From 71b469adbbd630f904aae2ff5effa84e3bc11b3c68d71f6a4aa80f6ae429f549 Mon Sep 17 00:00:00 2001 From: Jason Sikes Date: Thu, 7 Jul 2022 02:47:54 +0000 Subject: [PATCH 1/2] Accepting request 985766 from home:Andreas_Schwab:Factory - openssl-riscv64-config.patch: backport of riscv64 config support OBS-URL: https://build.opensuse.org/request/show/985766 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=116 --- openssl-1_1.changes | 5 +++++ openssl-1_1.spec | 1 + openssl-riscv64-config.patch | 12 ++++++++++++ 3 files changed, 18 insertions(+) create mode 100644 openssl-riscv64-config.patch diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 8e0751c..c2414c8 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jun 28 14:19:34 UTC 2022 - Andreas Schwab + +- openssl-riscv64-config.patch: backport of riscv64 config support + ------------------------------------------------------------------- Thu Jun 23 04:55:58 UTC 2022 - Jason Sikes diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 5dbd58b..d68f6e8 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -62,6 +62,7 @@ Patch2: openssl-truststore.patch Patch3: openssl-pkgconfig.patch Patch4: openssl-DEFAULT_SUSE_cipher.patch Patch5: openssl-ppc64-config.patch +Patch6: openssl-riscv64-config.patch # PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129 Patch8: 0001-s390x-assembly-pack-perlasm-support.patch Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch diff --git a/openssl-riscv64-config.patch b/openssl-riscv64-config.patch new file mode 100644 index 0000000..c45ef1e --- /dev/null +++ b/openssl-riscv64-config.patch @@ -0,0 +1,12 @@ +Index: openssl-1.1.1p/config +=================================================================== +--- openssl-1.1.1p.orig/config ++++ openssl-1.1.1p/config +@@ -639,6 +639,7 @@ case "$GUESSOS" in + OUT="linux-elf" + fi ;; + *86-*-linux1) OUT="linux-aout" ;; ++ riscv64-*-linux?) OUT="linux64-riscv64" ;; + *-*-linux?) OUT="linux-generic32" ;; + sun4[uv]*-*-solaris2) + OUT="solaris-sparcv9-$CC" From bc10d3dbd24d97acba73c88f236c302116f33340ce396c054a6ccd51ab7f05a6 Mon Sep 17 00:00:00 2001 From: Jason Sikes Date: Thu, 7 Jul 2022 02:51:21 +0000 Subject: [PATCH 2/2] Accepting request 987301 from home:jsikes:branches:security:tls Fixed CVE-2022-2097. Enjoy! OBS-URL: https://build.opensuse.org/request/show/987301 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=117 --- openssl-1.1.1p.tar.gz | 3 --- openssl-1.1.1p.tar.gz.asc | 11 ----------- openssl-1.1.1q.tar.gz | 3 +++ openssl-1.1.1q.tar.gz.asc | 16 ++++++++++++++++ openssl-1_1.changes | 7 +++++++ openssl-1_1.spec | 2 +- 6 files changed, 27 insertions(+), 15 deletions(-) delete mode 100644 openssl-1.1.1p.tar.gz delete mode 100644 openssl-1.1.1p.tar.gz.asc create mode 100644 openssl-1.1.1q.tar.gz create mode 100644 openssl-1.1.1q.tar.gz.asc diff --git a/openssl-1.1.1p.tar.gz b/openssl-1.1.1p.tar.gz deleted file mode 100644 index 8ba62ef..0000000 --- a/openssl-1.1.1p.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f -size 9860217 diff --git a/openssl-1.1.1p.tar.gz.asc b/openssl-1.1.1p.tar.gz.asc deleted file mode 100644 index 06eacef..0000000 --- a/openssl-1.1.1p.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmKxyiAACgkQ2cTSbQ5g -RJGkrggAkfuOBBTxu+Kgc7znFvkXbbIMCTNloeJW+38rsnFa6FxNJfmqJPysCna3 -Bbtp4cugStmQ2wDJlbe6PRo13PxPbKMeejKVgyk+2A8Mlx5iiFt8/qAtjUFQk6iF -67vGBzmfQOeSBMAFbTwge5kqUW7qpURAVB8JlNbPXaEGW67hMJXI8WqYMWw5uGhI -KFCyUn/HcpbVXiZt3nWIrdoacvCo7qAENApYKnnTvsHVzIvlxY1XBiJ5Zx0n6Twx -kFrTzeWJ87SCSfKwYza+ugbGQxSOfwFnFEU4a+/T9reNqt8H0ujHNsq6ShzAicrq -eSLJ2AQCVqclGWBB/HpSK6EHsNebBw== -=0eV0 ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1q.tar.gz b/openssl-1.1.1q.tar.gz new file mode 100644 index 0000000..6419923 --- /dev/null +++ b/openssl-1.1.1q.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca +size 9864061 diff --git a/openssl-1.1.1q.tar.gz.asc b/openssl-1.1.1q.tar.gz.asc new file mode 100644 index 0000000..50d65f9 --- /dev/null +++ b/openssl-1.1.1q.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmLD/5gACgkQ1enkP335 +7oxfig/9GQ94gueS6L/0Jms6RX5Va9+p/b1W7wDgkZ7zj6gKGa8HWT+Np6vwtJGr +KNtDvM9X3JaXt7AFmx3QsptQm1vRU+hIagl0+eA7YQD8Vw7OA/fJdZkWDYaoZ87H +ZdN9zaaL6pGTv90xiDv6+m7ZTXUBK6Ag17Fx+YWFeGkdSxZaobFTLGD/VuKKeQF9 +nxWOVzJ5QkVGAq+u/1RwSeTt9R7HZVsV6qE53C6mV+Vlvbptdho2aZzCJ6iHESPp +xK1rt3JyDtEBOpOLrNKgi9AsvpQ9WEa8mkjhu94w0k7rdUagph/Gdb8GtKoYA9Z2 +fZtb8aGkdWlactESbWKYZedQWqp/oRiuESID8mQ68Y/74LyBhE46fzPXMK1LUiLL +Hvawx2KCemAlB8vzv8Nccw8TWrEmNfkZb1SnXAn8X22MpTU90H9xcIW/T6MK/F+p +VZE+RVzbQvJsEiabxoD0ZbdCWliQTQSZsYiVfqCEtPuHxSpM+qTy3uYWzZvgZRsX +R9a+2OXQUo1OgJdRB85Xr2r9Hmoo8H5cN73xrL9X/x34HjPcWPDM1kFbda6DPTOb +9sZQUVd2CKK0M3inNPcBXWKxMSAEQbNDUr7Rk6gVCLgy/ZfgvD0TNf07pK/CXoKU +A2GSvxzk6Kr5MJEu2tvxA/FGJAgPiUZj9hx+CcZrB7rroIw1MkU= +=SRWo +-----END PGP SIGNATURE----- diff --git a/openssl-1_1.changes b/openssl-1_1.changes index c2414c8..5634a8d 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jul 7 02:17:23 UTC 2022 - Jason Sikes + +- update to 1.1.1q: + * [CVE-2022-2097, bsc#1201099] + * Addresses situations where AES OCB fails to encrypt some bytes + ------------------------------------------------------------------- Tue Jun 28 14:19:34 UTC 2022 - Andreas Schwab diff --git a/openssl-1_1.spec b/openssl-1_1.spec index d68f6e8..7acdf53 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -41,7 +41,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1p +Version: 1.1.1q Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL