commit libressl for openSUSE:Factory

Source-Sync Mon, 29 Mar 2021 09:22:27 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libressl for openSUSE:Factory 
checked in at 2021-03-29 18:22:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libressl (Old)
 and      /work/SRC/openSUSE:Factory/.libressl.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libressl"

Mon Mar 29 18:22:11 2021 rev:56 rq:881739 version:3.2.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/libressl/libressl.changes        2021-02-15 
23:20:51.835804773 +0100
+++ /work/SRC/openSUSE:Factory/.libressl.new.2401/libressl.changes      
2021-03-29 18:22:12.954289167 +0200
@@ -1,0 +2,7 @@
+Sun Mar 21 12:59:31 UTC 2021 - Jan Engelhardt <[email protected]>
+
+- Update to release 3.2.5
+  * A TLS client using session resumption may have caused a
+    use-after-free.
+
+-------------------------------------------------------------------

Old:
----
  libressl-3.2.4.tar.gz
  libressl-3.2.4.tar.gz.asc

New:
----
  libressl-3.2.5.tar.gz
  libressl-3.2.5.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libressl.spec ++++++
--- /var/tmp/diff_new_pack.NFHm7G/_old  2021-03-29 18:22:13.574289802 +0200
+++ /var/tmp/diff_new_pack.NFHm7G/_new  2021-03-29 18:22:13.578289806 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           libressl
-Version:        3.2.4
+Version:        3.2.5
 Release:        0
 Summary:        An SSL/TLS protocol implementation
 License:        OpenSSL

++++++ libressl-3.2.4.tar.gz -> libressl-3.2.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/ChangeLog new/libressl-3.2.5/ChangeLog
--- old/libressl-3.2.4/ChangeLog        2021-02-07 17:24:19.000000000 +0100
+++ new/libressl-3.2.5/ChangeLog        2021-03-17 07:47:59.000000000 +0100
@@ -28,6 +28,10 @@
 
 LibreSSL Portable Release Notes:
 
+3.2.5 - Bug fix
+
+       * A TLS client using session resumption may cause a use-after-free.
+
 3.2.4 - Bug and interoperability fixes
 
        * Switch back to certificate verification code from LibreSSL 3.1.x. The
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/VERSION new/libressl-3.2.5/VERSION
--- old/libressl-3.2.4/VERSION  2021-02-07 17:24:33.000000000 +0100
+++ new/libressl-3.2.5/VERSION  2021-03-15 21:37:25.000000000 +0100
@@ -1,2 +1,2 @@
-3.2.4
+3.2.5
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/configure new/libressl-3.2.5/configure
--- old/libressl-3.2.4/configure        2021-02-07 17:25:22.000000000 +0100
+++ new/libressl-3.2.5/configure        2021-03-15 21:38:12.000000000 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libressl 3.2.4.
+# Generated by GNU Autoconf 2.69 for libressl 3.2.5.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
 # Identity of this package.
 PACKAGE_NAME='libressl'
 PACKAGE_TARNAME='libressl'
-PACKAGE_VERSION='3.2.4'
-PACKAGE_STRING='libressl 3.2.4'
+PACKAGE_VERSION='3.2.5'
+PACKAGE_STRING='libressl 3.2.5'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1449,7 +1449,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libressl 3.2.4 to adapt to many kinds of systems.
+\`configure' configures libressl 3.2.5 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1520,7 +1520,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libressl 3.2.4:";;
+     short | recursive ) echo "Configuration of libressl 3.2.5:";;
    esac
   cat <<\_ACEOF
 
@@ -1637,7 +1637,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libressl configure 3.2.4
+libressl configure 3.2.5
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2185,7 +2185,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libressl $as_me 3.2.4, which was
+It was created by libressl $as_me 3.2.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3121,7 +3121,7 @@
 
 # Define the identity of the package.
  PACKAGE='libressl'
- VERSION='3.2.4'
+ VERSION='3.2.5'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -14924,7 +14924,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libressl $as_me 3.2.4, which was
+This file was extended by libressl $as_me 3.2.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -14981,7 +14981,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libressl config.status 3.2.4
+libressl config.status 3.2.5
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/include/openssl/opensslv.h 
new/libressl-3.2.5/include/openssl/opensslv.h
--- old/libressl-3.2.4/include/openssl/opensslv.h       2021-02-03 
13:22:46.000000000 +0100
+++ new/libressl-3.2.5/include/openssl/opensslv.h       2021-03-15 
21:32:37.000000000 +0100
@@ -3,9 +3,9 @@
 #define HEADER_OPENSSLV_H
 
 /* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x3020400fL
+#define LIBRESSL_VERSION_NUMBER 0x3020500fL
 /*                                    ^ Patch starts here   */
-#define LIBRESSL_VERSION_TEXT   "LibreSSL 3.2.4"
+#define LIBRESSL_VERSION_TEXT   "LibreSSL 3.2.5"
 
 /* These will never change */
 #define OPENSSL_VERSION_NUMBER 0x20000000L
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/ssl/s3_lib.c 
new/libressl-3.2.5/ssl/s3_lib.c
--- old/libressl-3.2.4/ssl/s3_lib.c     2021-02-03 13:15:36.000000000 +0100
+++ new/libressl-3.2.5/ssl/s3_lib.c     2021-03-15 21:32:49.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.198.4.1 2021/03/15 15:59:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young ([email protected])
  * All rights reserved.
  *
@@ -1577,6 +1577,10 @@
 
        free(S3I(s)->alpn_selected);
 
+       /* Clear reference to sequence numbers. */
+       tls12_record_layer_clear_read_state(s->internal->rl);
+       tls12_record_layer_clear_write_state(s->internal->rl);
+
        freezero(S3I(s), sizeof(*S3I(s)));
        freezero(s->s3, sizeof(*s->s3));
 
@@ -1649,6 +1653,11 @@
        s->internal->packet_length = 0;
        s->version = TLS1_VERSION;
 
+       tls12_record_layer_set_read_seq_num(s->internal->rl,
+           S3I(s)->read_sequence);
+       tls12_record_layer_set_write_seq_num(s->internal->rl,
+           S3I(s)->write_sequence);
+
        S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : 
SSL_ST_CONNECT);
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/ssl/ssl_lib.c 
new/libressl-3.2.5/ssl/ssl_lib.c
--- old/libressl-3.2.4/ssl/ssl_lib.c    2021-02-03 13:15:38.000000000 +0100
+++ new/libressl-3.2.5/ssl/ssl_lib.c    2021-03-15 21:32:49.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.234.4.1 2021/02/03 07:06:13 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.234.4.2 2021/03/15 15:59:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young ([email protected])
  * All rights reserved.
  *
@@ -253,6 +253,8 @@
                goto err;
        if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
                goto err;
+       if ((s->internal->rl = tls12_record_layer_new()) == NULL)
+               goto err;
 
        s->internal->min_version = ctx->internal->min_version;
        s->internal->max_version = ctx->internal->max_version;
@@ -341,9 +343,6 @@
        if (!s->method->internal->ssl_new(s))
                goto err;
 
-       if ((s->internal->rl = tls12_record_layer_new()) == NULL)
-               goto err;
-
        s->references = 1;
        s->server = (ctx->method->internal->ssl_accept == 
ssl_undefined_function) ? 0 : 1;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libressl-3.2.4/tap-driver.sh 
new/libressl-3.2.5/tap-driver.sh
--- old/libressl-3.2.4/tap-driver.sh    2021-02-07 17:25:23.000000000 +0100
+++ new/libressl-3.2.5/tap-driver.sh    2021-03-15 21:49:41.000000000 +0100
@@ -369,7 +369,7 @@
   sub("^(not )?ok[ \t]*", "", line)
 
   # If the result has an explicit number, get it and strip it; otherwise,
-  # automatically assign the next test number to it.
+  # automatically assing the next progresive number to it.
   if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
     {
       match(line, "^[0-9]+")

commit libressl for openSUSE:Factory

Reply via email to