Accepting request 452919 from Base:System

- Updated to openssl 1.0.2k - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64 OBS-URL: https://build.opensuse.org/request/show/452919 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=135
2017-01-31 11:37:40 +00:00 · 2017-01-31 11:37:40 +00:00 · f7574150c5
commit f7574150c5
parent 021091d55f
7 changed files with 27 additions and 19 deletions
--- a/openssl-1.0.2j.tar.gz
+++ b/openssl-1.0.2j.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
-size 5307912
--- a/openssl-1.0.2j.tar.gz.asc
+++ b/openssl-1.0.2j.tar.gz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJX6O9BAAoJENnE0m0OYESRhC4H/0feEYv4JBbtk3cFyIt39ph6
-A700qbm8pnOukXOg5Q2HrYz6TxE1C/p7MO4+iYnttvtC7WMz9oK0fEQ/k2PEjoU7
-I65vM/LlrQjY6pJe+pORk+UL9uHamcDpeyYCa+Ro61o/l4Vd9iHQMN77LDfkKzDK
-qq8q/DMlHVhPv1U8+kDCT9r4nEOqb0tkvJEIns3wFlkw1Wp+VwnhAS5s3J1Xwetj
-MK6TFOtI1UOULXiYjSRs4Sy8nyxG5V6VVofAL+aQNOFqAzF45RE5R/6AjL5I8J9y
-yoyIzj1a/h8M/PJGzADgpxZAdE2cpZAlQAhZdQutst0GRma6i36HGzq4IUDwbCc=
-=puH/
-----END PGP SIGNATURE-----
--- a/openssl-1.0.2k.tar.gz
+++ b/openssl-1.0.2k.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
+size 5309236
--- a/openssl-1.0.2k.tar.gz.asc
+++ b/openssl-1.0.2k.tar.gz.asc
@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABCAAGBQJYifggAAoJENnE0m0OYESRTAIH/RsiR+7jvmA8AZJppQZOpVgX
+8N5CZNBEaRTuKcRNmQX1oHk5Ms2g4MM4TmNDOFF7+ZtByoeyv2NWnLWJmBsSxuQU
+ZEbeXFIgkBnvD5qOBdi84udw0/HOP5P3GcxAOC8QE1Av7pTwAdKToheqixuE5D8+
+9zzw4VgXCa5L18JDf3XdkTDUUUQitz1o2ck8BVIGyhxgIUDJXEF8t29yTGYWF/YV
+b45G1igbJlZtoR4IA1pSR3hrDjJaNQtCpkxK+DKoLTm+Z9RMTe40Q8W7dBn1iwUm
+N/m9CUovBoqIv1nrSJeFNXuIuuHYt/1gflJBiem7QC9fNtdZuGlKXBq5bcL1qV8=
+=uQ9m
+-----END PGP SIGNATURE-----
--- a/openssl-fips-dont-fall-back-to-default-digest.patch
+++ b/openssl-fips-dont-fall-back-to-default-digest.patch
@ -114,9 +114,9 @@ Index: openssl-1.0.2i/apps/enc.c
 +    if (non_fips_allow)
 +        FIPS_mode_set(0);
 +
- #ifndef OPENSSL_NO_ENGINE
-     setup_engine(bio_err, engine, 0);
- #endif
+     e = setup_engine(bio_err, engine, 0);
+ 
+     if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
@@ -338,7 +342,7 @@ int MAIN(int argc, char **argv)
         goto end;
     }
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Jan 27 10:21:42 UTC 2017 - meissner@suse.com
+
+- Updated to openssl 1.0.2k
+  - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results
+  - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
+  - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read
+  - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64
+
 -------------------------------------------------------------------
 Fri Sep 30 10:53:56 UTC 2016 - vcizek@suse.com

--- a/openssl.spec
+++ b/openssl.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openssl
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.2j
+Version:        1.0.2k
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL