Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2015-12-14 10:14:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2015-11-12 19:41:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2015-12-14 10:15:25.000000000 +0100 @@ -1,0 +2,6 @@ +Fri Dec 11 18:21:25 UTC 2015 - [email protected] + +- Add 0001-Fix-for-OpenSSL-CVE-2015-3194.patch, + 0001-Fix-for-OpenSSL-CVE-2015-3195.patch [boo#958768] + +------------------------------------------------------------------- New: ---- 0001-Fix-for-OpenSSL-CVE-2015-3194.patch 0001-Fix-for-OpenSSL-CVE-2015-3195.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.hBeE8e/_old 2015-12-14 10:15:26.000000000 +0100 +++ /var/tmp/diff_new_pack.hBeE8e/_new 2015-12-14 10:15:26.000000000 +0100 @@ -25,11 +25,14 @@ Url: http://libressl.org/ #Git-Clone: git://github.com/libressl-portable/portable +#See-Also: git://github.com/libressl-portable/openbsd #DL-URL: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ Source: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar.gz Source2: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar.gz.asc Source3: %name.keyring Source4: baselibs.conf +Patch1: 0001-Fix-for-OpenSSL-CVE-2015-3194.patch +Patch2: 0001-Fix-for-OpenSSL-CVE-2015-3195.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: fdupes BuildRequires: pkg-config @@ -106,6 +109,7 @@ %prep %setup -q +%patch -P 1 -P 2 -p5 %build %configure --disable-static --enable-libtls ++++++ 0001-Fix-for-OpenSSL-CVE-2015-3194.patch ++++++ >From 70e905b0d750d02740f6bd15d1616a819a51af92 Mon Sep 17 00:00:00 2001 From: beck <> Date: Thu, 3 Dec 2015 23:03:10 +0000 Subject: [PATCH] Fix for OpenSSL CVE-2015-3194 ok krw@ --- src/lib/libssl/src/crypto/rsa/rsa_ameth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c index db4f623..ebf0b0f 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_ameth.c,v 1.13 2015/02/11 03:55:42 beck Exp $ */ +/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */ /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL * project 2006. */ @@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) if (pss->maskGenAlgorithm) { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && - param->type == V_ASN1_SEQUENCE) { + param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length; *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); -- 2.4.3 ++++++ 0001-Fix-for-OpenSSL-CVE-2015-3195.patch ++++++ >From 9900c16beb14eb3bfc8f4d8c6191e6e1a271c861 Mon Sep 17 00:00:00 2001 From: beck <> Date: Fri, 4 Dec 2015 04:19:25 +0000 Subject: [PATCH] Fix for OpenSSL CVE-2015-3195 ok djm@ jsing@ --- src/lib/libssl/src/crypto/asn1/tasn_dec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index e50ec0a..0a6eaf2 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */ /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL * project 2000. */ @@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr; + int combine; + + combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; @@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, it->sname); @@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); -- 2.4.3
