Accepting request 81348 from Base:System

- Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210 see http://openssl.org/news/secadv_20110906.txt for details. (forwarded request 81347 from elvigia) OBS-URL: https://build.opensuse.org/request/show/81348 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=67
2011-09-09 09:49:14 +00:00 · 2011-09-09 09:49:14 +00:00 · 712cc1be28
commit 712cc1be28
parent 6793d223c7
5 changed files with 10 additions and 49 deletions
--- a/ECDSA_signatures_timing_attack.patch
+++ b/ECDSA_signatures_timing_attack.patch
@ -1,43 +0,0 @@
-Index: openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
-===================================================================
--- openssl-1.0.0c.orig/crypto/ecdsa/ecs_ossl.c
-+++ openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
-@@ -144,6 +144,16 @@ static int ecdsa_sign_setup(EC_KEY *ecke
- 			}
- 		while (BN_is_zero(k));
- 
-+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
-+		/* We do not want timing information to leak the length of k,
-+		 * so we compute G*k using an equivalent scalar of fixed
-+		 * bit-length. */
-+
-+		if (!BN_add(k, k, order)) goto err;
-+		if (BN_num_bits(k) <= BN_num_bits(order))
-+			if (!BN_add(k, k, order)) goto err;
-+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
-+
- 		/* compute r the x-coordinate of generator * k */
- 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
- 		{
-Index: openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
-===================================================================
--- openssl-1.0.0c.orig/crypto/ocsp/ocsp_lib.c
-+++ openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
-@@ -170,13 +170,14 @@ int OCSP_parse_url(char *url, char **pho
- 
- 	char *host, *port;
- 
-+	*phost = NULL;
-+	*pport = NULL;
-+	*ppath = NULL;
-+
- 	/* dup the buffer since we are going to mess with it */
- 	buf = BUF_strdup(url);
- 	if (!buf) goto mem_err;
- 
-	*phost = NULL;
-	*pport = NULL;
-	*ppath = NULL;
- 
- 	/* Check for initial colon */
- 	p = strchr(buf, ':');
--- a/openssl-1.0.0d.tar.bz2
+++ b/openssl-1.0.0d.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1544c7464c7b6cd40bed63cf9e7e27a913d1af881f14d9afd15e61f401056eda
-size 3223694
--- a/openssl-1.0.0e.tar.bz2
+++ b/openssl-1.0.0e.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d4cecef7f43d8adc75d7eb6aa9b96cbd8048d919fae6a9d4e89acedac3eabc33
+size 3222400
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Sep  7 14:29:41 UTC 2011 - crrodriguez@opensuse.org
+
+- Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210
+  see http://openssl.org/news/secadv_20110906.txt for details.
+
 -------------------------------------------------------------------
 Sat Aug  6 00:33:47 UTC 2011 - crrodriguez@opensuse.org

--- a/openssl.spec
+++ b/openssl.spec
@ -32,7 +32,7 @@ Obsoletes:      openssl-64bit
 %endif
 #
 #Version:        1.0.0
-Version:        1.0.0d
+Version:        1.0.0e
 Release:        31
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
@ -50,7 +50,6 @@ Patch2:         bug610223.patch
 #Patch6:         CVE-2010-3864.patch
 Patch7:         openssl-1.0.0b-aesni.patch
 #Patch8:         CVE-2011-0014.patch
-Patch9:         ECDSA_signatures_timing_attack.patch
 Patch10:        openssl-call-engine-reg-comp.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -188,7 +187,6 @@ Authors:
 #%patch6 -p1
 %patch7 -p1
 #%patch8 -p1
-%patch9 -p1
 %patch10
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"