diff --git a/openssl-1_1.changes b/openssl-1_1.changes index a34c4d7..662470a 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Nov 13 09:29:26 UTC 2023 - Otto Hollmann + +- Security fix: [bsc#1216922, CVE-2023-5678] + * Fix excessive time spent in DH check / generation with large Q + parameter value. + * Applications that use the functions DH_generate_key() to generate + an X9.42 DH key may experience long delays. Likewise, + applications that use DH_check_pub_key(), DH_check_pub_key_ex + () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 + DH parameters may experience long delays. Where the key or + parameters that are being checked have been obtained from an + untrusted source this may lead to a Denial of Service. + * Add openssl-CVE-2023-5678.patch +- Remove trailing spaces from changelog + ------------------------------------------------------------------- Thu Oct 19 15:03:14 UTC 2023 - Otto Hollmann @@ -633,7 +649,7 @@ Fri Jan 8 17:49:33 UTC 2021 - Pedro Monreal - Add openssl-1_1-seclevel.patch ------------------------------------------------------------------- -Thu Dec 17 17:16:08 UTC 2020 - Pedro Monreal +Thu Dec 17 17:16:08 UTC 2020 - Pedro Monreal - Require the crypto-policies package [bsc#1180051] @@ -1683,7 +1699,7 @@ Tue May 3 14:43:47 UTC 2016 - vcizek@suse.com ------------------------------------------------------------------- Fri Apr 15 16:55:05 UTC 2016 - dvaleev@suse.com -- Remove a hack for bsc#936563 +- Remove a hack for bsc#936563 - Drop bsc936563_hack.patch ------------------------------------------------------------------- @@ -1802,7 +1818,7 @@ Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com Thu Jul 2 14:46:36 UTC 2015 - dvaleev@suse.com - Workaround debugit crash on ppc64le with gcc5 - bsc936563_hack.patch (bsc#936563) + bsc936563_hack.patch (bsc#936563) ------------------------------------------------------------------- Wed Jul 1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com @@ -1814,10 +1830,10 @@ Wed Jul 1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com ------------------------------------------------------------------- Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org -- Build with no-ssl3, for details on why this is needed read +- Build with no-ssl3, for details on why this is needed read rfc7568. Contrary to the "no-ssl2" option, this does not - require us to patch dependant packages as the relevant - functions are still available (SSLv3_(client|server)_method) + require us to patch dependant packages as the relevant + functions are still available (SSLv3_(client|server)_method) but will fail to negotiate. if removing SSL3 methods is desired at a later time, option "no-ssl3-method" needs to be used. @@ -1937,7 +1953,7 @@ Fri Jan 9 10:03:37 UTC 2015 - meissner@suse.com bsc#912018 CVE-2014-8275: Fix various certificate fingerprint issues. bsc#912296 CVE-2014-3570: Correct Bignum squaring. and other bugfixes. -- openssl.keyring: use Matt Caswells current key. +- openssl.keyring: use Matt Caswells current key. pub 2048R/0E604491 2013-04-30 uid Matt Caswell uid Matt Caswell @@ -1966,7 +1982,7 @@ Fri Nov 7 22:09:27 UTC 2014 - brian@aljex.com ------------------------------------------------------------------- Tue Oct 21 19:58:31 UTC 2014 - crrodriguez@opensuse.org -- openSSL 1.0.1j +- openSSL 1.0.1j * Fix SRTP Memory Leak (CVE-2014-3513) * Session Ticket Memory Leak (CVE-2014-3567) * Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) @@ -1975,7 +1991,7 @@ Tue Oct 21 19:58:31 UTC 2014 - crrodriguez@opensuse.org ------------------------------------------------------------------- Thu Aug 21 15:05:43 UTC 2014 - meissner@suse.com -- openssl.keyring: the 1.0.1i release was done by +- openssl.keyring: the 1.0.1i release was done by Matt Caswell UK 0E604491 ------------------------------------------------------------------- @@ -2129,17 +2145,17 @@ Mon May 5 16:25:17 UTC 2014 - crrodriguez@opensuse.org - 0009-Fix-double-frees.patch, 0017-Double-free-in-i2o_ECPublicKey.patch fix various double frees (from upstream) -- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should +- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should return an error inmediately on failure of i2d_ECPrivateKey (from upstream) -- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch +- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch From libressl, modified to work on linux systems that do not have funopen() but fopencookie() instead. Once upon a time, OS didn't have snprintf, which caused openssl to bundle a *printf implementation. We know better nowadays, the glibc implementation has buffer overflow checking, has sane failure modes deal properly with threads, signals..etc.. - + - build