Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2015-12-13 09:36:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2015-07-12
22:51:56.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2015-12-13
09:36:20.000000000 +0100
@@ -1,0 +2,20 @@
+Fri Dec 4 23:06:18 UTC 2015 - vci...@suse.com
+
+- update to 1.0.2e
+ * fixes five security vulnerabilities
+ * Anon DH ServerKeyExchange with 0 p parameter
+ (CVE-2015-1794) (bsc#957984)
+ * BN_mod_exp may produce incorrect results on x86_64
+ (CVE-2015-3193) (bsc#957814)
+ * Certificate verify crash with missing PSS parameter
+ (CVE-2015-3194) (bsc#957815)
+ * X509_ATTRIBUTE memory leak
+ (CVE-2015-3195) (bsc#957812)
+ * Race condition handling PSK identify hint
+ (CVE-2015-3196) (bsc#957813)
+- pulled a refreshed fips patch from Fedora
+ * openssl-1.0.2a-fips.patch was replaced by
+ openssl-1.0.2e-fips.patch
+- refresh openssl-ocloexec.patch
+
+-------------------------------------------------------------------
Old:
----
openssl-1.0.2a-fips.patch
openssl-1.0.2d.tar.gz
openssl-1.0.2d.tar.gz.asc
New:
----
openssl-1.0.2e-fips.patch
openssl-1.0.2e.tar.gz
openssl-1.0.2e.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl.spec ++++++
--- /var/tmp/diff_new_pack.sHSPAw/_old 2015-12-13 09:36:22.000000000 +0100
+++ /var/tmp/diff_new_pack.sHSPAw/_new 2015-12-13 09:36:22.000000000 +0100
@@ -29,7 +29,7 @@
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
-Version: 1.0.2d
+Version: 1.0.2e
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@@ -62,7 +62,7 @@
Patch13: openssl-1.0.2a-ipv6-apps.patch
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
# FIPS patches:
-Patch15: openssl-1.0.2a-fips.patch
+Patch15: openssl-1.0.2e-fips.patch
Patch16: openssl-1.0.2a-fips-ec.patch
Patch17: openssl-1.0.2a-fips-ctor.patch
Patch18: openssl-1.0.2a-new-fips-reqs.patch
++++++ openssl-1.0.2e-fips.patch ++++++
++++ 13704 lines (skipped)
++++++ openssl-1.0.2d.tar.gz -> openssl-1.0.2e.tar.gz ++++++
++++ 13069 lines of diff (skipped)
++++++ openssl-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.sHSPAw/_old 2015-12-13 09:36:25.000000000 +0100
+++ /var/tmp/diff_new_pack.sHSPAw/_new 2015-12-13 09:36:25.000000000 +0100
@@ -1,7 +1,7 @@
Index: crypto/bio/b_sock.c
===================================================================
---- crypto/bio/b_sock.c.orig 2015-05-29 11:54:57.219659682 +0200
-+++ crypto/bio/b_sock.c 2015-05-29 11:56:47.059884761 +0200
+--- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100
++++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100
@@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in
}
@@ -31,8 +31,8 @@
sa.len.i = (int)sa.len.s;
Index: crypto/bio/bss_conn.c
===================================================================
---- crypto/bio/bss_conn.c.orig 2015-05-29 11:54:57.219659682 +0200
-+++ crypto/bio/bss_conn.c 2015-05-29 11:57:45.668538446 +0200
+--- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100
++++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100
@@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC
c->them.sin_addr.s_addr = htonl(l);
c->state = BIO_CONN_S_CREATE_SOCKET;
@@ -44,9 +44,9 @@
ERR_add_error_data(4, "host=", c->param_hostname,
Index: crypto/bio/bss_dgram.c
===================================================================
---- crypto/bio/bss_dgram.c.orig 2015-05-29 11:54:57.221659705 +0200
-+++ crypto/bio/bss_dgram.c 2015-05-29 13:29:42.463696425 +0200
-@@ -1176,7 +1176,7 @@ static int dgram_sctp_read(BIO *b, char
+--- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100
++++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100
+@@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char
msg.msg_control = cmsgbuf;
msg.msg_controllen = 512;
msg.msg_flags = 0;
@@ -55,7 +55,7 @@
if (n <= 0) {
if (n < 0)
-@@ -1801,7 +1801,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+@@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@@ -64,7 +64,7 @@
if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK))
-@@ -1823,7 +1823,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+@@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@@ -73,7 +73,7 @@
if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK))
-@@ -1888,7 +1888,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+@@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
fcntl(b->num, F_SETFL, O_NONBLOCK);
}
@@ -82,7 +82,7 @@
if (is_dry) {
fcntl(b->num, F_SETFL, sockflags);
-@@ -1930,7 +1930,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
+@@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
sockflags = fcntl(b->num, F_GETFL, 0);
fcntl(b->num, F_SETFL, O_NONBLOCK);
@@ -91,7 +91,7 @@
fcntl(b->num, F_SETFL, sockflags);
/* if notification, process and try again */
-@@ -1950,7 +1950,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
+@@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
@@ -102,11 +102,11 @@
data->handle_notifications(b, data->notification_context,
Index: crypto/bio/bss_file.c
===================================================================
---- crypto/bio/bss_file.c.orig 2015-05-29 11:54:57.221659705 +0200
-+++ crypto/bio/bss_file.c 2015-05-29 13:33:08.553070567 +0200
-@@ -119,6 +119,10 @@ BIO *BIO_new_file(const char *filename,
+--- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100
++++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100
+@@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = {
+ static FILE *file_fopen(const char *filename, const char *mode)
{
- BIO *ret;
FILE *file = NULL;
+ size_t modelen = strlen (mode);
+ char newmode[modelen + 2];
@@ -115,16 +115,16 @@
# if defined(_WIN32) && defined(CP_UTF8)
int sz, len_0 = (int)strlen(filename) + 1;
-@@ -162,7 +166,7 @@ BIO *BIO_new_file(const char *filename,
+@@ -161,7 +165,7 @@ static FILE *file_fopen(const char *file
file = fopen(filename, mode);
}
# else
- file = fopen(filename, mode);
+ file = fopen(filename, newmode);
# endif
- if (file == NULL) {
- SYSerr(SYS_F_FOPEN, get_last_sys_error());
-@@ -275,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
+ return (file);
+ }
+@@ -282,7 +286,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
long ret = 1;
FILE *fp = (FILE *)b->ptr;
FILE **fpp;
@@ -133,18 +133,18 @@
switch (cmd) {
case BIO_C_FILE_SEEK:
-@@ -386,6 +390,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
+@@ -393,6 +397,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
else
strcat(p, "t");
# endif
+ strcat(p, "e");
- fp = fopen(ptr, p);
+ fp = file_fopen(ptr, p);
if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
Index: crypto/rand/rand_unix.c
===================================================================
---- crypto/rand/rand_unix.c.orig 2015-05-29 11:54:57.222659716 +0200
-+++ crypto/rand/rand_unix.c 2015-05-29 13:36:11.270174218 +0200
+--- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100
++++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100
@@ -269,7 +269,7 @@ int RAND_poll(void)
for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
@@ -156,8 +156,8 @@
# endif
Index: crypto/rand/randfile.c
===================================================================
---- crypto/rand/randfile.c.orig 2015-05-29 11:54:57.222659716 +0200
-+++ crypto/rand/randfile.c 2015-05-29 13:37:38.156170674 +0200
+--- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100
++++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100
@@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon
#ifdef OPENSSL_SYS_VMS
in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
