Hello community, here is the log from the commit of package openssl-1_1 for openSUSE:Factory checked in at 2020-04-27 23:27:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1" Mon Apr 27 23:27:46 2020 rev:17 rq:796090 version:1.1.1g Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1_1.changes 2020-04-02 17:42:27.029353981 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_1.new.2738/openssl-1_1.changes 2020-04-27 23:27:58.158304185 +0200 @@ -1,0 +2,18 @@ +Tue Apr 21 13:47:04 UTC 2020 - Vítězslav Čížek <[email protected]> + +- Update to 1.1.1g + * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) + Server or client applications that call the SSL_check_chain() function + during or after a TLS 1.3 handshake may crash due to a NULL pointer + dereference as a result of incorrect handling of the + "signature_algorithms_cert" TLS extension. The crash occurs if an invalid + or unrecognised signature algorithm is received from the peer. This could + be exploited by a malicious peer in a Denial of Service attack. + * Added AES consttime code for no-asm configurations + an optional constant time support for AES was added + when building openssl for no-asm. +- refresh patches: + * openssl-1.1.1-fips.patch + * openssl-1.1.1-fips-crng-test.patch + +------------------------------------------------------------------- Old: ---- openssl-1.1.1f.tar.gz openssl-1.1.1f.tar.gz.asc New: ---- openssl-1.1.1g.tar.gz openssl-1.1.1g.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_1.spec ++++++ --- /var/tmp/diff_new_pack.t8Gg9c/_old 2020-04-27 23:28:01.170310064 +0200 +++ /var/tmp/diff_new_pack.t8Gg9c/_new 2020-04-27 23:28:01.170310064 +0200 @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1f +Version: 1.1.1g Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL ++++++ openssl-1.1.1-fips-crng-test.patch ++++++ --- /var/tmp/diff_new_pack.t8Gg9c/_old 2020-04-27 23:28:01.254310228 +0200 +++ /var/tmp/diff_new_pack.t8Gg9c/_new 2020-04-27 23:28:01.258310236 +0200 @@ -1,7 +1,7 @@ -Index: openssl-1.1.1d/include/crypto/rand.h +Index: openssl-1.1.1g/include/crypto/rand.h =================================================================== ---- openssl-1.1.1d.orig/include/crypto/rand.h 2020-01-23 13:45:11.368633835 +0100 -+++ openssl-1.1.1d/include/crypto/rand.h 2020-01-23 13:45:11.384633930 +0100 +--- openssl-1.1.1g.orig/include/crypto/rand.h 2020-04-21 15:59:25.552654754 +0200 ++++ openssl-1.1.1g/include/crypto/rand.h 2020-04-21 15:59:27.208663772 +0200 @@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); @@ -17,20 +17,22 @@ /* * RAND_POOL functions */ -Index: openssl-1.1.1d/crypto/rand/build.info +Index: openssl-1.1.1g/crypto/rand/build.info =================================================================== ---- openssl-1.1.1d.orig/crypto/rand/build.info 2019-09-10 15:13:07.000000000 +0200 -+++ openssl-1.1.1d/crypto/rand/build.info 2020-01-23 13:45:11.384633930 +0100 -@@ -1,4 +1,4 @@ +--- openssl-1.1.1g.orig/crypto/rand/build.info 2020-04-21 15:59:27.208663772 +0200 ++++ openssl-1.1.1g/crypto/rand/build.info 2020-04-21 16:00:32.869021309 +0200 +@@ -1,6 +1,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - randfile.c rand_lib.c rand_err.c rand_egd.c \ + randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c -Index: openssl-1.1.1d/crypto/rand/drbg_lib.c + + INCLUDE[drbg_ctr.o]=../modes +Index: openssl-1.1.1g/crypto/rand/drbg_lib.c =================================================================== ---- openssl-1.1.1d.orig/crypto/rand/drbg_lib.c 2020-01-23 13:45:11.368633835 +0100 -+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2020-01-23 13:45:11.384633930 +0100 +--- openssl-1.1.1g.orig/crypto/rand/drbg_lib.c 2020-04-21 15:59:25.552654754 +0200 ++++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-21 15:59:27.208663772 +0200 @@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg; @@ -54,10 +56,10 @@ #ifndef RAND_DRBG_GET_RANDOM_NONCE drbg->get_nonce = rand_drbg_get_nonce; drbg->cleanup_nonce = rand_drbg_cleanup_nonce; -Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c +Index: openssl-1.1.1g/crypto/rand/rand_crng_test.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1d/crypto/rand/rand_crng_test.c 2020-01-23 13:45:11.384633930 +0100 ++++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-21 15:59:27.208663772 +0200 @@ -0,0 +1,118 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. @@ -177,10 +179,10 @@ +{ + OPENSSL_secure_clear_free(out, outlen); +} -Index: openssl-1.1.1d/crypto/rand/rand_local.h +Index: openssl-1.1.1g/crypto/rand/rand_local.h =================================================================== ---- openssl-1.1.1d.orig/crypto/rand/rand_local.h 2019-09-10 15:13:07.000000000 +0200 -+++ openssl-1.1.1d/crypto/rand/rand_local.h 2020-01-23 13:45:11.384633930 +0100 +--- openssl-1.1.1g.orig/crypto/rand/rand_local.h 2020-04-21 15:59:25.552654754 +0200 ++++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-21 15:59:27.208663772 +0200 @@ -33,7 +33,15 @@ # define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ # define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ @@ -230,10 +232,10 @@ +int rand_crngt_single_init(void); + #endif -Index: openssl-1.1.1d/test/drbgtest.c +Index: openssl-1.1.1g/test/drbgtest.c =================================================================== ---- openssl-1.1.1d.orig/test/drbgtest.c 2019-09-10 15:13:07.000000000 +0200 -+++ openssl-1.1.1d/test/drbgtest.c 2020-01-23 13:45:11.384633930 +0100 +--- openssl-1.1.1g.orig/test/drbgtest.c 2020-04-21 15:59:25.552654754 +0200 ++++ openssl-1.1.1g/test/drbgtest.c 2020-04-21 15:59:27.208663772 +0200 @@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg, return t->noncelen; } ++++++ openssl-1.1.1-fips.patch ++++++ ++++ 1375 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1.1.1-fips.patch ++++ and /work/SRC/openSUSE:Factory/.openssl-1_1.new.2738/openssl-1.1.1-fips.patch