with -fno-common as well. ------------------------------------------------------------------- @@ -2153,26 +2169,26 @@ Sun Apr 20 00:53:34 UTC 2014 - crrodriguez@opensuse.org - Build everything with full RELRO (-Wl,-z,relro,-z,now) - Remove -fstack-protector from the hardcoded build options - it is already in RPM_OPT_FLAGS and is replaced by + it is already in RPM_OPT_FLAGS and is replaced by -fstack-protector-strong with gcc 4.9 ------------------------------------------------------------------- Sun Apr 20 00:49:25 UTC 2014 - crrodriguez@opensuse.org -- Remove the "gmp" and "capi" shared engines, nobody noticed - but they are just dummies that do nothing. +- Remove the "gmp" and "capi" shared engines, nobody noticed + but they are just dummies that do nothing. ------------------------------------------------------------------- Sat Apr 19 22:29:10 UTC 2014 - crrodriguez@opensuse.org -- Use enable-rfc3779 to allow projects such as rpki.net +- Use enable-rfc3779 to allow projects such as rpki.net to work in openSUSE and match the functionality available in Debian/Fedora/etc ------------------------------------------------------------------- Sat Apr 19 22:22:01 UTC 2014 - crrodriguez@opensuse.org -- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix +- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix CVE-2010-5298 and disable the internal BUF_FREELISTS functionality. it hides bugs like heartbleed and is there only for systems on which malloc() free() are slow. @@ -2191,14 +2207,14 @@ Sat Apr 19 03:45:20 UTC 2014 - crrodriguez@opensuse.org ------------------------------------------------------------------- Fri Apr 18 14:07:47 UTC 2014 - crrodriguez@opensuse.org -- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does +- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does not return memory of "num * old_num" but only "num" size fortunately this function is currently unused. ------------------------------------------------------------------- Fri Apr 11 02:40:34 UTC 2014 - crrodriguez@opensuse.org -- openssl-gcc-attributes.patch +- openssl-gcc-attributes.patch * annotate memory allocation wrappers with attribute(alloc_size) so the compiler can tell us if it knows they are being misused * OPENSSL_showfatal is annotated with attribute printf to detect @@ -2232,20 +2248,20 @@ Tue Mar 25 08:11:11 UTC 2014 - shchang@suse.com ------------------------------------------------------------------- Mon Mar 3 06:44:52 UTC 2014 - shchang@suse.com -- additional changes required for FIPS validation( from Fedora repo) +- additional changes required for FIPS validation( from Fedora repo) Add patch file: openssl-1.0.1e-new-fips-reqs.patch ------------------------------------------------------------------- Sat Jan 11 08:42:54 UTC 2014 - shchang@suse.com -- Remove GCC option "-O3" for compiliation issue of ARM version +- Remove GCC option "-O3" for compiliation issue of ARM version Modify: openssl.spec ------------------------------------------------------------------- Fri Jan 10 14:43:20 UTC 2014 - shchang@suse.com - Adjust the installation path( libopenssl/hmac into /lib or /lib64) - Modify files: README-FIPS.txt openssl.spec + Modify files: README-FIPS.txt openssl.spec ------------------------------------------------------------------- Thu Jan 9 23:08:29 UTC 2014 - andreas.stieger@gmx.de @@ -2279,13 +2295,13 @@ Wed Jan 8 10:57:24 UTC 2014 - shchang@suse.com Thu Jan 2 17:28:41 UTC 2014 - shchang@suse.com - Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss - Add file: CVE-2013-6450.patch + Add file: CVE-2013-6450.patch ------------------------------------------------------------------- Sun Dec 22 08:10:55 UTC 2013 - shchang@suse.com -- Fixed bnc#856687, openssl: crash when using TLS 1.2 - Add file: CVE-2013-6449.patch +- Fixed bnc#856687, openssl: crash when using TLS 1.2 + Add file: CVE-2013-6449.patch ------------------------------------------------------------------- Tue Dec 17 13:57:40 UTC 2013 - meissner@suse.com @@ -2329,11 +2345,11 @@ Sat Nov 23 08:23:59 UTC 2013 - shchang@suse.com ------------------------------------------------------------------- Wed Oct 23 02:59:05 UTC 2013 - crrodriguez@opensuse.org -- 0001-libcrypto-Hide-library-private-symbols.patch +- 0001-libcrypto-Hide-library-private-symbols.patch This patch implements the libcrpto part complimentary to 0005-libssl-Hide-library-private-symbols.patch. - This patch is however not 100% complete, as some private library - symbols are declared in public headers that shall not be touched + This patch is however not 100% complete, as some private library + symbols are declared in public headers that shall not be touched or are defined/declared in "perlasm". (tested in 13.1, 12.3, factory) - openSSL defaults to -O3 optimization level but we override @@ -2342,7 +2358,7 @@ Wed Oct 23 02:59:05 UTC 2013 - crrodriguez@opensuse.org ------------------------------------------------------------------- Fri Oct 11 12:24:14 UTC 2013 - meissner@suse.com -- openssl-1.0.1c-ipv6-apps.patch: +- openssl-1.0.1c-ipv6-apps.patch: Support ipv6 in the openssl s_client / s_server commandline app. ------------------------------------------------------------------- @@ -2354,7 +2370,7 @@ Fri Sep 27 10:26:43 UTC 2013 - dmacvicar@suse.de ------------------------------------------------------------------- Wed Sep 4 18:56:38 UTC 2013 - guillaume@opensuse.org -- Fix armv6l arch (armv7 was previously used to build armv6 which +- Fix armv6l arch (armv7 was previously used to build armv6 which lead to illegal instruction when used) ------------------------------------------------------------------- @@ -2366,7 +2382,7 @@ Mon Aug 12 06:05:03 UTC 2013 - shchang@suse.com ------------------------------------------------------------------- Fri Aug 9 23:24:14 UTC 2013 - crrodriguez@opensuse.org -- Via padlock is only found in x86 and x86_64 CPUs, remove +- Via padlock is only found in x86 and x86_64 CPUs, remove the shared module for other archs. ------------------------------------------------------------------- @@ -2378,15 +2394,15 @@ Wed Aug 7 18:30:45 UTC 2013 - crrodriguez@opensuse.org * libgmp.so --> may help to doing some maths using GMP * libgost.so --> implements the GOST block cipher * libpadlock.so --> VIA padlock support -- Al other are removed because they require third party propietary +- Al other are removed because they require third party propietary shared libraries nowhere to be found or that we can test. ------------------------------------------------------------------- Wed Aug 7 18:30:23 UTC 2013 - crrodriguez@opensuse.org -- openssl-pkgconfig.patch: Here we go.. For applications -to benefit fully of features provided by openSSL engines -(rdrand, aes-ni..etc) either builtin or in DSO form applications +- openssl-pkgconfig.patch: Here we go.. For applications +to benefit fully of features provided by openSSL engines +(rdrand, aes-ni..etc) either builtin or in DSO form applications have to call ENGINE_load_builtin_engines() or OPENSSL_config() unfortunately from a total of 68 apps/libraries linked to libcrypto in a desktop system, only 4 do so, and there is a sea of buggy @@ -2401,13 +2417,13 @@ not using pkgconfig or using it incorrectly, but it is a good start. Wed Aug 7 09:33:55 UTC 2013 - dmueller@suse.com - add openssl-1.0.1c-default-paths.patch: - Fix from Fedora for openssl s_client not setting + Fix from Fedora for openssl s_client not setting CApath by default ------------------------------------------------------------------- Sat Aug 3 21:15:07 UTC 2013 - crrodriguez@opensuse.org -- 0005-libssl-Hide-library-private-symbols.patch: hide +- 0005-libssl-Hide-library-private-symbols.patch: hide private symbols, this *only* applies to libssl where it is straightforward to do so as applications should not be using any of the symbols declared/defined in headers @@ -2442,7 +2458,7 @@ Sat Jun 29 22:47:54 UTC 2013 - crrodriguez@opensuse.org security as the new implementations are secure against timing attacks)" It is not enabled by default due to the build system being unable -to detect if the compiler supports __uint128_t. +to detect if the compiler supports __uint128_t. ------------------------------------------------------------------- Thu Jun 20 07:58:33 UTC 2013 - coolo@suse.com @@ -2470,7 +2486,7 @@ Tue Feb 12 00:08:06 UTC 2013 - hrvoje.senjan@gmail.com ------------------------------------------------------------------- Sun Feb 10 20:33:51 UTC 2013 - hrvoje.senjan@gmail.com -- Added openssl-1.0.1d-s3-packet.patch from upstream, fixes +- Added openssl-1.0.1d-s3-packet.patch from upstream, fixes bnc#803004, openssl ticket#2975 ------------------------------------------------------------------- @@ -2495,7 +2511,7 @@ Sun Aug 19 23:38:32 UTC 2012 - crrodriguez@opensuse.org - Open Internal file descriptors with O_CLOEXEC, leaving those open across fork()..execve() makes a perfect - vector for a side-channel attack... + vector for a side-channel attack... ------------------------------------------------------------------- Tue Aug 7 17:17:34 UTC 2012 - dmueller@suse.com @@ -2557,7 +2573,7 @@ Tue Mar 20 14:29:24 UTC 2012 - cfarrell@suse.com ------------------------------------------------------------------- Fri Feb 24 02:33:22 UTC 2012 - gjhe@suse.com -- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's +- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's asn1 parser. CVE-2006-7250 @@ -2575,22 +2591,22 @@ Wed Jan 11 05:35:18 UTC 2012 - gjhe@suse.com Uninitialized SSL 3.0 Padding (CVE-2011-4576) Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) SGC Restart DoS Attack (CVE-2011-4619) - Invalid GOST parameters DoS Attack (CVE-2012-0027) + Invalid GOST parameters DoS Attack (CVE-2012-0027) ------------------------------------------------------------------- Tue Oct 18 16:43:50 UTC 2011 - crrodriguez@opensuse.org -- AES-NI: Check the return value of Engine_add() - if the ENGINE_add() call fails: it ends up adding a reference - to a freed up ENGINE which is likely to subsequently contain garbage +- AES-NI: Check the return value of Engine_add() + if the ENGINE_add() call fails: it ends up adding a reference + to a freed up ENGINE which is likely to subsequently contain garbage This will happen if an ENGINE with the same name is added multiple times,for example different libraries. [bnc#720601] ------------------------------------------------------------------- Sat Oct 8 21:36:58 UTC 2011 - crrodriguez@opensuse.org -- Build with -DSSL_FORBID_ENULL so servers are not - able to use the NULL encryption ciphers (Those offering no +- Build with -DSSL_FORBID_ENULL so servers are not + able to use the NULL encryption ciphers (Those offering no encryption whatsoever). ------------------------------------------------------------------- @@ -2604,12 +2620,12 @@ Sat Aug 6 00:33:47 UTC 2011 - crrodriguez@opensuse.org - Add upstream patch that calls ENGINE_register_all_complete() in ENGINE_load_builtin_engines() saving us from adding dozens - of calls to such function to calling applications. + of calls to such function to calling applications. ------------------------------------------------------------------- Fri Aug 5 19:09:42 UTC 2011 - crrodriguez@opensuse.org -- remove -fno-strict-aliasing from CFLAGS no longer needed +- remove -fno-strict-aliasing from CFLAGS no longer needed and is likely to slow down stuff. ------------------------------------------------------------------- @@ -2638,7 +2654,7 @@ Tue May 31 07:07:49 UTC 2011 - gjhe@novell.com ------------------------------------------------------------------- Mon May 16 14:38:26 UTC 2011 - andrea@opensuse.org -- added openssl as dependency in the devel package +- added openssl as dependency in the devel package ------------------------------------------------------------------- Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com @@ -2650,7 +2666,7 @@ Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com Sat Jan 15 19:58:51 UTC 2011 - cristian.rodriguez@opensuse.org - Add patch from upstream in order to support AES-NI instruction - set present on current Intel and AMD processors + set present on current Intel and AMD processors ------------------------------------------------------------------- Mon Jan 10 11:45:27 CET 2011 - meissner@suse.de @@ -2677,13 +2693,13 @@ Thu Nov 18 07:53:12 UTC 2010 - gjhe@novell.com Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com - fix bug [bnc#629905] - CVE-2010-2939 + CVE-2010-2939 ------------------------------------------------------------------- Wed Jul 28 20:55:18 UTC 2010 - cristian.rodriguez@opensuse.org - Exclude static libraries, see what breaks and fix that - instead + instead ------------------------------------------------------------------- Wed Jun 30 08:47:39 UTC 2010 - jengelh@medozas.de @@ -2700,13 +2716,13 @@ Fri Jun 4 07:11:28 UTC 2010 - gjhe@novell.com - fix bnc #610642 CVE-2010-0742 - CVE-2010-1633 + CVE-2010-1633 ------------------------------------------------------------------- Mon May 31 03:06:39 UTC 2010 - gjhe@novell.com - fix bnc #610223,change Configure to tell openssl to load engines - from /%{_lib} instead of %{_libdir} + from /%{_lib} instead of %{_libdir} ------------------------------------------------------------------- Mon May 10 16:11:54 UTC 2010 - aj@suse.de @@ -2717,13 +2733,13 @@ Mon May 10 16:11:54 UTC 2010 - aj@suse.de ------------------------------------------------------------------- Tue May 4 02:55:52 UTC 2010 - gjhe@novell.com -- build libopenssl to /%{_lib} dir,and keep only one +- build libopenssl to /%{_lib} dir,and keep only one libopenssl-devel for new developping programs. ------------------------------------------------------------------- Tue Apr 27 05:44:32 UTC 2010 - gjhe@novell.com -- build libopenssl and libopenssl-devel to a version directory +- build libopenssl and libopenssl-devel to a version directory ------------------------------------------------------------------- Sat Apr 24 09:46:37 UTC 2010 - coolo@novell.com @@ -2748,7 +2764,7 @@ Mon Apr 12 16:12:08 CEST 2010 - meissner@suse.de ------------------------------------------------------------------- Mon Apr 12 