Accepting request 155179 from Base:System

- Update to 1.0.1e
  o Bugfix release (bnc#803004)
- Drop openssl-1.0.1d-s3-packet.patch, included upstream

OBS-URL: https://build.opensuse.org/request/show/155179
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=86

openssl-1.0.1d-s3-packet.patch

@@ -1,76 +0,0 @@
-https://bugs.gentoo.org/456108
-
-taken from upstream
-
-From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Thu, 7 Feb 2013 21:06:37 +0000
-Subject: [PATCH] Fix IV check and padding removal.
-
-Fix the calculation that checks there is enough room in a record
-after removing padding and optional explicit IV. (by Steve)
-
-For AEAD remove the correct number of padding bytes (by Andy)
----
- ssl/s3_cbc.c | 33 ++++++++++++---------------------
- 1 file changed, 12 insertions(+), 21 deletions(-)
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index ce77acd..0f60507 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
- 			    unsigned mac_size)
- 	{
- 	unsigned padding_length, good, to_check, i;
--	const char has_explicit_iv =
--		s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
--	const unsigned overhead = 1 /* padding length byte */ +
--				  mac_size +
--				  (has_explicit_iv ? block_size : 0);
--
--	/* These lengths are all public so we can test them in non-constant
--	 * time. */
--	if (overhead > rec->length)
--		return 0;
--
--	/* We can always safely skip the explicit IV. We check at the beginning
--	 * of this function that the record has at least enough space for the
--	 * IV, MAC and padding length byte. (These can be checked in
--	 * non-constant time because it's all public information.) So, if the
--	 * padding was invalid, then we didn't change |rec->length| and this is
--	 * safe. If the padding was valid then we know that we have at least
--	 * overhead+padding_length bytes of space and so this is still safe
--	 * because overhead accounts for the explicit IV. */
--	if (has_explicit_iv)
-+	const unsigned overhead = 1 /* padding length byte */ + mac_size;
-+	/* Check if version requires explicit IV */
-+	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
- 		{
-+		/* These lengths are all public so we can test them in
-+		 * non-constant time.
-+		 */
-+		if (overhead + block_size > rec->length)
-+			return 0;
-+		/* We can now safely skip explicit IV */
- 		rec->data += block_size;
- 		rec->input += block_size;
- 		rec->length -= block_size;
- 		}
-+	else if (overhead > rec->length)
-+		return 0;
- 
- 	padding_length = rec->data[rec->length-1];
- 
-@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
- 	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
- 		{
- 		/* padding is already verified */
--		rec->length -= padding_length;
-+		rec->length -= padding_length + 1;
- 		return 1;
- 		}
- 
--- 
-1.8.0.2
-

openssl-1.0.1d.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:88a423f9b08a994054583691b968815875580e12df754e881d7cfe9f1bd1f49d
-size 4459791

openssl-1.0.1d.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQEVAwUAURDz9qLSm3vylcdZAQKqkggAv4350IUv8kUR0EFl1RMZdal5aie5vFCB
-qBDdF8CAWRPoZy1QN+yLtTzobthGaLFbbibILo2dAwUm2VFpt0GbOe3NkX8EUpZj
-neTT9fSMm0uVCt0qwoap+GtvVypmuRR3fR8TMW2injL/M8nkZDNkuJeVvpOXdSZZ
-h/hyZCzDy/QC1yZDR6xczGkVdszTEo7C5k34RvKZOuN5u2Bs290HGEqPNo7UsgCq
-MiJBHKMmWB48CefctVhySYhr8ftANctZW6dDGOsj/0Jc4s5IptNFM0LwjJLh4671
-IqtAKCSk0ShH/ehnpbpmndrSfhLJwNnBA/a4FWyEdZ1AzkXKZsed9g==
-=AVm4
------END PGP SIGNATURE-----

openssl-1.0.1e.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
+size 4459777

openssl-1.0.1e.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQEVAwUAURkNmqLSm3vylcdZAQIW+QgAvzzm4hlt+QUHVLkMW0eiiJeTk+ZNqAAe
+ver8u+JwEGUiNA2Tq0/9n+/vmLlAC48lRiZpviVAq3olbmmEWi4FrsToEoNOp9Ho
+tr++fq4kGcLSnqRu6gy4unJZVy9U1RZRGCxESTI5nvsneLQGs34lpBxRpQ/Q0Iqg
+h3NZJkdbX5oL+pKgEtQV25HFoKnEWe1mqVkTZPaTE4mfSr3Uc0+NjOkKaxm5ud+9
+CZBSqesMPohUWo8Fm9BxkCZuZ6SwTUWHUzZvODANp8VyjderZdWhVlGc6E0zV6SU
+TlmjCpOblE7CP26QC+SttDRx8nM+Qd5HTLq10ciX1UX1YD8n4XtRFg==
+=IVUi
+-----END PGP SIGNATURE-----

openssl.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Feb 12 00:08:06 UTC 2013 - hrvoje.senjan@gmail.com
+
+- Update to 1.0.1e
+  o Bugfix release (bnc#803004)
+- Drop openssl-1.0.1d-s3-packet.patch, included upstream
+
 -------------------------------------------------------------------
 Sun Feb 10 20:33:51 UTC 2013 - hrvoje.senjan@gmail.com
 

openssl.spec

@@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.1d
+Version:        1.0.1e
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
@@ -46,8 +46,6 @@ Patch1:         openssl-1.0.0-c_rehash-compat.diff
 Patch2:         bug610223.patch
 Patch3:         openssl-ocloexec.patch
 Patch4:         VIA_padlock_support_on_64systems.patch
-# PATCH-FIX-UPSTREAM openssl-1.0.1d-s3-packet.patch Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV bnc#803004, openssl ticket#2975
-Patch5:         openssl-1.0.1d-s3-packet.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -178,7 +176,6 @@ Authors:
 %patch2 -p1
 %patch3
 %patch4 -p1
-%patch5 -p1
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
 # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags