Dominique Leuenberger 2020-04-27 21:27:46 +00:00 committed by Git OBS Bridge
commit 0d743beb17
8 changed files with 320 additions and 300 deletions

View File

@ -1,7 +1,7 @@
Index: openssl-1.1.1d/include/crypto/rand.h
Index: openssl-1.1.1g/include/crypto/rand.h
===================================================================
--- openssl-1.1.1d.orig/include/crypto/rand.h 2020-01-23 13:45:11.368633835 +0100
+++ openssl-1.1.1d/include/crypto/rand.h 2020-01-23 13:45:11.384633930 +0100
--- openssl-1.1.1g.orig/include/crypto/rand.h 2020-04-21 15:59:25.552654754 +0200
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-21 15:59:27.208663772 +0200
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
@ -17,20 +17,22 @@ Index: openssl-1.1.1d/include/crypto/rand.h
/*
* RAND_POOL functions
*/
Index: openssl-1.1.1d/crypto/rand/build.info
Index: openssl-1.1.1g/crypto/rand/build.info
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/build.info 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/build.info 2020-01-23 13:45:11.384633930 +0100
@@ -1,4 +1,4 @@
--- openssl-1.1.1g.orig/crypto/rand/build.info 2020-04-21 15:59:27.208663772 +0200
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-21 16:00:32.869021309 +0200
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- randfile.c rand_lib.c rand_err.c rand_egd.c \
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
INCLUDE[drbg_ctr.o]=../modes
Index: openssl-1.1.1g/crypto/rand/drbg_lib.c
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/drbg_lib.c 2020-01-23 13:45:11.368633835 +0100
+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2020-01-23 13:45:11.384633930 +0100
--- openssl-1.1.1g.orig/crypto/rand/drbg_lib.c 2020-04-21 15:59:25.552654754 +0200
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-21 15:59:27.208663772 +0200
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
@ -54,10 +56,10 @@ Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
#ifndef RAND_DRBG_GET_RANDOM_NONCE
drbg->get_nonce = rand_drbg_get_nonce;
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
Index: openssl-1.1.1g/crypto/rand/rand_crng_test.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/rand/rand_crng_test.c 2020-01-23 13:45:11.384633930 +0100
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-21 15:59:27.208663772 +0200
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
@ -177,10 +179,10 @@ Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
Index: openssl-1.1.1d/crypto/rand/rand_local.h
Index: openssl-1.1.1g/crypto/rand/rand_local.h
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/rand_local.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/rand_local.h 2020-01-23 13:45:11.384633930 +0100
--- openssl-1.1.1g.orig/crypto/rand/rand_local.h 2020-04-21 15:59:25.552654754 +0200
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-21 15:59:27.208663772 +0200
@@ -33,7 +33,15 @@
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
@ -230,10 +232,10 @@ Index: openssl-1.1.1d/crypto/rand/rand_local.h
+int rand_crngt_single_init(void);
+
#endif
Index: openssl-1.1.1d/test/drbgtest.c
Index: openssl-1.1.1g/test/drbgtest.c
===================================================================
--- openssl-1.1.1d.orig/test/drbgtest.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/drbgtest.c 2020-01-23 13:45:11.384633930 +0100
--- openssl-1.1.1g.orig/test/drbgtest.c 2020-04-21 15:59:25.552654754 +0200
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-21 15:59:27.208663772 +0200
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
return t->noncelen;
}

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35
size 9792828

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6DNO8ACgkQ2cTSbQ5g
RJEcRQf+PEPY47eqigmUqN26vlOu/QUjYFlB5R9K90DFJvS+UM/KoS4UwdTSuska
hk010MFZlhlFKvzFX6pkyq4AHW1Ta3la3VqRwHAv/TYVCWKIsSKpm07tW6Z/aF4w
N4JAciN9I1+nsnEYvVZUbDvXw64B35Hxgd6mRc6gRbp8yQwkPNUspZxS6DcUIPPV
bgU/s/+aB1kqjG6oBbe7HFBqD8xbnvL8/unsi3OLLxUp2dUvndHDmKX/sW6+T8S2
BL3Czskk25hV2fYMZY/97oiUDkTNH3Tfa1WlwLRF/NPAakem2m47biwgJv74mKAm
8D6M7om3dh3FsBYMq2JkfHIfUTvhRw==
=WoEF
-----END PGP SIGNATURE-----

3
openssl-1.1.1g.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
size 9801502

11
openssl-1.1.1g.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6e5ZUACgkQ2cTSbQ5g
RJHnTQf+KGRLb4BacpX2zWwjEHy/F4ylVcQXV0e5tVcLhdoviUxShb6RQ05uQ9XQ
Jmm94vFoquPGwhkH4HcT8NE5vYROsGqbgyy8i4D1iq5sJ/vFc1yU6b8Xxpnljk8N
mxjz69uHftPbJknNhpNzMbRn+UzZZpK7sU4kgr0u0H8FBuX7m61hFLRqJWNbsx5R
E3ekj06iPvzE+mxxWOOtJx412Ury69atfCP+SzUGLLYvaIm/htInR8uI7uEVh2hu
Aj1il4BvZX/r11PgSlzbwl9FZorKc+S6vrxnPek8+QKCRluvFe0IhcerLoIPk4Ok
gmM3j8ng49KW3xVL6IZIMjkfZdTuTw==
=CJa/
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Tue Apr 21 13:47:04 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.1.1g
* Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407)
Server or client applications that call the SSL_check_chain() function
during or after a TLS 1.3 handshake may crash due to a NULL pointer
dereference as a result of incorrect handling of the
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid
or unrecognised signature algorithm is received from the peer. This could
be exploited by a malicious peer in a Denial of Service attack.
* Added AES consttime code for no-asm configurations
an optional constant time support for AES was added
when building openssl for no-asm.
- refresh patches:
* openssl-1.1.1-fips.patch
* openssl-1.1.1-fips-crng-test.patch
-------------------------------------------------------------------
Tue Mar 31 14:05:24 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>

View File

@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" package!
Version: 1.1.1f
Version: 1.1.1g
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL