Hello community, here is the log from the commit of package libcryptopp for openSUSE:Factory checked in at 2019-08-13 13:13:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libcryptopp (Old) and /work/SRC/openSUSE:Factory/.libcryptopp.new.9556 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcryptopp" Tue Aug 13 13:13:54 2019 rev:32 rq:722323 version:8.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libcryptopp/libcryptopp.changes 2019-07-31 14:15:41.446752510 +0200 +++ /work/SRC/openSUSE:Factory/.libcryptopp.new.9556/libcryptopp.changes 2019-08-13 13:13:58.005523710 +0200 @@ -1,0 +2,8 @@ +Sun Aug 11 12:48:14 UTC 2019 - Dave Plater <davejpla...@gmail.com> + +- Added cve-2019-14318.patch which fixes (1)leak in ECDSA nonce + length; and (2) leak in prime fields (ECP class). +- See boo#1145187 +- Disabled LTO for i586 to fix build failure. + +------------------------------------------------------------------- New: ---- cve-2019-14318.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcryptopp.spec ++++++ --- /var/tmp/diff_new_pack.f1IGI4/_old 2019-08-13 13:13:58.737523541 +0200 +++ /var/tmp/diff_new_pack.f1IGI4/_new 2019-08-13 13:13:58.737523541 +0200 @@ -41,6 +41,7 @@ # PATCH-UPSTREAM from git see https://github.com/weidai11/cryptopp/issues/865 Patch4: 0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch Patch5: 0001-Fix-missing-if-statement.patch +Patch6: cve-2019-14318.patch BuildRequires: gcc-c++ BuildRequires: pkg-config BuildRequires: unzip @@ -81,12 +82,13 @@ %patch1 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p0 echo %{major}.%{minor}.%{patch} echo %{pkg_version} #mv config.recommend config.h %build -%ifarch %{arm} +%ifarch %{arm} i586 %define _lto_cflags %{nil} %endif CXXFLAGS="-DNDEBUG %{optflags} -fpic -fPIC -pthread -fopenmp" ++++++ cve-2019-14318.patch ++++++ ++++ 640 lines (skipped)
