Redefine sslarch for x86_64_v2 arch

2025-10-24 02:59:05 +00:00 · 2025-10-24 02:59:05 +00:00 · cbe3be3676
commit cbe3be3676
parent 02e6a29675 4cf5738ac1
2 changed files with 40 additions and 2 deletions
--- a/0059-Fix-incorrect-check-of-unwrapped-key-size.patch
+++ b/0059-Fix-incorrect-check-of-unwrapped-key-size.patch
@ -0,0 +1,33 @@
+From 9c462be2cea54ebfc62953224220b56f8ba22a0c Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <openssl-users@dukhovni.org>
+Date: Thu, 11 Sep 2025 18:10:12 +0200
+Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
+
+Fixes CVE-2025-9230
+
+The check is off by 8 bytes so it is possible to overread by
+up to 8 bytes and overwrite up to 4 bytes.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/cms/cms_pwri.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
+index 106bd98dc7..ba8646f93c 100644
+--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
+@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+         /* Check byte failure */
+         goto err;
+     }
+-    if (inlen < (size_t)(tmp[0] - 4)) {
+    if (inlen < 4 + (size_t)tmp[0]) {
+         /* Invalid length value */
+         goto err;
+     }
+-- 
+2.51.0
+
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.5.1
-Release: 5%{?dist}.alma.1
+Release: 6%{?dist}.alma.1
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@ -100,6 +100,7 @@ Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
 Patch0056: 0056-Speed-test-signatures-without-errors.patch
 Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch
 Patch0058: 0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch
+Patch0059: 0059-Fix-incorrect-check-of-unwrapped-key-size.patch

 License: Apache-2.0
 URL: http://www.openssl.org/
@ -463,9 +464,13 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 %ldconfig_scriptlets libs

 %changelog
-* Sat Sep 06 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-5.alma.1
+* Fri Oct 24 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-6.alma.1
 - Redefine sslarch for x86_64_v2 arch

+* Wed Oct 22 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-6
+- Fix CVE-2025-9230
+  Resolves: RHEL-115883
+
 * Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
 - Fix globally disabled LTO
  Related: RHEL-111634