Accepting request 393456 from Base:System

- OpenSSL Security Advisory [3rd May 2016]
- update to 1.0.2h (boo#977584, boo#977663)
  * Prevent padding oracle in AES-NI CBC MAC check
     A MITM attacker can use a padding oracle attack to decrypt traffic
     when the connection uses an AES CBC cipher and the server support
     AES-NI.
     (CVE-2016-2107, boo#977616)
  * Fix EVP_EncodeUpdate overflow
     An overflow can occur in the EVP_EncodeUpdate() function which is used for
     Base64 encoding of binary data. If an attacker is able to supply very large
     amounts of input data then a length check can overflow resulting in a heap
     corruption.
     (CVE-2016-2105, boo#977614)
  * Fix EVP_EncryptUpdate overflow
     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
     is able to supply very large amounts of input data after a previous call to
     EVP_EncryptUpdate() with a partial block then a length check can overflow
     resulting in a heap corruption.
     (CVE-2016-2106, boo#977615)
  * Prevent ASN.1 BIO excessive memory allocation
     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
     a short invalid encoding can casuse allocation of large amounts of memory
     potentially consuming excessive resources or exhausting memory.
     (CVE-2016-2109, boo#976942)
  * EBCDIC overread
     ASN1 Strings that are over 1024 bytes can cause an overread in applications
     using the X509_NAME_oneline() function on EBCDIC systems. This could result
     in arbitrary stack data being returned in the buffer.
     (CVE-2016-2176, boo#978224)
  * Modify behavior of ALPN to invoke callback after SNI/servername (forwarded request 393446 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/393456
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=132

openssl-1.0.1e-add-suse-default-cipher.patch

@@ -1,8 +1,8 @@
-Index: openssl-1.0.2a/ssl/ssl_ciph.c
+Index: openssl-1.0.2h/ssl/ssl_ciph.c
 ===================================================================
---- openssl-1.0.2a.orig/ssl/ssl_ciph.c	2015-05-24 14:26:18.132243785 +0200
-+++ openssl-1.0.2a/ssl/ssl_ciph.c	2015-05-24 14:26:18.229245199 +0200
-@@ -1604,7 +1604,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+--- openssl-1.0.2h.orig/ssl/ssl_ciph.c	2016-05-03 16:36:50.482900040 +0200
++++ openssl-1.0.2h/ssl/ssl_ciph.c	2016-05-03 16:36:51.951922883 +0200
+@@ -1608,7 +1608,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
       */
      ok = 1;
      rule_p = rule_str;
@@ -18,21 +18,20 @@ Index: openssl-1.0.2a/ssl/ssl_ciph.c
          ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
                                          &head, &tail, ca_list);
          rule_p += 7;
-Index: openssl-1.0.2a/ssl/ssl.h
+Index: openssl-1.0.2h/ssl/ssl.h
 ===================================================================
---- openssl-1.0.2a.orig/ssl/ssl.h	2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/ssl/ssl.h	2015-05-24 14:31:25.801726491 +0200
-@@ -338,7 +338,12 @@ extern "C" {
+--- openssl-1.0.2h.orig/ssl/ssl.h	2016-05-03 16:36:51.951922883 +0200
++++ openssl-1.0.2h/ssl/ssl.h	2016-05-03 16:41:00.024781841 +0200
+@@ -338,7 +338,11 @@ extern "C" {
   * The following cipher list is used by default. It also is substituted when
   * an application-defined cipher list string starts with 'DEFAULT'.
   */
--# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
-+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
 +
 +# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
 +    "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
 +    "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
-+
  /*
   * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
   * starts with a reasonable order, and all we have to do for DEFAULT is

openssl-1.0.2g.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
-size 5266102

openssl-1.0.2g.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJW1Zr6AAoJENnE0m0OYESRRpkH/0SkDJcp4rvICbxuaD9jyJCa
-UJLH3vSMfJ9QNMdIp8yemixGSvjr0mPhFOcZPysXRZo88IwuIV0+Q5I7hvCQ0PSt
-YH/HzBZO0eShhUyDxb397odbbhsAkZFJytT+EXdFqd0HJLtWuPxaBF0WPgkklOQC
-3R/sv+M8FAaZiIbdBwNv1FNgGG26T4up0RgV0ETpXXv9Da+AViGrefA5szKAj9aL
-SOCRuUnzQO7ohSh5AZvgHylh1m7CGpH4MIyoAtNFtyogukO3yS3CzZ1iFcjsdHDn
-sDIRZ18a5JOX/vWU0OmUXGhF7XXV93S1/1mKAAEXRJZOxzrneFuyv5b61t/xXCE=
-=/pDQ
------END PGP SIGNATURE-----

openssl-1.0.2h.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
+size 5274412

openssl-1.0.2h.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJXKKvFAAoJENnE0m0OYESRGpAH/AyxYu871GheytE2YEgeEFou
+1e37k9PiBgS9BUmpr0ufRGMn9QufZzYCf1b2LXr3Fn31Ui5rCHrLntGeAdD4ngmh
+4fEOhEJRWpfHGlFVyXc8jHSeK6wfgvM928Up/ftSGyciDgWMDXmx5eCzJgREjJ+k
+DAQwtE34lCilzrYOcEn9xVd3NEScodAHQEhRXXM7p6jesHlQ8cSFljDn8QDvFu/R
+gRGAAWW9/ZjbwE6hbT8nPYq7UCUUvz2ne8U3kCwyGYwqLGt47qV0yD9mqG/oO0RB
+wFOcJhcGUqKSxlHqukAusxeZLuXMzw7UmucLCDxW9ETB644KlZ3/8E4CkOlLNIM=
+=a9Hy
+-----END PGP SIGNATURE-----

openssl.changes

@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Tue May  3 14:43:47 UTC 2016 - vcizek@suse.com
+
+- OpenSSL Security Advisory [3rd May 2016]
+- update to 1.0.2h (boo#977584, boo#977663)
+  * Prevent padding oracle in AES-NI CBC MAC check
+     A MITM attacker can use a padding oracle attack to decrypt traffic
+     when the connection uses an AES CBC cipher and the server support
+     AES-NI.
+     (CVE-2016-2107, boo#977616)
+  * Fix EVP_EncodeUpdate overflow
+     An overflow can occur in the EVP_EncodeUpdate() function which is used for
+     Base64 encoding of binary data. If an attacker is able to supply very large
+     amounts of input data then a length check can overflow resulting in a heap
+     corruption.
+     (CVE-2016-2105, boo#977614)
+  * Fix EVP_EncryptUpdate overflow
+     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+     is able to supply very large amounts of input data after a previous call to
+     EVP_EncryptUpdate() with a partial block then a length check can overflow
+     resulting in a heap corruption.
+     (CVE-2016-2106, boo#977615)
+  * Prevent ASN.1 BIO excessive memory allocation
+     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+     a short invalid encoding can casuse allocation of large amounts of memory
+     potentially consuming excessive resources or exhausting memory.
+     (CVE-2016-2109, boo#976942)
+  * EBCDIC overread
+     ASN1 Strings that are over 1024 bytes can cause an overread in applications
+     using the X509_NAME_oneline() function on EBCDIC systems. This could result
+     in arbitrary stack data being returned in the buffer.
+     (CVE-2016-2176, boo#978224)
+  * Modify behavior of ALPN to invoke callback after SNI/servername
+     callback, such that updates to the SSL_CTX affect ALPN.
+  * Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
+     default.
+  * Only remove the SSLv2 methods with the no-ssl2-method option. When the
+     methods are enabled and ssl2 is disabled the methods return NULL.
+
 -------------------------------------------------------------------
 Fri Apr 15 16:55:05 UTC 2016 - dvaleev@suse.com
 

openssl.spec

@@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.2g
+Version:        1.0.2h
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL