From 021091d55fd171f85ba96d5b59aaf88b1e9bc3dc11870c1095743b1f9ccf59c9 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 10 Oct 2016 14:17:30 +0000 Subject: [PATCH] Accepting request 433063 from Base:System - resume reading from /dev/urandom when interrupted by a signal (bsc#995075) * add openssl-randfile_fread_interrupt.patch - add FIPS changes from SP2: - fix problems with locking in FIPS mode (bsc#992120) * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 and bsc#990207 * bring back openssl-fipslocking.patch - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (bsc#984323) - don't check for /etc/system-fips (bsc#982268) * add openssl-fips-dont_run_FIPS_module_installed.patch - refresh openssl-fips-rsagen-d-bits.patch (forwarded request 431508 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/433063 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=134 --- ...-fips-dont_run_FIPS_module_installed.patch | 16 + openssl-fips-rsagen-d-bits.patch | 16 +- openssl-fips_RSA_compute_d_with_lcm.patch | 42 --- openssl-fipslocking.patch | 348 ++++++++++++++++++ openssl-randfile_fread_interrupt.patch | 16 + openssl.changes | 21 ++ openssl.spec | 12 +- 7 files changed, 417 insertions(+), 54 deletions(-) create mode 100644 openssl-fips-dont_run_FIPS_module_installed.patch delete mode 100644 openssl-fips_RSA_compute_d_with_lcm.patch create mode 100644 openssl-fipslocking.patch create mode 100644 openssl-randfile_fread_interrupt.patch diff --git a/openssl-fips-dont_run_FIPS_module_installed.patch b/openssl-fips-dont_run_FIPS_module_installed.patch new file mode 100644 index 0000000..c315fb1 --- /dev/null +++ b/openssl-fips-dont_run_FIPS_module_installed.patch @@ -0,0 +1,16 @@ +Index: openssl-1.0.2h/crypto/o_init.c +=================================================================== +--- openssl-1.0.2h.orig/crypto/o_init.c 2016-06-01 15:26:25.026937000 +0200 ++++ openssl-1.0.2h/crypto/o_init.c 2016-06-01 16:23:24.980858697 +0200 +@@ -111,9 +111,9 @@ void __attribute__ ((constructor)) OPENS + return; + done = 1; + #ifdef OPENSSL_FIPS +- if (!FIPS_module_installed()) { ++ /*if (!FIPS_module_installed()) { + return; +- } ++ }*/ + RAND_init_fips(); + init_fips_mode(); + if (!FIPS_mode()) { diff --git a/openssl-fips-rsagen-d-bits.patch b/openssl-fips-rsagen-d-bits.patch index 9d31caa..772eea5 100644 --- a/openssl-fips-rsagen-d-bits.patch +++ b/openssl-fips-rsagen-d-bits.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c +Index: openssl-1.0.2h/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:23:50.941168136 +0200 -+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:47:56.651757817 +0200 -@@ -237,6 +237,12 @@ static int FIPS_rsa_builtin_keygen(RSA * +--- openssl-1.0.2h.orig/crypto/rsa/rsa_gen.c 2016-07-14 15:25:28.640174922 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_gen.c 2016-07-14 15:27:41.330349764 +0200 +@@ -234,6 +234,12 @@ static int FIPS_rsa_builtin_keygen(RSA * goto err; } @@ -15,7 +15,7 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c /* prepare approximate minimum p and q */ if (!BN_set_word(r0, 0xB504F334)) goto err; -@@ -249,12 +255,6 @@ static int FIPS_rsa_builtin_keygen(RSA * +@@ -246,12 +252,6 @@ static int FIPS_rsa_builtin_keygen(RSA * if (!BN_lshift(r3, r3, pbits - 100)) goto err; @@ -28,12 +28,12 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { ploop: -@@ -384,6 +384,8 @@ static int FIPS_rsa_builtin_keygen(RSA * - if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx)) +@@ -375,6 +375,8 @@ static int FIPS_rsa_builtin_keygen(RSA * + if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) goto err; /* d */ + /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */ + /* the LCM part is covered due to the generation by modulo above */ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */ - + diff --git a/openssl-fips_RSA_compute_d_with_lcm.patch b/openssl-fips_RSA_compute_d_with_lcm.patch deleted file mode 100644 index 80c93a7..0000000 --- a/openssl-fips_RSA_compute_d_with_lcm.patch +++ /dev/null @@ -1,42 +0,0 @@ -Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c -=================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-13 15:07:34.371851679 +0200 -+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-13 15:18:00.630306031 +0200 -@@ -177,6 +177,7 @@ static int FIPS_rsa_builtin_keygen(RSA * - BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; - BIGNUM local_r0, local_d, local_p; - BIGNUM *pr0, *d, *p; -+ BIGNUM *gcd_p1_q1 = NULL, *lcm_p1_q1 = NULL; - BN_CTX *ctx = NULL; - int ok = -1; - int i; -@@ -204,6 +205,8 @@ static int FIPS_rsa_builtin_keygen(RSA * - r1 = BN_CTX_get(ctx); - r2 = BN_CTX_get(ctx); - r3 = BN_CTX_get(ctx); -+ gcd_p1_q1 = BN_CTX_get(ctx); -+ lcm_p1_q1 = BN_CTX_get(ctx); - - if (r3 == NULL) - goto err; -@@ -372,12 +375,18 @@ static int FIPS_rsa_builtin_keygen(RSA * - BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); - } else - pr0 = r0; -- if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) -+ -+ /* calculate lcm(p-1,q-1) = (p-1)*(q-1) / gcd(p-1,q-1) */ -+ if (!BN_gcd(gcd_p1_q1, r1, r2, ctx)) -+ goto err; /* gcd(p-1,q-1) */ -+ if (!BN_div(lcm_p1_q1, NULL, pr0, gcd_p1_q1, ctx)) -+ goto err; -+ if (!BN_mod_inverse(rsa->d, rsa->e, lcm_p1_q1, ctx)) - goto err; /* d */ - - if (BN_num_bits(rsa->d) < pbits) - goto retry; /* d is too small */ -- -+ - /* set up d for correct BN_FLG_CONSTTIME flag */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - d = &local_d; diff --git a/openssl-fipslocking.patch b/openssl-fipslocking.patch new file mode 100644 index 0000000..4f6672f --- /dev/null +++ b/openssl-fipslocking.patch @@ -0,0 +1,348 @@ +Index: openssl-1.0.2h/crypto/fips/fips_drbg_rand.c +=================================================================== +--- openssl-1.0.2h.orig/crypto/fips/fips_drbg_rand.c 2016-08-03 18:09:00.212901713 +0200 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_rand.c 2016-08-03 18:22:15.741698211 +0200 +@@ -82,7 +82,8 @@ static int fips_drbg_bytes(unsigned char + if (count > dctx->min_entropy) + RAND_load_file("/dev/urandom", count - dctx->min_entropy); + +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ int locked; ++ locked = private_RAND_lock(1); + do { + size_t rcnt; + if (count > (int)dctx->max_request) +@@ -111,7 +112,8 @@ static int fips_drbg_bytes(unsigned char + while (count); + rv = 1; + err: +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + return rv; + } + +@@ -126,34 +128,50 @@ static int fips_drbg_status(void) + { + DRBG_CTX *dctx = &ossl_dctx; + int rv; +- CRYPTO_r_lock(CRYPTO_LOCK_RAND); ++ int locked; ++ locked = private_RAND_lock(1); + rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; +- CRYPTO_r_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + return rv; + } + + static void fips_drbg_cleanup(void) + { + DRBG_CTX *dctx = &ossl_dctx; +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ int locked; ++ locked = private_RAND_lock(1); + FIPS_drbg_uninstantiate(dctx); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + } + + static int fips_drbg_seed(const void *seed, int seedlen) + { + DRBG_CTX *dctx = &ossl_dctx; ++ int locked; ++ int ret = 1; ++ ++ locked = private_RAND_lock(1); + if (dctx->rand_seed_cb) +- return dctx->rand_seed_cb(dctx, seed, seedlen); +- return 1; ++ ret = dctx->rand_seed_cb(dctx, seed, seedlen); ++ if (locked) ++ private_RAND_lock(0); ++ return ret; + } + + static int fips_drbg_add(const void *seed, int seedlen, double add_entropy) + { + DRBG_CTX *dctx = &ossl_dctx; ++ int locked; ++ int ret = 1; ++ ++ locked = private_RAND_lock(1); + if (dctx->rand_add_cb) +- return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); +- return 1; ++ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); ++ if (locked) ++ private_RAND_lock(0); ++ return ret; + } + + static const RAND_METHOD rand_drbg_meth = { +Index: openssl-1.0.2h/crypto/rand/md_rand.c +=================================================================== +--- openssl-1.0.2h.orig/crypto/rand/md_rand.c 2016-08-03 18:09:00.216901777 +0200 ++++ openssl-1.0.2h/crypto/rand/md_rand.c 2016-08-04 10:42:01.775958714 +0200 +@@ -144,13 +144,6 @@ static long md_count[2] = { 0, 0 }; + static double entropy = 0; + static int initialized = 0; + +-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread +- * holds CRYPTO_LOCK_RAND (to +- * prevent double locking) */ +-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ +-/* valid iff crypto_lock_rand is set */ +-static CRYPTO_THREADID locking_threadid; +- + #ifdef PREDICT + int rand_predictable = 0; + #endif +@@ -196,7 +189,7 @@ static void ssleay_rand_add(const void * + long md_c[2]; + unsigned char local_md[MD_DIGEST_LENGTH]; + EVP_MD_CTX m; +- int do_not_lock; ++ int locked; + + if (!num) + return; +@@ -216,18 +209,8 @@ static void ssleay_rand_add(const void * + * hash function. + */ + +- /* check if we already have the lock */ +- if (crypto_lock_rand) { +- CRYPTO_THREADID cur; +- CRYPTO_THREADID_current(&cur); +- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); +- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); +- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); +- } else +- do_not_lock = 0; ++ locked = private_RAND_lock(1); + +- if (!do_not_lock) +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); + st_idx = state_index; + + /* +@@ -258,8 +241,8 @@ static void ssleay_rand_add(const void * + + md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); + +- if (!do_not_lock) +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + + EVP_MD_CTX_init(&m); + for (i = 0; i < num; i += MD_DIGEST_LENGTH) { +@@ -307,8 +290,7 @@ static void ssleay_rand_add(const void * + } + EVP_MD_CTX_cleanup(&m); + +- if (!do_not_lock) +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ locked = private_RAND_lock(1); + /* + * Don't just copy back local_md into md -- this could mean that other + * thread's seeding remains without effect (except for the incremented +@@ -320,8 +302,8 @@ static void ssleay_rand_add(const void * + } + if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ + entropy += add; +- if (!do_not_lock) +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + + #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) + assert(md_c[1] == md_count[1]); +@@ -346,6 +328,7 @@ int ssleay_rand_bytes(unsigned char *buf + pid_t curr_pid = getpid(); + #endif + int do_stir_pool = 0; ++ int locked; + + #ifdef PREDICT + if (rand_predictable) { +@@ -387,13 +370,7 @@ int ssleay_rand_bytes(unsigned char *buf + * global 'md'. + */ + if (lock) +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); +- +- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ +- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); +- CRYPTO_THREADID_current(&locking_threadid); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); +- crypto_lock_rand = 1; ++ locked = private_RAND_lock(1); + + /* always poll for external entropy in FIPS mode, drbg provides the + * expansion +@@ -468,9 +445,8 @@ int ssleay_rand_bytes(unsigned char *buf + md_count[0] += 1; + + /* before unlocking, we must clear 'crypto_lock_rand' */ +- crypto_lock_rand = 0; +- if (lock) +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (lock && locked) ++ private_RAND_lock(0); + + while (num > 0) { + /* num_ceil -= MD_DIGEST_LENGTH/2 */ +@@ -519,11 +495,11 @@ int ssleay_rand_bytes(unsigned char *buf + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (lock) +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ locked = private_RAND_lock(1); + MD_Update(&m, md, MD_DIGEST_LENGTH); + MD_Final(&m, md); +- if (lock) +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (lock && locked) ++ private_RAND_lock(0); + + EVP_MD_CTX_cleanup(&m); + if (ok) +@@ -553,33 +529,10 @@ static int ssleay_rand_pseudo_bytes(unsi + + static int ssleay_rand_status(void) + { +- CRYPTO_THREADID cur; + int ret; +- int do_not_lock; +- +- CRYPTO_THREADID_current(&cur); +- /* +- * check if we already have the lock (could happen if a RAND_poll() +- * implementation calls RAND_status()) +- */ +- if (crypto_lock_rand) { +- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); +- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); +- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); +- } else +- do_not_lock = 0; ++ int locked; + +- if (!do_not_lock) { +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); +- +- /* +- * prevent ssleay_rand_bytes() from trying to obtain the lock again +- */ +- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); +- CRYPTO_THREADID_cpy(&locking_threadid, &cur); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); +- crypto_lock_rand = 1; +- } ++ locked = private_RAND_lock(1); + + if (!initialized) { + RAND_poll(); +@@ -588,12 +541,8 @@ static int ssleay_rand_status(void) + + ret = entropy >= ENTROPY_NEEDED; + +- if (!do_not_lock) { +- /* before unlocking, we must clear 'crypto_lock_rand' */ +- crypto_lock_rand = 0; +- +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +- } ++ if (locked) ++ private_RAND_lock(0); + + return ret; + } +Index: openssl-1.0.2h/crypto/rand/rand.h +=================================================================== +--- openssl-1.0.2h.orig/crypto/rand/rand.h 2016-08-03 18:08:58.848879702 +0200 ++++ openssl-1.0.2h/crypto/rand/rand.h 2016-08-03 18:09:00.216901777 +0200 +@@ -123,6 +123,8 @@ void RAND_set_fips_drbg_type(int type, i + int RAND_init_fips(void); + # endif + ++int private_RAND_lock(int lock); ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +Index: openssl-1.0.2h/crypto/rand/rand_lib.c +=================================================================== +--- openssl-1.0.2h.orig/crypto/rand/rand_lib.c 2016-08-03 18:08:58.848879702 +0200 ++++ openssl-1.0.2h/crypto/rand/rand_lib.c 2016-08-04 10:45:28.691025336 +0200 +@@ -176,6 +176,41 @@ int RAND_status(void) + return 0; + } + ++int private_RAND_lock(int lock) ++ { ++ static int crypto_lock_rand; ++ static CRYPTO_THREADID locking_threadid; ++ int do_lock; ++ ++ if (!lock) ++ { ++ crypto_lock_rand = 0; ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ return 0; ++ } ++ ++ /* check if we already have the lock */ ++ if (crypto_lock_rand) ++ { ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); ++ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); ++ do_lock = !!CRYPTO_THREADID_cmp(&locking_threadid, &cur); ++ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); ++ } ++ else ++ do_lock = 1; ++ if (do_lock) ++ { ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); ++ CRYPTO_THREADID_current(&locking_threadid); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); ++ crypto_lock_rand = 1; ++ } ++ return do_lock; ++ } ++ + #ifdef OPENSSL_FIPS + + /* +@@ -237,9 +272,10 @@ static int