[Bug 1438483] Re: Sync moonshot-gss-eap 0.9.2-3+deb8u1 (universe) from Debian unstable (main)
Micah Gersten
launchpad at micahscomputing.com
Tue Mar 31 04:14:56 UTC 2015
Thank you for keeping Ubuntu up to date. I'll take a look at this.
** Changed in: moonshot-gss-eap (Ubuntu)
Status: New => In Progress
** Changed in: moonshot-gss-eap (Ubuntu)
Importance: Undecided => High
** Changed in: moonshot-gss-eap (Ubuntu)
Assignee: (unassigned) => Micah Gersten (micahg)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1438483
Title:
Sync moonshot-gss-eap 0.9.2-3+deb8u1 (universe) from Debian unstable
(main)
Status in moonshot-gss-eap package in Ubuntu:
Fix Released
Bug description:
Please sync moonshot-gss-eap 0.9.2-3+deb8u1 (universe) from Debian
unstable (main)
This version addresses two critical problems which will effect ubuntu users.
-These are not filed in launchpad, but were debian bugs.
The first is that if an application using moonshot-gss-eap deletes a security context (read closes a session) all uses of openssl in the same process break.
The second is that there's a parsing bug that prevents credentials issued by the world's only production Moonshot service (JISC Assent) from being used.
While Ubuntu users are free to set up their own moonshot services, we know that several sites in the target customer base of JISC Assent do use Ubuntu and we'd like moonshot-gss-eap in Ubuntu to work for them.
I've included a debdiff to illustrate that the changes are small and
well-contained.
Changelog entries since current vivid version 0.9.2-3:
moonshot-gss-eap (0.9.2-3+deb8u1) unstable; urgency=medium
* Incorporate upstream deltas:
- 6dbf073: Allow white space in CA certificates, Closes: #781312
- 90f04c98: Don't shut down openssl on last context deletion,
Closes: #781311
-- Sam Hartman <hartmans at debian.org> Fri, 27 Mar 2015 08:16:18 -0400
diff --git a/debian/changelog b/debian/changelog
index 5aa07bc..3027275 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+moonshot-gss-eap (0.9.2-3+deb8u1) unstable; urgency=medium
+
+ * Incorporate upstream deltas:
+ - 6dbf073: Allow white space in CA certificates, Closes: #781312
+ - 90f04c98: Don't shut down openssl on last context deletion,
+ Closes: #781311
+
+ -- Sam Hartman <hartmans at debian.org> Fri, 27 Mar 2015 08:16:18 -0400
+
moonshot-gss-eap (0.9.2-3) unstable; urgency=medium
* Review security of libeap/wpa_supplicant and send mail to security
diff --git a/libeap/src/crypto/tls_openssl.c b/libeap/src/crypto/tls_openssl.c
index c0a40f9..d155c09 100644
--- a/libeap/src/crypto/tls_openssl.c
+++ b/libeap/src/crypto/tls_openssl.c
@@ -767,13 +767,7 @@ void tls_deinit(void *ssl_ctx)
tls_openssl_ref_count--;
if (tls_openssl_ref_count == 0) {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif /* OPENSSL_NO_ENGINE */
- CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
- ERR_free_strings();
- EVP_cleanup();
os_free(tls_global);
tls_global = NULL;
}
diff --git a/mech_eap/util_base64.c b/mech_eap/util_base64.c
index aaa1ea8..0ec1cdc 100644
--- a/mech_eap/util_base64.c
+++ b/mech_eap/util_base64.c
@@ -124,9 +124,15 @@ base64Decode(const char *str, void *data)
q = data;
p = str;
- while (*p && *p && (*p == '=' || strchr(base64_chars, *p))) {
- unsigned int val = token_decode(p);
- unsigned int marker = (val >> 24) & 0xff;
+ while (*p && (*p == '=' || strchr(base64_chars, *p) || isspace(*p))) {
+ unsigned int val;
+ unsigned int marker;
+ if (isspace(*p)) {
+ p++;
+ continue;
+ }
+ val = token_decode(p);
+ marker = (val >> 24) & 0xff;
if (val == DECODE_ERROR)
return -1;
*q++ = (val >> 16) & 0xff;
@@ -135,8 +141,6 @@ base64Decode(const char *str, void *data)
if (marker < 1)
*q++ = val & 0xff;
p += 4;
- if (*p == '\n')
- p++;
}
return q - (unsigned char *) data;
}
diff --git a/mech_eap/util_moonshot.c b/mech_eap/util_moonshot.c
index ce05322..68537a3 100644
--- a/mech_eap/util_moonshot.c
+++ b/mech_eap/util_moonshot.c
@@ -241,8 +241,7 @@ libMoonshotResolveInitiatorCred(OM_uint32 *minor,
blobLength = base64Decode(caCertificate, blobData);
- if ((blobLength <= 0) ||
- (blobLength < maxLength - 2)) {
+ if (blobLength <= 0) {
major = GSS_S_DEFECTIVE_CREDENTIAL;
*minor = GSSEAP_BAD_CACERTIFICATE;
GSSEAP_FREE(blobData);
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/moonshot-gss-eap/+bug/1438483/+subscriptions
More information about the Ubuntu-sponsors
mailing list