 License:        GPL+ or Artistic 
 Group:          Development/Libraries
@@ -12,12 +12,16 @@
 
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 
+Patch1: Crypt-OpenSSL-DSA-0.13-security_croak-in-do_verify-too.patch
+
 %description
 Crypt::OpenSSL::DSA - Digital Signature Algorithm using OpenSSL
 
 %prep
 %setup -q -n Crypt-OpenSSL-DSA-%{version}
 
+%patch1 -p1
+
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor
 make %{?_smp_mflags}
@@ -47,6 +51,9 @@
 %{_mandir}/man3/*
 
 %changelog
+* Wed Feb 18 2009 Wes Hardaker <wjhns174@xxxxxxxxxxxxx> - 0.13-9
+- Fix CVE-2009-0129 and have do_verify croak on fatal error
+
 * Wed Mar  5 2008 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 0.13-7
 - rebuild for new perl
 

--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
Fedora-perl-devel-list mailing list
Fedora-perl-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-perl-devel-list

[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]
  Powered by Linux