Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2017-11-10 14:37:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Fri Nov 10 14:37:02 2017 rev:10 rq:538749 version:1.0.2m Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2017-09-07 22:09:18.148054839 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1_0_0.changes 2017-11-10 14:37:22.183524971 +0100 @@ -1,0 +2,15 @@ +Thu Nov 2 16:46:53 UTC 2017 - [email protected] + +- Update to 1.0.2m + OpenSSL Security Advisory [02 Nov 2017] + * bn_sqrx8x_internal carry bug on x86_64 + (CVE-2017-3736) (bsc#1066242) + * Malformed X.509 IPAddressFamily could cause OOB read + (CVE-2017-3735) (bsc#1056058) +- refreshed openssl-1.0.2i-fips.patch +- revert upstream commit 0ab24083a16c8a4dd35833031bbeaeb0437a7219 + as we don't have the added function and FIPS is not interesting + for openSUSE anyway + * added 0001-Set-FIPS-thread-id-callback.patch + +------------------------------------------------------------------- Old: ---- openssl-1.0.2l.tar.gz openssl-1.0.2l.tar.gz.asc New: ---- 0001-Set-FIPS-thread-id-callback.patch openssl-1.0.2m.tar.gz openssl-1.0.2m.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.neWUdO/_old 2017-11-10 14:37:23.915462380 +0100 +++ /var/tmp/diff_new_pack.neWUdO/_new 2017-11-10 14:37:23.919462235 +0100 @@ -29,7 +29,7 @@ %define num_version 1.0.0 %define _rname openssl Name: openssl-1_0_0 -Version: 1.0.2l +Version: 1.0.2m Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -91,6 +91,7 @@ Patch75: openssl-fips_cavs_pad_with_zeroes.patch Patch76: openssl-fips_cavs_aes_keywrap.patch Patch77: openssl-fips-run_selftests_only_when_module_is_complete.patch +Patch78: 0001-Set-FIPS-thread-id-callback.patch # steam patches Patch100: openssl-fix-cpuid_setup.patch BuildRequires: bc @@ -224,6 +225,11 @@ %patch75 -p1 %patch76 -p1 %patch77 -p1 +# we don't have FIPS_crypto_threadid_set_callback +%patch78 -R -p1 + +# clean up patching leftovers +find . -name '*.orig' -delete cp -p %{SOURCE10} . cp -p %{SOURCE11} . ++++++ 0001-Set-FIPS-thread-id-callback.patch ++++++ >From 0ab24083a16c8a4dd35833031bbeaeb0437a7219 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" <[email protected]> Date: Fri, 18 Aug 2017 17:58:05 +0100 Subject: [PATCH] Set FIPS thread id callback. Fixes #4180 Reviewed-by: Rich Salz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/4192) --- crypto/cryptlib.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 1925428f5e..5fab45b2ec 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) } } +#ifdef OPENSSL_FIPS +extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *)); +#endif + int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) { if (threadid_callback) return 0; threadid_callback = func; +#ifdef OPENSSL_FIPS + FIPS_crypto_threadid_set_callback(func); +#endif return 1; } -- 2.13.6 ++++++ openssl-1.0.2i-fips.patch ++++++ ++++ 1518 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1.0.2i-fips.patch ++++ and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1.0.2i-fips.patch ++++++ openssl-fips-run_selftests_only_when_module_is_complete.patch ++++++ --- /var/tmp/diff_new_pack.neWUdO/_old 2017-11-10 14:37:24.107455442 +0100 +++ /var/tmp/diff_new_pack.neWUdO/_new 2017-11-10 14:37:24.111455296 +0100 @@ -1,7 +1,7 @@ -Index: openssl-1.0.2j/crypto/fips/fips.c +Index: openssl-1.0.2l/crypto/fips/fips.c =================================================================== ---- openssl-1.0.2j.orig/crypto/fips/fips.c 2017-05-12 15:51:59.258797863 +0200 -+++ openssl-1.0.2j/crypto/fips/fips.c 2017-06-20 19:57:12.649510712 +0200 +--- openssl-1.0.2l.orig/crypto/fips/fips.c 2017-09-06 17:26:55.058055575 +0200 ++++ openssl-1.0.2l/crypto/fips/fips.c 2017-09-06 17:26:55.138056721 +0200 @@ -421,15 +421,15 @@ int FIPS_module_mode_set(int onoff, cons } # endif
