Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2018-02-12 10:09:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Mon Feb 12 10:09:02 2018 rev:106 rq:574115 version:3.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2017-11-10 14:41:39.418227697 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2018-02-12 10:09:05.390749385 +0100 @@ -1,0 +2,6 @@ +Wed Feb 7 11:08:54 UTC 2018 - [email protected] + +- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303) + * add gnutls-check_aes_keysize.patch + +------------------------------------------------------------------- New: ---- gnutls-check_aes_keysize.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.Ey1luS/_old 2018-02-12 10:09:06.598705851 +0100 +++ /var/tmp/diff_new_pack.Ey1luS/_new 2018-02-12 10:09:06.598705851 +0100 @@ -1,7 +1,7 @@ # # spec file for package gnutls # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,6 +35,8 @@ Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch +# PATCH-FIX-UPSTREAM https://gitlab.com/gnutls/gnutls/merge_requests/592 +Patch3: gnutls-check_aes_keysize.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -158,6 +160,7 @@ %prep %setup -q %patch1 -p1 +%patch3 -p1 # dtls-resume test fails on PPC %ifarch ppc64 ppc64le ppc %patch2 -p1 @@ -229,7 +232,6 @@ %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig - %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz ++++++ gnutls-check_aes_keysize.patch ++++++ Index: gnutls-3.6.1/lib/accelerated/x86/aes-cbc-x86-ssse3.c =================================================================== --- gnutls-3.6.1.orig/lib/accelerated/x86/aes-cbc-x86-ssse3.c 2018-02-06 14:03:54.986532959 +0100 +++ gnutls-3.6.1/lib/accelerated/x86/aes-cbc-x86-ssse3.c 2018-02-06 14:04:06.022686653 +0100 @@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, cons struct aes_ctx *ctx = _ctx; int ret; + if (keysize != 16 && keysize != 24 && keysize != 32) + return GNUTLS_E_INVALID_REQUEST; + if (ctx->enc) ret = vpaes_set_encrypt_key(userkey, keysize * 8,
