From f7574150c574595ee562d572eedd1ae8c42642f466c801b940f4f147630a423e Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Tue, 31 Jan 2017 11:37:40 +0000
Subject: [PATCH] Accepting request 452919 from Base:System

- Updated to openssl 1.0.2k
  - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results
  - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
  - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read
  - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64

OBS-URL: https://build.opensuse.org/request/show/452919
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=135
---
 openssl-1.0.2j.tar.gz                               |  3 ---
 openssl-1.0.2j.tar.gz.asc                           | 11 -----------
 openssl-1.0.2k.tar.gz                               |  3 +++
 openssl-1.0.2k.tar.gz.asc                           | 10 ++++++++++
 openssl-fips-dont-fall-back-to-default-digest.patch |  6 +++---
 openssl.changes                                     |  9 +++++++++
 openssl.spec                                        |  4 ++--
 7 files changed, 27 insertions(+), 19 deletions(-)
 delete mode 100644 openssl-1.0.2j.tar.gz
 delete mode 100644 openssl-1.0.2j.tar.gz.asc
 create mode 100644 openssl-1.0.2k.tar.gz
 create mode 100644 openssl-1.0.2k.tar.gz.asc

diff --git a/openssl-1.0.2j.tar.gz b/openssl-1.0.2j.tar.gz
deleted file mode 100644
index c57e541..0000000
--- a/openssl-1.0.2j.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
-size 5307912
diff --git a/openssl-1.0.2j.tar.gz.asc b/openssl-1.0.2j.tar.gz.asc
deleted file mode 100644
index f04cb84..0000000
--- a/openssl-1.0.2j.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJX6O9BAAoJENnE0m0OYESRhC4H/0feEYv4JBbtk3cFyIt39ph6
-A700qbm8pnOukXOg5Q2HrYz6TxE1C/p7MO4+iYnttvtC7WMz9oK0fEQ/k2PEjoU7
-I65vM/LlrQjY6pJe+pORk+UL9uHamcDpeyYCa+Ro61o/l4Vd9iHQMN77LDfkKzDK
-qq8q/DMlHVhPv1U8+kDCT9r4nEOqb0tkvJEIns3wFlkw1Wp+VwnhAS5s3J1Xwetj
-MK6TFOtI1UOULXiYjSRs4Sy8nyxG5V6VVofAL+aQNOFqAzF45RE5R/6AjL5I8J9y
-yoyIzj1a/h8M/PJGzADgpxZAdE2cpZAlQAhZdQutst0GRma6i36HGzq4IUDwbCc=
-=puH/
------END PGP SIGNATURE-----
diff --git a/openssl-1.0.2k.tar.gz b/openssl-1.0.2k.tar.gz
new file mode 100644
index 0000000..ce3054a
--- /dev/null
+++ b/openssl-1.0.2k.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
+size 5309236
diff --git a/openssl-1.0.2k.tar.gz.asc b/openssl-1.0.2k.tar.gz.asc
new file mode 100644
index 0000000..5a03441
--- /dev/null
+++ b/openssl-1.0.2k.tar.gz.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABCAAGBQJYifggAAoJENnE0m0OYESRTAIH/RsiR+7jvmA8AZJppQZOpVgX
+8N5CZNBEaRTuKcRNmQX1oHk5Ms2g4MM4TmNDOFF7+ZtByoeyv2NWnLWJmBsSxuQU
+ZEbeXFIgkBnvD5qOBdi84udw0/HOP5P3GcxAOC8QE1Av7pTwAdKToheqixuE5D8+
+9zzw4VgXCa5L18JDf3XdkTDUUUQitz1o2ck8BVIGyhxgIUDJXEF8t29yTGYWF/YV
+b45G1igbJlZtoR4IA1pSR3hrDjJaNQtCpkxK+DKoLTm+Z9RMTe40Q8W7dBn1iwUm
+N/m9CUovBoqIv1nrSJeFNXuIuuHYt/1gflJBiem7QC9fNtdZuGlKXBq5bcL1qV8=
+=uQ9m
+-----END PGP SIGNATURE-----
diff --git a/openssl-fips-dont-fall-back-to-default-digest.patch b/openssl-fips-dont-fall-back-to-default-digest.patch
index fc76963..c530934 100644
--- a/openssl-fips-dont-fall-back-to-default-digest.patch
+++ b/openssl-fips-dont-fall-back-to-default-digest.patch
@@ -114,9 +114,9 @@ Index: openssl-1.0.2i/apps/enc.c
 +    if (non_fips_allow)
 +        FIPS_mode_set(0);
 +
- #ifndef OPENSSL_NO_ENGINE
-     setup_engine(bio_err, engine, 0);
- #endif
+     e = setup_engine(bio_err, engine, 0);
+ 
+     if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
 @@ -338,7 +342,7 @@ int MAIN(int argc, char **argv)
          goto end;
      }
diff --git a/openssl.changes b/openssl.changes
index 17b762d..b39f0ff 100644
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Jan 27 10:21:42 UTC 2017 - meissner@suse.com
+
+- Updated to openssl 1.0.2k
+  - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results
+  - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
+  - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read
+  - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64
+
 -------------------------------------------------------------------
 Fri Sep 30 10:53:56 UTC 2016 - vcizek@suse.com
 
diff --git a/openssl.spec b/openssl.spec
index 11f562f..cfff21d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package openssl
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.2j
+Version:        1.0.2k
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL