Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2019-12-24 14:29:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Tue Dec 24 14:29:38 2019 rev:19 rq:758656 version:1.0.2u Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2019-10-05 16:16:12.474077380 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.6675/openssl-1_0_0.changes 2019-12-24 14:29:42.850568518 +0100 @@ -1,0 +2,23 @@ +Fri Dec 20 21:39:42 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Update to 1.0.2u [bsc#1158809, CVE-2019-1551] + * Fixed an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli. No EC algorithms are + affected. Analysis suggests that attacks against 2-prime RSA1024, + 3-prime RSA1536, and DSA1024 as a result of this defect would be very + difficult to perform and are not believed likely. Attacks against DH512 + are considered just feasible. However, for an attack the target would + have to re-use the DH512 private key, which is not recommended anyway. + Also applications directly using the low level API BN_mod_exp may be + affected if they use BN_FLG_CONSTTIME. +- Drop patch openssl-1_1-CVE-2019-1551.patch + +------------------------------------------------------------------- +Tue Dec 10 16:04:06 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1158809, CVE-2019-1551] + * Overflow bug in the x64_64 Montgomery squaring procedure used + in exponentiation with 512-bit moduli +- Add openssl-1_1-CVE-2019-1551.patch + +------------------------------------------------------------------- Old: ---- openssl-1.0.2t.tar.gz openssl-1.0.2t.tar.gz.asc New: ---- openssl-1.0.2u.tar.gz openssl-1.0.2u.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.4dFaUc/_old 2019-12-24 14:29:44.946569533 +0100 +++ /var/tmp/diff_new_pack.4dFaUc/_new 2019-12-24 14:29:44.946569533 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl-1_0_0 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,12 +26,12 @@ %define num_version 1.0.0 %define _rname openssl Name: openssl-1_0_0 -Version: 1.0.2t +Version: 1.0.2u Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security -Url: https://www.openssl.org/ +URL: https://www.openssl.org/ Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz # to get mtime of file: Source1: %{name}.changes
