Muehlenhoff has uploaded a new change for review. https://gerrit.wikimedia.org/r/320789
Change subject: Update to 1.1.0c and drop merged fix-read-ahead.patch ...................................................................... Update to 1.1.0c and drop merged fix-read-ahead.patch Change-Id: Iff74c299e35ef36b3727e4b5f9961053f18a5d77 --- M debian/changelog D debian/patches/fix-read-ahead.patch M debian/patches/series 3 files changed, 10 insertions(+), 71 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/debs/openssl11 refs/changes/89/320789/1 diff --git a/debian/changelog b/debian/changelog index 21a23af..603c1b6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +openssl (1.1.0c-1+wmf1) jessie-wikimedia; urgency=medium + + * New upstream release + - Fix CVE-2016-7054 + - Fix CVE-2016-7053 + - Fix CVE-2016-7055 + * Drop fix-read-ahead.patch, merged in 1.1.0c + + -- Moritz Muehlenhoff <mmuhlenh...@wikimedia.org> Thu, 10 Nov 2016 16:42:36 +0100 + openssl (1.1.0b-1+wmf2) jessie-wikimedia; urgency=medium * Cherrypick 0f6c9d73cb1e1027c67d993a669719e351c25cfc from the diff --git a/debian/patches/fix-read-ahead.patch b/debian/patches/fix-read-ahead.patch deleted file mode 100644 index 436bd0a..0000000 --- a/debian/patches/fix-read-ahead.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 0f6c9d73cb1e1027c67d993a669719e351c25cfc Mon Sep 17 00:00:00 2001 -From: Matt Caswell <m...@openssl.org> -Date: Wed, 2 Nov 2016 10:34:12 +0000 -Subject: [PATCH] Fix read_ahead - -The function ssl3_read_n() takes a parameter |clearold| which, if set, -causes any old data in the read buffer to be forgotten, and any unread data -to be moved to the start of the buffer. This is supposed to happen when we -first read the record header. - -However, the data move was only taking place if there was not already -sufficient data in the buffer to satisfy the request. If read_ahead is set -then the record header could be in the buffer already from when we read the -preceding record. So with read_ahead we can get into a situation where even -though |clearold| is set, the data does not get moved to the start of the -read buffer when we read the record header. This means there is insufficient -room in the read buffer to consume the rest of the record body, resulting in -an internal error. - -This commit moves the |clearold| processing to earlier in ssl3_read_n() -to ensure that it always takes place. - -Reviewed-by: Richard Levitte <levi...@openssl.org> -(cherry picked from commit a7faa6da317887e14e8e28254a83555983ed6ca7) ---- - ssl/record/rec_layer_s3.c | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c -index 9c8c23c..4535f89 100644 ---- a/ssl/record/rec_layer_s3.c -+++ b/ssl/record/rec_layer_s3.c -@@ -241,6 +241,18 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) - /* ... now we can act as if 'extend' was set */ - } - -+ len = s->rlayer.packet_length; -+ pkt = rb->buf + align; -+ /* -+ * Move any available bytes to front of buffer: 'len' bytes already -+ * pointed to by 'packet', 'left' extra ones at the end -+ */ -+ if (s->rlayer.packet != pkt && clearold == 1) { -+ memmove(pkt, s->rlayer.packet, len + left); -+ s->rlayer.packet = pkt; -+ rb->offset = len + align; -+ } -+ - /* - * For DTLS/UDP reads should not span multiple packets because the read - * operation returns the whole packet at once (as long as it fits into -@@ -263,18 +275,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) - - /* else we need to read more data */ - -- len = s->rlayer.packet_length; -- pkt = rb->buf + align; -- /* -- * Move any available bytes to front of buffer: 'len' bytes already -- * pointed to by 'packet', 'left' extra ones at the end -- */ -- if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ -- memmove(pkt, s->rlayer.packet, len + left); -- s->rlayer.packet = pkt; -- rb->offset = len + align; -- } -- - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ - SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); - return -1; diff --git a/debian/patches/series b/debian/patches/series index 145ae81..5b5a83d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,4 +5,3 @@ pic.patch c_rehash-compat.patch #padlock_conf.patch -fix-read-ahead.patch -- To view, visit https://gerrit.wikimedia.org/r/320789 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iff74c299e35ef36b3727e4b5f9961053f18a5d77 Gerrit-PatchSet: 1 Gerrit-Project: operations/debs/openssl11 Gerrit-Branch: master Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits