forked from pool/openssl
Accepting request 347504 from Base:System
- update to 1.0.2e * fixes five security vulnerabilities * Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) (bsc#957984) * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) (bsc#957814) * Certificate verify crash with missing PSS parameter (CVE-2015-3194) (bsc#957815) * X509_ATTRIBUTE memory leak (CVE-2015-3195) (bsc#957812) * Race condition handling PSK identify hint (CVE-2015-3196) (bsc#957813) - pulled a refreshed fips patch from Fedora * openssl-1.0.2a-fips.patch was replaced by openssl-1.0.2e-fips.patch - refresh openssl-ocloexec.patch OBS-URL: https://build.opensuse.org/request/show/347504 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=129
This commit is contained in:
parent
7f772876ff
commit
ed81eb44e1
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8
|
|
||||||
size 5295447
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+
|
|
||||||
0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr
|
|
||||||
qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ
|
|
||||||
uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku
|
|
||||||
6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq
|
|
||||||
54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y=
|
|
||||||
=U3sw
|
|
||||||
-----END PGP SIGNATURE-----
|
|
File diff suppressed because it is too large
Load Diff
3
openssl-1.0.2e.tar.gz
Normal file
3
openssl-1.0.2e.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff
|
||||||
|
size 5256555
|
11
openssl-1.0.2e.tar.gz.asc
Normal file
11
openssl-1.0.2e.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQEcBAABAgAGBQJWYIyiAAoJENnE0m0OYESRdSwIAIlfOOvtTaKbsY1gDhM8LaAM
|
||||||
|
gC2HYR18ipcz0ZdZzNch/mGy8gpVNmBWDhWzTd5Yz0AHRFX0fpOX7QZXHozV/QaB
|
||||||
|
2LmQ9N1QbztqSq0MW+2VCX31BR79wWYHVQF4A9QT7MOwCSA3RhGfEiZiIHNNloRa
|
||||||
|
j55Dpe0CMVdpdQc2WxlUC1A8O837bwr6ruPxctneJAvHK/XyeS/ta7a4eI8UQxMS
|
||||||
|
zkBNlsuiWQRzlAqMyiAkqu9NBkuLdBhP5Gkh2D8XP/yt1KwECFJiyAc0PFXTMILi
|
||||||
|
cNG5KdPe3tN3xCgR38k4/DKRNi4F1IVoe5YE7sk7U2wmG4dc5Z/9zGCTx+2atc0=
|
||||||
|
=PIJl
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,7 +1,7 @@
|
|||||||
Index: crypto/bio/b_sock.c
|
Index: crypto/bio/b_sock.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- crypto/bio/b_sock.c.orig 2015-05-29 11:54:57.219659682 +0200
|
--- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100
|
||||||
+++ crypto/bio/b_sock.c 2015-05-29 11:56:47.059884761 +0200
|
+++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100
|
||||||
@@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in
|
@@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -31,8 +31,8 @@ Index: crypto/bio/b_sock.c
|
|||||||
sa.len.i = (int)sa.len.s;
|
sa.len.i = (int)sa.len.s;
|
||||||
Index: crypto/bio/bss_conn.c
|
Index: crypto/bio/bss_conn.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- crypto/bio/bss_conn.c.orig 2015-05-29 11:54:57.219659682 +0200
|
--- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100
|
||||||
+++ crypto/bio/bss_conn.c 2015-05-29 11:57:45.668538446 +0200
|
+++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100
|
||||||
@@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC
|
@@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC
|
||||||
c->them.sin_addr.s_addr = htonl(l);
|
c->them.sin_addr.s_addr = htonl(l);
|
||||||
c->state = BIO_CONN_S_CREATE_SOCKET;
|
c->state = BIO_CONN_S_CREATE_SOCKET;
|
||||||
@ -44,9 +44,9 @@ Index: crypto/bio/bss_conn.c
|
|||||||
ERR_add_error_data(4, "host=", c->param_hostname,
|
ERR_add_error_data(4, "host=", c->param_hostname,
|
||||||
Index: crypto/bio/bss_dgram.c
|
Index: crypto/bio/bss_dgram.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- crypto/bio/bss_dgram.c.orig 2015-05-29 11:54:57.221659705 +0200
|
--- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100
|
||||||
+++ crypto/bio/bss_dgram.c 2015-05-29 13:29:42.463696425 +0200
|
+++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100
|
||||||
@@ -1176,7 +1176,7 @@ static int dgram_sctp_read(BIO *b, char
|
@@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char
|
||||||
msg.msg_control = cmsgbuf;
|
msg.msg_control = cmsgbuf;
|
||||||
msg.msg_controllen = 512;
|
msg.msg_controllen = 512;
|
||||||
msg.msg_flags = 0;
|
msg.msg_flags = 0;
|
||||||
@ -55,7 +55,7 @@ Index: crypto/bio/bss_dgram.c
|
|||||||
|
|
||||||
if (n <= 0) {
|
if (n <= 0) {
|
||||||
if (n < 0)
|
if (n < 0)
|
||||||
@@ -1801,7 +1801,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
@@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
||||||
msg.msg_controllen = 0;
|
msg.msg_controllen = 0;
|
||||||
msg.msg_flags = 0;
|
msg.msg_flags = 0;
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ Index: crypto/bio/bss_dgram.c
|
|||||||
if (n <= 0) {
|
if (n <= 0) {
|
||||||
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
||||||
&& (get_last_socket_error() != EWOULDBLOCK))
|
&& (get_last_socket_error() != EWOULDBLOCK))
|
||||||
@@ -1823,7 +1823,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
@@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
||||||
msg.msg_controllen = 0;
|
msg.msg_controllen = 0;
|
||||||
msg.msg_flags = 0;
|
msg.msg_flags = 0;
|
||||||
|
|
||||||
@ -73,7 +73,7 @@ Index: crypto/bio/bss_dgram.c
|
|||||||
if (n <= 0) {
|
if (n <= 0) {
|
||||||
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
if ((n < 0) && (get_last_socket_error() != EAGAIN)
|
||||||
&& (get_last_socket_error() != EWOULDBLOCK))
|
&& (get_last_socket_error() != EWOULDBLOCK))
|
||||||
@@ -1888,7 +1888,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
@@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
|
||||||
fcntl(b->num, F_SETFL, O_NONBLOCK);
|
fcntl(b->num, F_SETFL, O_NONBLOCK);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -82,7 +82,7 @@ Index: crypto/bio/bss_dgram.c
|
|||||||
|
|
||||||
if (is_dry) {
|
if (is_dry) {
|
||||||
fcntl(b->num, F_SETFL, sockflags);
|
fcntl(b->num, F_SETFL, sockflags);
|
||||||
@@ -1930,7 +1930,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
|
@@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
|
||||||
|
|
||||||
sockflags = fcntl(b->num, F_GETFL, 0);
|
sockflags = fcntl(b->num, F_GETFL, 0);
|
||||||
fcntl(b->num, F_SETFL, O_NONBLOCK);
|
fcntl(b->num, F_SETFL, O_NONBLOCK);
|
||||||
@ -91,7 +91,7 @@ Index: crypto/bio/bss_dgram.c
|
|||||||
fcntl(b->num, F_SETFL, sockflags);
|
fcntl(b->num, F_SETFL, sockflags);
|
||||||
|
|
||||||
/* if notification, process and try again */
|
/* if notification, process and try again */
|
||||||
@@ -1950,7 +1950,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
|
@@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
|
||||||
msg.msg_control = NULL;
|
msg.msg_control = NULL;
|
||||||
msg.msg_controllen = 0;
|
msg.msg_controllen = 0;
|
||||||
msg.msg_flags = 0;
|
msg.msg_flags = 0;
|
||||||
@ -102,11 +102,11 @@ Index: crypto/bio/bss_dgram.c
|
|||||||
data->handle_notifications(b, data->notification_context,
|
data->handle_notifications(b, data->notification_context,
|
||||||
Index: crypto/bio/bss_file.c
|
Index: crypto/bio/bss_file.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- crypto/bio/bss_file.c.orig 2015-05-29 11:54:57.221659705 +0200
|
--- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100
|
||||||
+++ crypto/bio/bss_file.c 2015-05-29 13:33:08.553070567 +0200
|
+++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100
|
||||||
@@ -119,6 +119,10 @@ BIO *BIO_new_file(const char *filename,
|
@@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = {
|
||||||
|
static FILE *file_fopen(const char *filename, const char *mode)
|
||||||
{
|
{
|
||||||
BIO *ret;
|
|
||||||
FILE *file = NULL;
|
FILE *file = NULL;
|
||||||
+ size_t modelen = strlen (mode);
|
+ size_t modelen = strlen (mode);
|
||||||
+ char newmode[modelen + 2];
|
+ char newmode[modelen + 2];
|
||||||
@ -115,16 +115,16 @@ Index: crypto/bio/bss_file.c
|
|||||||
|
|
||||||
# if defined(_WIN32) && defined(CP_UTF8)
|
# if defined(_WIN32) && defined(CP_UTF8)
|
||||||
int sz, len_0 = (int)strlen(filename) + 1;
|
int sz, len_0 = (int)strlen(filename) + 1;
|
||||||
@@ -162,7 +166,7 @@ BIO *BIO_new_file(const char *filename,
|
@@ -161,7 +165,7 @@ static FILE *file_fopen(const char *file
|
||||||
file = fopen(filename, mode);
|
file = fopen(filename, mode);
|
||||||
}
|
}
|
||||||
# else
|
# else
|
||||||
- file = fopen(filename, mode);
|
- file = fopen(filename, mode);
|
||||||
+ file = fopen(filename, newmode);
|
+ file = fopen(filename, newmode);
|
||||||
# endif
|
# endif
|
||||||
if (file == NULL) {
|
return (file);
|
||||||
SYSerr(SYS_F_FOPEN, get_last_sys_error());
|
}
|
||||||
@@ -275,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
|
@@ -282,7 +286,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
|
||||||
long ret = 1;
|
long ret = 1;
|
||||||
FILE *fp = (FILE *)b->ptr;
|
FILE *fp = (FILE *)b->ptr;
|
||||||
FILE **fpp;
|
FILE **fpp;
|
||||||
@ -133,18 +133,18 @@ Index: crypto/bio/bss_file.c
|
|||||||
|
|
||||||
switch (cmd) {
|
switch (cmd) {
|
||||||
case BIO_C_FILE_SEEK:
|
case BIO_C_FILE_SEEK:
|
||||||
@@ -386,6 +390,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
|
@@ -393,6 +397,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
|
||||||
else
|
else
|
||||||
strcat(p, "t");
|
strcat(p, "t");
|
||||||
# endif
|
# endif
|
||||||
+ strcat(p, "e");
|
+ strcat(p, "e");
|
||||||
fp = fopen(ptr, p);
|
fp = file_fopen(ptr, p);
|
||||||
if (fp == NULL) {
|
if (fp == NULL) {
|
||||||
SYSerr(SYS_F_FOPEN, get_last_sys_error());
|
SYSerr(SYS_F_FOPEN, get_last_sys_error());
|
||||||
Index: crypto/rand/rand_unix.c
|
Index: crypto/rand/rand_unix.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- crypto/rand/rand_unix.c.orig 2015-05-29 11:54:57.222659716 +0200
|
--- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100
|
||||||
+++ crypto/rand/rand_unix.c 2015-05-29 13:36:11.270174218 +0200
|
+++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100
|
||||||
@@ -269,7 +269,7 @@ int RAND_poll(void)
|
@@ -269,7 +269,7 @@ int RAND_poll(void)
|
||||||
|
|
||||||
for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
|
for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
|
||||||
@ -156,8 +156,8 @@ Index: crypto/rand/rand_unix.c
|
|||||||
# endif
|
# endif
|
||||||
Index: crypto/rand/randfile.c
|
Index: crypto/rand/randfile.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- crypto/rand/randfile.c.orig 2015-05-29 11:54:57.222659716 +0200
|
--- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100
|
||||||
+++ crypto/rand/randfile.c 2015-05-29 13:37:38.156170674 +0200
|
+++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100
|
||||||
@@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon
|
@@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon
|
||||||
#ifdef OPENSSL_SYS_VMS
|
#ifdef OPENSSL_SYS_VMS
|
||||||
in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
|
in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
|
||||||
|
@ -1,3 +1,23 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 4 23:06:18 UTC 2015 - vcizek@suse.com
|
||||||
|
|
||||||
|
- update to 1.0.2e
|
||||||
|
* fixes five security vulnerabilities
|
||||||
|
* Anon DH ServerKeyExchange with 0 p parameter
|
||||||
|
(CVE-2015-1794) (bsc#957984)
|
||||||
|
* BN_mod_exp may produce incorrect results on x86_64
|
||||||
|
(CVE-2015-3193) (bsc#957814)
|
||||||
|
* Certificate verify crash with missing PSS parameter
|
||||||
|
(CVE-2015-3194) (bsc#957815)
|
||||||
|
* X509_ATTRIBUTE memory leak
|
||||||
|
(CVE-2015-3195) (bsc#957812)
|
||||||
|
* Race condition handling PSK identify hint
|
||||||
|
(CVE-2015-3196) (bsc#957813)
|
||||||
|
- pulled a refreshed fips patch from Fedora
|
||||||
|
* openssl-1.0.2a-fips.patch was replaced by
|
||||||
|
openssl-1.0.2e-fips.patch
|
||||||
|
- refresh openssl-ocloexec.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com
|
Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ Provides: ssl
|
|||||||
%ifarch ppc64
|
%ifarch ppc64
|
||||||
Obsoletes: openssl-64bit
|
Obsoletes: openssl-64bit
|
||||||
%endif
|
%endif
|
||||||
Version: 1.0.2d
|
Version: 1.0.2e
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Secure Sockets and Transport Layer Security
|
Summary: Secure Sockets and Transport Layer Security
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
@ -62,7 +62,7 @@ Patch10: openssl-pkgconfig.patch
|
|||||||
Patch13: openssl-1.0.2a-ipv6-apps.patch
|
Patch13: openssl-1.0.2a-ipv6-apps.patch
|
||||||
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
|
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
|
||||||
# FIPS patches:
|
# FIPS patches:
|
||||||
Patch15: openssl-1.0.2a-fips.patch
|
Patch15: openssl-1.0.2e-fips.patch
|
||||||
Patch16: openssl-1.0.2a-fips-ec.patch
|
Patch16: openssl-1.0.2a-fips-ec.patch
|
||||||
Patch17: openssl-1.0.2a-fips-ctor.patch
|
Patch17: openssl-1.0.2a-fips-ctor.patch
|
||||||
Patch18: openssl-1.0.2a-new-fips-reqs.patch
|
Patch18: openssl-1.0.2a-new-fips-reqs.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user