SHA256
3
0
forked from pool/openssl

Accepting request 347504 from Base:System

- update to 1.0.2e
  * fixes five security vulnerabilities
  * Anon DH ServerKeyExchange with 0 p parameter
    (CVE-2015-1794) (bsc#957984)
  * BN_mod_exp may produce incorrect results on x86_64
    (CVE-2015-3193) (bsc#957814)
  * Certificate verify crash with missing PSS parameter
    (CVE-2015-3194) (bsc#957815)
  * X509_ATTRIBUTE memory leak
    (CVE-2015-3195) (bsc#957812)
  * Race condition handling PSK identify hint
    (CVE-2015-3196) (bsc#957813)
- pulled a refreshed fips patch from Fedora
  * openssl-1.0.2a-fips.patch was replaced by
    openssl-1.0.2e-fips.patch
- refresh openssl-ocloexec.patch

OBS-URL: https://build.opensuse.org/request/show/347504
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=129
This commit is contained in:
Stephan Kulow 2015-12-13 08:36:18 +00:00 committed by Git OBS Bridge
parent 7f772876ff
commit ed81eb44e1
8 changed files with 380 additions and 448 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8
size 5295447

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+
0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr
qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ
uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku
6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq
54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y=
=U3sw
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load Diff

3
openssl-1.0.2e.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff
size 5256555

11
openssl-1.0.2e.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWYIyiAAoJENnE0m0OYESRdSwIAIlfOOvtTaKbsY1gDhM8LaAM
gC2HYR18ipcz0ZdZzNch/mGy8gpVNmBWDhWzTd5Yz0AHRFX0fpOX7QZXHozV/QaB
2LmQ9N1QbztqSq0MW+2VCX31BR79wWYHVQF4A9QT7MOwCSA3RhGfEiZiIHNNloRa
j55Dpe0CMVdpdQc2WxlUC1A8O837bwr6ruPxctneJAvHK/XyeS/ta7a4eI8UQxMS
zkBNlsuiWQRzlAqMyiAkqu9NBkuLdBhP5Gkh2D8XP/yt1KwECFJiyAc0PFXTMILi
cNG5KdPe3tN3xCgR38k4/DKRNi4F1IVoe5YE7sk7U2wmG4dc5Z/9zGCTx+2atc0=
=PIJl
-----END PGP SIGNATURE-----

View File

@ -1,7 +1,7 @@
Index: crypto/bio/b_sock.c Index: crypto/bio/b_sock.c
=================================================================== ===================================================================
--- crypto/bio/b_sock.c.orig 2015-05-29 11:54:57.219659682 +0200 --- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100
+++ crypto/bio/b_sock.c 2015-05-29 11:56:47.059884761 +0200 +++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100
@@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in @@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in
} }
@ -31,8 +31,8 @@ Index: crypto/bio/b_sock.c
sa.len.i = (int)sa.len.s; sa.len.i = (int)sa.len.s;
Index: crypto/bio/bss_conn.c Index: crypto/bio/bss_conn.c
=================================================================== ===================================================================
--- crypto/bio/bss_conn.c.orig 2015-05-29 11:54:57.219659682 +0200 --- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100
+++ crypto/bio/bss_conn.c 2015-05-29 11:57:45.668538446 +0200 +++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100
@@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC @@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC
c->them.sin_addr.s_addr = htonl(l); c->them.sin_addr.s_addr = htonl(l);
c->state = BIO_CONN_S_CREATE_SOCKET; c->state = BIO_CONN_S_CREATE_SOCKET;
@ -44,9 +44,9 @@ Index: crypto/bio/bss_conn.c
ERR_add_error_data(4, "host=", c->param_hostname, ERR_add_error_data(4, "host=", c->param_hostname,
Index: crypto/bio/bss_dgram.c Index: crypto/bio/bss_dgram.c
=================================================================== ===================================================================
--- crypto/bio/bss_dgram.c.orig 2015-05-29 11:54:57.221659705 +0200 --- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100
+++ crypto/bio/bss_dgram.c 2015-05-29 13:29:42.463696425 +0200 +++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100
@@ -1176,7 +1176,7 @@ static int dgram_sctp_read(BIO *b, char @@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char
msg.msg_control = cmsgbuf; msg.msg_control = cmsgbuf;
msg.msg_controllen = 512; msg.msg_controllen = 512;
msg.msg_flags = 0; msg.msg_flags = 0;
@ -55,7 +55,7 @@ Index: crypto/bio/bss_dgram.c
if (n <= 0) { if (n <= 0) {
if (n < 0) if (n < 0)
@@ -1801,7 +1801,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) @@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0; msg.msg_controllen = 0;
msg.msg_flags = 0; msg.msg_flags = 0;
@ -64,7 +64,7 @@ Index: crypto/bio/bss_dgram.c
if (n <= 0) { if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN) if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK)) && (get_last_socket_error() != EWOULDBLOCK))
@@ -1823,7 +1823,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) @@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0; msg.msg_controllen = 0;
msg.msg_flags = 0; msg.msg_flags = 0;
@ -73,7 +73,7 @@ Index: crypto/bio/bss_dgram.c
if (n <= 0) { if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN) if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK)) && (get_last_socket_error() != EWOULDBLOCK))
@@ -1888,7 +1888,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) @@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
fcntl(b->num, F_SETFL, O_NONBLOCK); fcntl(b->num, F_SETFL, O_NONBLOCK);
} }
@ -82,7 +82,7 @@ Index: crypto/bio/bss_dgram.c
if (is_dry) { if (is_dry) {
fcntl(b->num, F_SETFL, sockflags); fcntl(b->num, F_SETFL, sockflags);
@@ -1930,7 +1930,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) @@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
sockflags = fcntl(b->num, F_GETFL, 0); sockflags = fcntl(b->num, F_GETFL, 0);
fcntl(b->num, F_SETFL, O_NONBLOCK); fcntl(b->num, F_SETFL, O_NONBLOCK);
@ -91,7 +91,7 @@ Index: crypto/bio/bss_dgram.c
fcntl(b->num, F_SETFL, sockflags); fcntl(b->num, F_SETFL, sockflags);
/* if notification, process and try again */ /* if notification, process and try again */
@@ -1950,7 +1950,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) @@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
msg.msg_control = NULL; msg.msg_control = NULL;
msg.msg_controllen = 0; msg.msg_controllen = 0;
msg.msg_flags = 0; msg.msg_flags = 0;
@ -102,11 +102,11 @@ Index: crypto/bio/bss_dgram.c
data->handle_notifications(b, data->notification_context, data->handle_notifications(b, data->notification_context,
Index: crypto/bio/bss_file.c Index: crypto/bio/bss_file.c
=================================================================== ===================================================================
--- crypto/bio/bss_file.c.orig 2015-05-29 11:54:57.221659705 +0200 --- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100
+++ crypto/bio/bss_file.c 2015-05-29 13:33:08.553070567 +0200 +++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100
@@ -119,6 +119,10 @@ BIO *BIO_new_file(const char *filename, @@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = {
static FILE *file_fopen(const char *filename, const char *mode)
{ {
BIO *ret;
FILE *file = NULL; FILE *file = NULL;
+ size_t modelen = strlen (mode); + size_t modelen = strlen (mode);
+ char newmode[modelen + 2]; + char newmode[modelen + 2];
@ -115,16 +115,16 @@ Index: crypto/bio/bss_file.c
# if defined(_WIN32) && defined(CP_UTF8) # if defined(_WIN32) && defined(CP_UTF8)
int sz, len_0 = (int)strlen(filename) + 1; int sz, len_0 = (int)strlen(filename) + 1;
@@ -162,7 +166,7 @@ BIO *BIO_new_file(const char *filename, @@ -161,7 +165,7 @@ static FILE *file_fopen(const char *file
file = fopen(filename, mode); file = fopen(filename, mode);
} }
# else # else
- file = fopen(filename, mode); - file = fopen(filename, mode);
+ file = fopen(filename, newmode); + file = fopen(filename, newmode);
# endif # endif
if (file == NULL) { return (file);
SYSerr(SYS_F_FOPEN, get_last_sys_error()); }
@@ -275,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b @@ -282,7 +286,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
long ret = 1; long ret = 1;
FILE *fp = (FILE *)b->ptr; FILE *fp = (FILE *)b->ptr;
FILE **fpp; FILE **fpp;
@ -133,18 +133,18 @@ Index: crypto/bio/bss_file.c
switch (cmd) { switch (cmd) {
case BIO_C_FILE_SEEK: case BIO_C_FILE_SEEK:
@@ -386,6 +390,7 @@ static long MS_CALLBACK file_ctrl(BIO *b @@ -393,6 +397,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
else else
strcat(p, "t"); strcat(p, "t");
# endif # endif
+ strcat(p, "e"); + strcat(p, "e");
fp = fopen(ptr, p); fp = file_fopen(ptr, p);
if (fp == NULL) { if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error()); SYSerr(SYS_F_FOPEN, get_last_sys_error());
Index: crypto/rand/rand_unix.c Index: crypto/rand/rand_unix.c
=================================================================== ===================================================================
--- crypto/rand/rand_unix.c.orig 2015-05-29 11:54:57.222659716 +0200 --- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100
+++ crypto/rand/rand_unix.c 2015-05-29 13:36:11.270174218 +0200 +++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100
@@ -269,7 +269,7 @@ int RAND_poll(void) @@ -269,7 +269,7 @@ int RAND_poll(void)
for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
@ -156,8 +156,8 @@ Index: crypto/rand/rand_unix.c
# endif # endif
Index: crypto/rand/randfile.c Index: crypto/rand/randfile.c
=================================================================== ===================================================================
--- crypto/rand/randfile.c.orig 2015-05-29 11:54:57.222659716 +0200 --- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100
+++ crypto/rand/randfile.c 2015-05-29 13:37:38.156170674 +0200 +++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100
@@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon @@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Fri Dec 4 23:06:18 UTC 2015 - vcizek@suse.com
- update to 1.0.2e
* fixes five security vulnerabilities
* Anon DH ServerKeyExchange with 0 p parameter
(CVE-2015-1794) (bsc#957984)
* BN_mod_exp may produce incorrect results on x86_64
(CVE-2015-3193) (bsc#957814)
* Certificate verify crash with missing PSS parameter
(CVE-2015-3194) (bsc#957815)
* X509_ATTRIBUTE memory leak
(CVE-2015-3195) (bsc#957812)
* Race condition handling PSK identify hint
(CVE-2015-3196) (bsc#957813)
- pulled a refreshed fips patch from Fedora
* openssl-1.0.2a-fips.patch was replaced by
openssl-1.0.2e-fips.patch
- refresh openssl-ocloexec.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com

View File

@ -29,7 +29,7 @@ Provides: ssl
%ifarch ppc64 %ifarch ppc64
Obsoletes: openssl-64bit Obsoletes: openssl-64bit
%endif %endif
Version: 1.0.2d Version: 1.0.2e
Release: 0 Release: 0
Summary: Secure Sockets and Transport Layer Security Summary: Secure Sockets and Transport Layer Security
License: OpenSSL License: OpenSSL
@ -62,7 +62,7 @@ Patch10: openssl-pkgconfig.patch
Patch13: openssl-1.0.2a-ipv6-apps.patch Patch13: openssl-1.0.2a-ipv6-apps.patch
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
# FIPS patches: # FIPS patches:
Patch15: openssl-1.0.2a-fips.patch Patch15: openssl-1.0.2e-fips.patch
Patch16: openssl-1.0.2a-fips-ec.patch Patch16: openssl-1.0.2a-fips-ec.patch
Patch17: openssl-1.0.2a-fips-ctor.patch Patch17: openssl-1.0.2a-fips-ctor.patch
Patch18: openssl-1.0.2a-new-fips-reqs.patch Patch18: openssl-1.0.2a-new-fips-reqs.patch