drbg_rand_add(DRBG_CTX *ctx, + { + RAND_SSLeay()->add(in, inlen, entropy); + if (FIPS_rand_status()) { +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ int locked = private_RAND_lock(1); + FIPS_drbg_reseed(ctx, in, inlen); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + } + return 1; + } +@@ -248,9 +284,10 @@ static int drbg_rand_seed(DRBG_CTX *ctx, + { + RAND_SSLeay()->seed(in, inlen); + if (FIPS_rand_status()) { +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ int locked = private_RAND_lock(1); + FIPS_drbg_reseed(ctx, NULL, 0); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (locked) ++ private_RAND_lock(0); + } + return 1; + } diff --git a/openssl-randfile_fread_interrupt.patch b/openssl-randfile_fread_interrupt.patch new file mode 100644 index 0000000..5ff49b0 --- /dev/null +++ b/openssl-randfile_fread_interrupt.patch @@ -0,0 +1,16 @@ +Index: openssl-1.0.2j/crypto/rand/randfile.c +=================================================================== +--- openssl-1.0.2j.orig/crypto/rand/randfile.c 2016-09-27 13:52:29.265425064 +0200 ++++ openssl-1.0.2j/crypto/rand/randfile.c 2016-09-27 13:53:34.162468100 +0200 +@@ -205,6 +205,11 @@ int RAND_load_file(const char *file, lon + else + n = BUFSIZE; + i = fread(buf, 1, n, in); ++ if (i <= 0 && ferror(in) && errno == EINTR) { ++ clearerr(in); ++ continue; ++ } ++ + if (i <= 0) + break; + #ifdef PURIFY diff --git a/openssl.changes b/openssl.changes index 7df0269..17b762d 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Sep 30 10:53:56 UTC 2016 - vcizek@suse.com + +- resume reading from /dev/urandom when interrupted by a signal + (bsc#995075) + * add openssl-randfile_fread_interrupt.patch + +------------------------------------------------------------------- +Fri Sep 30 10:53:06 UTC 2016 - vcizek@suse.com + +- add FIPS changes from SP2: +- fix problems with locking in FIPS mode (bsc#992120) + * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 + and bsc#990207 + * bring back openssl-fipslocking.patch +- drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) + (bsc#984323) +- don't check for /etc/system-fips (bsc#982268) + * add openssl-fips-dont_run_FIPS_module_installed.patch +- refresh openssl-fips-rsagen-d-bits.patch + ------------------------------------------------------------------- Tue Sep 27 06:20:03 UTC 2016 - michael@stroeder.com diff --git a/openssl.spec b/openssl.spec index 3cdeb6a..11f562f 100644 --- a/openssl.spec +++ b/openssl.spec @@ -74,9 +74,9 @@ Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch # FIPS patches from SLE-12 +Patch41: openssl-fips-dont_run_FIPS_module_installed.patch Patch50: openssl-fips_disallow_x931_rand_method.patch Patch51: openssl-fips_disallow_ENGINE_loading.patch -Patch52: openssl-fips_RSA_compute_d_with_lcm.patch Patch53: openssl-rsakeygen-minimum-distance.patch Patch54: openssl-urandom-reseeding.patch Patch55: openssl-fips-rsagen-d-bits.patch @@ -85,7 +85,9 @@ Patch57: openssl-fips-fix-odd-rsakeybits.patch Patch58: openssl-fips-clearerror.patch Patch59: openssl-fips-dont-fall-back-to-default-digest.patch -Patch60: openssl-print_notice-NULL_crash.patch +Patch61: openssl-fipslocking.patch +Patch62: openssl-print_notice-NULL_crash.patch +Patch63: openssl-randfile_fread_interrupt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -196,9 +198,9 @@ this package's base documentation. %patch35 -p1 %patch37 -p1 %patch38 -p1 +%patch41 -p1 %patch50 -p1 %patch51 -p1 -%patch52 -p1 %patch53 -p1 %patch54 -p1 %patch55 -p1 @@ -206,7 +208,9 @@ this package's base documentation. %patch57 -p1 %patch58 -p1 %patch59 -p1 -%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 %if 0%{?suse_version} >= 1120 %patch3 %endif