04:57:17 UTC 2010 - gjhe@novell.com -- update to 1.0.0 +- update to 1.0.0 Merge the following patches from 0.9.8k: openssl-0.9.6g-alpha.diff openssl-0.9.7f-ppc64.diff @@ -2766,19 +2782,19 @@ Fri Apr 9 11:42:51 CEST 2010 - meissner@suse.de ------------------------------------------------------------------- Wed Apr 7 14:08:05 CEST 2010 - meissner@suse.de -- Openssl is now partially converted to libdir usage upstream, +- Openssl is now partially converted to libdir usage upstream, merge that in to fix lib64 builds. ------------------------------------------------------------------- Thu Mar 25 02:18:22 UTC 2010 - gjhe@novell.com -- fix security bug [bnc#590833] +- fix security bug [bnc#590833] CVE-2010-0740 ------------------------------------------------------------------- Mon Mar 22 06:29:14 UTC 2010 - gjhe@novell.com -- update to version 0.9.8m +- update to version 0.9.8m Merge the following patches from 0.9.8k: bswap.diff non-exec-stack.diff @@ -2808,7 +2824,7 @@ Tue Nov 3 19:09:35 UTC 2009 - coolo@novell.com ------------------------------------------------------------------- Tue Sep 1 10:21:16 CEST 2009 - gjhe@novell.com -- fix Bug [bnc#526319] +- fix Bug [bnc#526319] ------------------------------------------------------------------- Wed Aug 26 11:24:16 CEST 2009 - coolo@novell.com @@ -2818,14 +2834,14 @@ Wed Aug 26 11:24:16 CEST 2009 - coolo@novell.com ------------------------------------------------------------------- Fri Jul 3 11:53:48 CEST 2009 - gjhe@novell.com -- update to version 0.9.8k +- update to version 0.9.8k - patches merged upstream: openssl-CVE-2008-5077.patch - openssl-CVE-2009-0590.patch + openssl-CVE-2009-0590.patch openssl-CVE-2009-0591.patch - openssl-CVE-2009-0789.patch + openssl-CVE-2009-0789.patch openssl-CVE-2009-1377.patch - openssl-CVE-2009-1378.patch + openssl-CVE-2009-1378.patch openssl-CVE-2009-1379.patch openssl-CVE-2009-1386.patch openssl-CVE-2009-1387.patch @@ -2877,18 +2893,18 @@ Mon Dec 8 12:12:14 CET 2008 - xwhu@suse.de ------------------------------------------------------------------- Mon Nov 10 10:22:04 CET 2008 - xwhu@suse.de -- Disable optimization of ripemd [bnc#442740] +- Disable optimization of ripemd [bnc#442740] ------------------------------------------------------------------- Tue Oct 14 09:08:47 CEST 2008 - xwhu@suse.de -- Passing string as struct cause openssl segment-fault [bnc#430141] +- Passing string as struct cause openssl segment-fault [bnc#430141] ------------------------------------------------------------------- Wed Jul 16 12:02:37 CEST 2008 - mkoenig@suse.de - do not require openssl-certs, but rather recommend it - to avoid dependency cycle [bnc#408865] + to avoid dependency cycle [bnc#408865] ------------------------------------------------------------------- Wed Jul 9 12:53:27 CEST 2008 - mkoenig@suse.de @@ -2912,8 +2928,8 @@ Tue Jun 24 09:09:04 CEST 2008 - mkoenig@suse.de Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de - fix OpenSSL Server Name extension crash (CVE-2008-0891) - and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672) - [bnc#394317] + and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672) + [bnc#394317] ------------------------------------------------------------------- Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de @@ -2923,7 +2939,7 @@ Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de ------------------------------------------------------------------- Tue Apr 22 14:39:35 CEST 2008 - mkoenig@suse.de -- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844] +- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844] ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de @@ -2934,7 +2950,7 @@ Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de ------------------------------------------------------------------- Mon Nov 5 14:27:06 CET 2007 - mkoenig@suse.de -- fix Diffie-Hellman failure with certain prime lengths +- fix Diffie-Hellman failure with certain prime lengths ------------------------------------------------------------------- Mon Oct 22 15:00:21 CEST 2007 - mkoenig@suse.de @@ -2958,7 +2974,7 @@ Mon Oct 15 11:17:14 CEST 2007 - mkoenig@suse.de ------------------------------------------------------------------- Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de -- fix buffer overflow CVE-2007-5135 [#329208] +- fix buffer overflow CVE-2007-5135 [#329208] ------------------------------------------------------------------- Wed Sep 5 11:39:26 CEST 2007 - mkoenig@suse.de @@ -2973,7 +2989,7 @@ Fri Aug 3 14:17:27 CEST 2007 - coolo@suse.de ------------------------------------------------------------------- Wed Aug 1 18:01:45 CEST 2007 - werner@suse.de -- Add patch from CVS for RSA key reconstruction vulnerability +- Add patch from CVS for RSA key reconstruction vulnerability (CVE-2007-3108, VU#724968, bug #296511) ------------------------------------------------------------------- @@ -2981,7 +2997,7 @@ Thu May 24 16:18:50 CEST 2007 - mkoenig@suse.de - fix build with gcc-4.2 openssl-gcc42.patch -- do not install example scripts with executable permissions +- do not install example scripts with executable permissions ------------------------------------------------------------------- Mon Apr 30 01:32:44 CEST 2007 - ro@suse.de @@ -2999,12 +3015,12 @@ Fri Apr 27 15:25:13 CEST 2007 - mkoenig@suse.de Wed Apr 25 12:32:44 CEST 2007 - mkoenig@suse.de - Split/rename package to follow library packaging policy [#260219] - New package libopenssl0.9.8 containing shared libs + New package libopenssl0.9.8 containing shared libs openssl-devel package renamed to libopenssl-devel - New package openssl-certs containing certificates + New package openssl-certs containing certificates - add zlib-devel to Requires of devel package - remove old Obsoletes and Conflicts - openssls (Last used Nov 2000) + openssls (Last used Nov 2000) ssleay (Last used 6.2) ------------------------------------------------------------------- @@ -3052,7 +3068,7 @@ Fri Sep 29 18:37:01 CEST 2006 - poeml@suse.de cause a denial of service. (CVE-2006-2940) *) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) - *) Fix buffer overflow in SSL_get_shared_ciphers() function. + *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) *) Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) @@ -3183,12 +3199,12 @@ Wed Jan 25 21:30:41 CET 2006 - mls@suse.de Mon Jan 16 13:13:13 CET 2006 - mc@suse.de - fix build problems on s390x (openssl-s390-config.diff) -- build with -fstack-protector +- build with -fstack-protector ------------------------------------------------------------------- Mon Nov 7 16:30:49 CET 2005 - dmueller@suse.de -- build with non-executable stack +- build with non-executable stack ------------------------------------------------------------------- Thu Oct 20 17:37:47 CEST 2005 - poeml@suse.de @@ -3328,7 +3344,7 @@ Tue Jun 15 16:18:36 CEST 2004 - poeml@suse.de - patch from CVS: make stack API more robust (return NULL for out-of-range indexes). Fixes another possible segfault during engine detection (could also triggered by stunnel) -- add patch from Michal Ludvig for VIA PadLock support +- add patch from Michal Ludvig for VIA PadLock support ------------------------------------------------------------------- Wed Jun 2 20:44:40 CEST 2004 - poeml@suse.de @@ -3351,7 +3367,7 @@ Thu Mar 18 13:47:09 CET 2004 - poeml@suse.de - update to 0.9.7d o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug (CAN-2004-0112) - o Security: Fix null-pointer assignment in do_change_cipher_spec() + o Security: Fix null-pointer assignment in do_change_cipher_spec() (CAN-2004-0079) o Allow multiple active certificates with same subject in CA index o Multiple X590 verification fixes @@ -3396,7 +3412,7 @@ Wed Feb 25 20:42:39 CET 2004 - poeml@suse.de Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening of files as .eml work). Correctly handle very long lines in MIME parser. -- update ICA patch +- update ICA patch quote: This version of the engine patch has updated error handling in the DES/SHA code, and turns RSA blinding off for hardware accelerated RSA ops. @@ -3454,7 +3470,7 @@ Thu Jul 10 23:14:22 CEST 2003 - poeml@suse.de ------------------------------------------------------------------- Mon May 12 23:27:07 CEST 2003 - poeml@suse.de -- package the openssl.pc file for pkgconfig +- package the openssl.pc file for pkgconfig ------------------------------------------------------------------- Wed Apr 16 16:04:32 CEST 2003 - poeml@suse.de @@ -3552,7 +3568,7 @@ Thu Oct 24 12:57:36 CEST 2002 - poeml@suse.de ------------------------------------------------------------------- Mon Sep 30 16:07:49 CEST 2002 - bg@suse.de -- enable hppa distribution; use only pa1.1 architecture. +- enable hppa distribution; use only pa1.1 architecture. ------------------------------------------------------------------- Tue Sep 17 17:13:46 CEST 2002 - froh@suse.de @@ -3593,7 +3609,7 @@ Thu Aug 1 00:53:33 CEST 2002 - poeml@suse.de - gcc 3.1 version detection is fixed, we can drop the patch - move the most used man pages from the -doc to the main package [#9913] and resolve man page conflicts by putting them into ssl - sections [#17239] + sections [#17239] - spec file: use PreReq for %post script ------------------------------------------------------------------- @@ -3642,14 +3658,14 @@ Thu Apr 18 16:30:01 CEST 2002 - meissner@suse.de Wed Apr 17 16:56:34 CEST 2002 - ro@suse.de - fixed gcc version determination -- drop sun4c support/always use sparcv8 +- drop sun4c support/always use sparcv8 - ignore return code from showciphers ------------------------------------------------------------------- Fri Mar 15 16:54:44 CET 2002 - poeml@suse.de - add settings for sparc to build shared objects. Note that all - sparcs (sun4[mdu]) are recognized as linux-sparcv7 + sparcs (sun4[mdu]) are recognized as linux-sparcv7 ------------------------------------------------------------------- Wed Feb 6 14:23:44 CET 2002 - kukuk@suse.de @@ -3672,7 +3688,7 @@ Tue Jan 29 12:42:58 CET 2002 - poeml@suse.de - add IBMCA patch for IBM eServer Cryptographic Accelerator Device Driver (#12565) (forward ported from 0.9.6b) (http://www-124.ibm.com/developerworks/projects/libica/) -- tell Configure how to build shared libs for s390 and s390x +- tell Configure how to build shared libs for s390 and s390x - tweak Makefile.org to use %_libdir - clean up spec file - add README.SuSE as source file instead of in a patch @@ -3686,7 +3702,7 @@ Wed Dec 5 10:59:59 CET 2001 - uli@suse.de ------------------------------------------------------------------- Wed Dec 5 02:39:16 CET 2001 - ro@suse.de -- removed subpackage src +- removed subpackage src ------------------------------------------------------------------- Wed Nov 28 13:28:42 CET 2001 - uli@suse.de @@ -3708,7 +3724,7 @@ Fri Aug 31 11:19:46 CEST 2001 - rolf@suse.de Wed Jul 18 10:27:54 CEST 2001 - rolf@suse.de - update to 0.9.6b -- switch to engine version of openssl, which supports hardware +- switch to engine version of openssl, which supports hardware encryption for a few popular devices - check wether shared libraries have been generated @@ -3731,7 +3747,7 @@ Mon May 7 21:02:30 CEST 2001 - kukuk@suse.de Mon May 7 11:36:53 MEST 2001 - rolf@suse.de - Fix ppc and s390 shared library builds -- resolved conflict in manpage naming: +- resolved conflict in manpage naming: rand.3 is now sslrand.3 [BUG#7643] ------------------------------------------------------------------- @@ -3764,7 +3780,7 @@ Wed Mar 21 10:12:59 MET 2001 - rolf@suse.de ------------------------------------------------------------------- Fri Dec 15 18:09:16 CET 2000 - sf@suse.de -- changed CFLAG to -O1 to make the tests run successfully +- changed CFLAG to -O1 to make the tests run successfully ------------------------------------------------------------------- Mon Dec 11 13:33:55 CET 2000 - rolf@suse.de diff --git a/openssl-1_1.spec b/openssl-1_1.spec index fb0a989..af01472 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -185,6 +185,9 @@ Patch111: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.pat Patch112: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch Patch113: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch Patch114: openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch +# PATCH-FIX-UPSTREAM: bsc#1216922 CVE-2023-5678 Generating excessively long X9.42 DH keys or +# checking excessively long X9.42 DH keys or parameters may be very slow +Patch115: openssl-CVE-2023-5678.patch BuildRequires: jitterentropy-devel >= 3.4.0 BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) diff --git a/openssl-CVE-2023-5678.patch b/openssl-CVE-2023-5678.patch new file mode 100644 index 0000000..325f3a4 --- /dev/null +++ b/openssl-CVE-2023-5678.patch @@ -0,0 +1,174 @@ +From db925ae2e65d0d925adef429afc37f75bd1c2017 Mon Sep 17 00:00:00 2001 +From: Richard Levitte +Date: Fri, 20 Oct 2023 09:18:19 +0200 +Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet + +We already check for an excessively large P in DH_generate_key(), but not in +DH_check_pub_key(), and none of them check for an excessively large Q. + +This change adds all the missing excessive size checks of P and Q. + +It's to be noted that behaviours surrounding excessively sized P and Q +differ. DH_check() raises an error on the excessively sized P, but only +sets a flag for the excessively sized Q. This behaviour is mimicked in +DH_check_pub_key(). + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +Reviewed-by: Hugo Landau +(Merged from https://github.com/openssl/openssl/pull/22518) + +(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6) +--- + crypto/dh/dh_check.c | 12 ++++++++++++ + crypto/dh/dh_err.c | 3 ++- + crypto/dh/dh_key.c | 12 ++++++++++++ + crypto/err/openssl.txt | 1 + + include/crypto/dherr.h | 2 +- + include/openssl/dh.h | 6 +++--- + include/openssl/dherr.h | 3 ++- + 7 files changed, 33 insertions(+), 6 deletions(-) + +Index: openssl-1.1.1w/crypto/dh/dh_err.c +=================================================================== +--- openssl-1.1.1w.orig/crypto/dh/dh_err.c ++++ openssl-1.1.1w/crypto/dh/dh_err.c +@@ -21,6 +21,7 @@ static const ERR_STRING_DATA DH_str_func + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY, 0), "DH_check_pub_key"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, +@@ -87,6 +88,7 @@ static const ERR_STRING_DATA DH_str_reas + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), + "unable to check generator"}, +Index: openssl-1.1.1w/crypto/err/openssl.txt +=================================================================== +--- openssl-1.1.1w.orig/crypto/err/openssl.txt ++++ openssl-1.1.1w/crypto/err/openssl.txt +@@ -404,6 +404,7 @@ DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin + DH_F_DH_CHECK:126:DH_check + DH_F_DH_CHECK_EX:121:DH_check_ex + DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex ++DH_F_DH_CHECK_PUB_KEY:128:DH_check_pub_key + DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex + DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt + DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey +@@ -2226,6 +2227,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters + DH_R_NO_PRIVATE_VALUE:100:no private value + DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error + DH_R_PEER_KEY_ERROR:111:peer key error ++DH_R_Q_TOO_LARGE:130:q too large + DH_R_SHARED_INFO_ERROR:113:shared info error + DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator + DSA_R_BAD_Q_VALUE:102:bad q value +Index: openssl-1.1.1w/include/openssl/dherr.h +=================================================================== +--- openssl-1.1.1w.orig/include/openssl/dherr.h ++++ openssl-1.1.1w/include/openssl/dherr.h +@@ -31,6 +31,7 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_CHECK 126 + # define DH_F_DH_CHECK_EX 121 + # define DH_F_DH_CHECK_PARAMS_EX 122 ++# define DH_F_DH_CHECK_PUB_KEY 128 + # define DH_F_DH_CHECK_PUB_KEY_EX 123 + # define DH_F_DH_CMS_DECRYPT 114 + # define DH_F_DH_CMS_SET_PEERKEY 115 +@@ -84,6 +85,7 @@ int ERR_load_DH_strings(void); + # define DH_R_NO_PRIVATE_VALUE 100 + # define DH_R_PARAMETER_ENCODING_ERROR 105 + # define DH_R_PEER_KEY_ERROR 111 ++# define DH_R_Q_TOO_LARGE 130 + # define DH_R_SHARED_INFO_ERROR 113 + # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +Index: openssl-1.1.1w/crypto/dh/dh_check.c +=================================================================== +--- openssl-1.1.1w.orig/crypto/dh/dh_check.c ++++ openssl-1.1.1w/crypto/dh/dh_check.c +@@ -260,6 +260,18 @@ static int dh_check_pub_key_int(const DH + */ + int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + { ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE); ++ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID; ++ return 0; ++ } ++ ++ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) { ++ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID; ++ return 1; ++ } ++ + return dh_check_pub_key_int(dh, dh->q, pub_key, ret); + } + +Index: openssl-1.1.1w/crypto/dh/dh_key.c +=================================================================== +--- openssl-1.1.1w.orig/crypto/dh/dh_key.c ++++ openssl-1.1.1w/crypto/dh/dh_key.c +@@ -51,6 +51,12 @@ int DH_compute_key(unsigned char *key, c + int ret = 0, i; + volatile size_t npad = 0, mask = 1; + ++ if (dh->q != NULL ++ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_Q_TOO_LARGE); ++ return 0; ++ } ++ + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; +@@ -147,6 +153,12 @@ static int generate_key(DH *dh) + return 0; + } + ++ if (dh->q != NULL ++ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE); ++ return 0; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +Index: openssl-1.1.1w/doc/man3/DH_generate_parameters.pod +=================================================================== +--- openssl-1.1.1w.orig/doc/man3/DH_generate_parameters.pod ++++ openssl-1.1.1w/doc/man3/DH_generate_parameters.pod +@@ -73,6 +73,10 @@ The generator B is not suitable. + Note that the lack of this bit doesn't guarantee that B is + suitable, unless B

is known to be a strong prime. + ++=item DH_MODULUS_TOO_LARGE ++ ++The modulus is too large. ++ + =back + + DH_check() confirms that the Diffie-Hellman parameters B are valid. The +Index: openssl-1.1.1w/include/openssl/dh.h +=================================================================== +--- openssl-1.1.1w.orig/include/openssl/dh.h ++++ openssl-1.1.1w/include/openssl/dh.h +@@ -78,8 +78,9 @@ DECLARE_ASN1_ITEM(DHparams) + # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 + # define DH_NOT_SUITABLE_GENERATOR 0x08 + # define DH_CHECK_Q_NOT_PRIME 0x10 +-# define DH_CHECK_INVALID_Q_VALUE 0x20 ++# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ + # define DH_CHECK_INVALID_J_VALUE 0x40 ++# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ + + /* DH_check_pub_key error codes */ + # define DH_CHECK_PUBKEY_TOO_SMALL 0x01