Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2017-01-24 10:40:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2016-09-30 15:35:24.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2017-01-24 10:40:57.657997777 +0100 @@ -1,0 +2,5 @@ +Mon Jan 23 10:19:11 UTC 2017 - [email protected] + +- Add ecs.diff [bnc#1019334] + +------------------------------------------------------------------- New: ---- ecs.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.rwO6bF/_old 2017-01-24 10:40:58.389893843 +0100 +++ /var/tmp/diff_new_pack.rwO6bF/_new 2017-01-24 10:40:58.393893275 +0100 @@ -1,7 +1,7 @@ # # spec file for package libressl # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Source2: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar.gz.asc Source3: %name.keyring Source4: baselibs.conf +Patch1: ecs.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: fdupes BuildRequires: pkg-config @@ -107,6 +108,7 @@ %prep %setup -q +%patch -P 1 -p1 %build %configure --disable-static --enable-libtls ++++++ ecs.diff ++++++ Avoid possible side-channel leak of ECDSA private keys when signing. References: https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig References: http://bugzilla.novell.com/show_bug.cgi?id=1019334 --- crypto/ecdsa/ecs_ossl.c | 2 ++ 1 file changed, 2 insertions(+) Index: libressl-2.5.0/crypto/ecdsa/ecs_ossl.c =================================================================== --- libressl-2.5.0.orig/crypto/ecdsa/ecs_ossl.c +++ libressl-2.5.0/crypto/ecdsa/ecs_ossl.c @@ -142,6 +142,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX * if (!BN_add(k, k, order)) goto err; + BN_set_flags(k, BN_FLG_CONSTTIME); + /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
