forked from pool/openssl-1_1
Pedro Monreal Gonzalez
0d52304a01
- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch OBS-URL: https://build.opensuse.org/request/show/730187 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=43
14 lines
607 B
Diff
14 lines
607 B
Diff
Index: openssl-1.1.1d/Configurations/unix-Makefile.tmpl
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/Configurations/unix-Makefile.tmpl 2019-09-11 15:38:17.788265421 +0200
|
|
+++ openssl-1.1.1d/Configurations/unix-Makefile.tmpl 2019-09-11 15:38:35.640368636 +0200
|
|
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
|
|
|
|
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
|
|
|
-install_docs: install_man_docs install_html_docs
|
|
+install_docs: install_man_docs
|
|
|
|
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
|
$(RM) -r $(DESTDIR)$(DOCDIR)
|