Hello community, here is the log from the commit of package openssl-1_1 for openSUSE:Factory checked in at 2019-12-23 22:36:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1" Mon Dec 23 22:36:03 2019 rev:10 rq:755725 version:1.1.1d Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1_1.changes 2019-11-20 13:42:39.644285832 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-1_1.new.6675/openssl-1_1.changes 2019-12-23 22:38:14.457841059 +0100 @@ -1,0 +2,8 @@ +Tue Dec 10 16:04:06 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonza...@suse.com> + +- Security fix: [bsc#1158809, CVE-2019-1551] + * Overflow bug in the x64_64 Montgomery squaring procedure used + in exponentiation with 512-bit moduli +- Add openssl-1_1-CVE-2019-1551.patch + +------------------------------------------------------------------- New: ---- openssl-1_1-CVE-2019-1551.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_1.spec ++++++ --- /var/tmp/diff_new_pack.1ko1MA/_old 2019-12-23 22:38:15.225841392 +0100 +++ /var/tmp/diff_new_pack.1ko1MA/_new 2019-12-23 22:38:15.233841395 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl-1_1 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,9 @@ Patch12: 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch Patch13: 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch Patch14: openssl-jsc-SLE-8789-backport_KDF.patch +# OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551 +# PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64 +Patch15: openssl-1_1-CVE-2019-1551.patch BuildRequires: pkgconfig Conflicts: ssl Provides: ssl @@ -201,7 +204,7 @@ # Do not install demo scripts executable under /usr/share/doc find demos -type f -perm /111 -exec chmod 644 {} \; -# Place showciphers.c for %doc macro +# Place showciphers.c for %%doc macro cp %{SOURCE5} . %post -n libopenssl1_1 -p /sbin/ldconfig ++++++ openssl-1_1-CVE-2019-1551.patch ++++++ ++++ 1058 lines (skipped)