Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2015-12-13 09:36:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2015-07-12 22:51:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2015-12-13 09:36:20.000000000 +0100 @@ -1,0 +2,20 @@ +Fri Dec 4 23:06:18 UTC 2015 - vcizek@suse.com + +- update to 1.0.2e + * fixes five security vulnerabilities + * Anon DH ServerKeyExchange with 0 p parameter + (CVE-2015-1794) (bsc#957984) + * BN_mod_exp may produce incorrect results on x86_64 + (CVE-2015-3193) (bsc#957814) + * Certificate verify crash with missing PSS parameter + (CVE-2015-3194) (bsc#957815) + * X509_ATTRIBUTE memory leak + (CVE-2015-3195) (bsc#957812) + * Race condition handling PSK identify hint + (CVE-2015-3196) (bsc#957813) +- pulled a refreshed fips patch from Fedora + * openssl-1.0.2a-fips.patch was replaced by + openssl-1.0.2e-fips.patch +- refresh openssl-ocloexec.patch + +------------------------------------------------------------------- Old: ---- openssl-1.0.2a-fips.patch openssl-1.0.2d.tar.gz openssl-1.0.2d.tar.gz.asc New: ---- openssl-1.0.2e-fips.patch openssl-1.0.2e.tar.gz openssl-1.0.2e.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.sHSPAw/_old 2015-12-13 09:36:22.000000000 +0100 +++ /var/tmp/diff_new_pack.sHSPAw/_new 2015-12-13 09:36:22.000000000 +0100 @@ -29,7 +29,7 @@ %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2d +Version: 1.0.2e Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -62,7 +62,7 @@ Patch13: openssl-1.0.2a-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch # FIPS patches: -Patch15: openssl-1.0.2a-fips.patch +Patch15: openssl-1.0.2e-fips.patch Patch16: openssl-1.0.2a-fips-ec.patch Patch17: openssl-1.0.2a-fips-ctor.patch Patch18: openssl-1.0.2a-new-fips-reqs.patch ++++++ openssl-1.0.2e-fips.patch ++++++ ++++ 13704 lines (skipped) ++++++ openssl-1.0.2d.tar.gz -> openssl-1.0.2e.tar.gz ++++++ ++++ 13069 lines of diff (skipped) ++++++ openssl-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.sHSPAw/_old 2015-12-13 09:36:25.000000000 +0100 +++ /var/tmp/diff_new_pack.sHSPAw/_new 2015-12-13 09:36:25.000000000 +0100 @@ -1,7 +1,7 @@ Index: crypto/bio/b_sock.c =================================================================== ---- crypto/bio/b_sock.c.orig 2015-05-29 11:54:57.219659682 +0200 -+++ crypto/bio/b_sock.c 2015-05-29 11:56:47.059884761 +0200 +--- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100 ++++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100 @@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in } @@ -31,8 +31,8 @@ sa.len.i = (int)sa.len.s; Index: crypto/bio/bss_conn.c =================================================================== ---- crypto/bio/bss_conn.c.orig 2015-05-29 11:54:57.219659682 +0200 -+++ crypto/bio/bss_conn.c 2015-05-29 11:57:45.668538446 +0200 +--- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100 ++++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100 @@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC c->them.sin_addr.s_addr = htonl(l); c->state = BIO_CONN_S_CREATE_SOCKET; @@ -44,9 +44,9 @@ ERR_add_error_data(4, "host=", c->param_hostname, Index: crypto/bio/bss_dgram.c =================================================================== ---- crypto/bio/bss_dgram.c.orig 2015-05-29 11:54:57.221659705 +0200 -+++ crypto/bio/bss_dgram.c 2015-05-29 13:29:42.463696425 +0200 -@@ -1176,7 +1176,7 @@ static int dgram_sctp_read(BIO *b, char +--- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100 ++++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100 +@@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char msg.msg_control = cmsgbuf; msg.msg_controllen = 512; msg.msg_flags = 0; @@ -55,7 +55,7 @@ if (n <= 0) { if (n < 0) -@@ -1801,7 +1801,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -64,7 +64,7 @@ if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1823,7 +1823,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -73,7 +73,7 @@ if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1888,7 +1888,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) fcntl(b->num, F_SETFL, O_NONBLOCK); } @@ -82,7 +82,7 @@ if (is_dry) { fcntl(b->num, F_SETFL, sockflags); -@@ -1930,7 +1930,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) sockflags = fcntl(b->num, F_GETFL, 0); fcntl(b->num, F_SETFL, O_NONBLOCK); @@ -91,7 +91,7 @@ fcntl(b->num, F_SETFL, sockflags); /* if notification, process and try again */ -@@ -1950,7 +1950,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_flags = 0; @@ -102,11 +102,11 @@ data->handle_notifications(b, data->notification_context, Index: crypto/bio/bss_file.c =================================================================== ---- crypto/bio/bss_file.c.orig 2015-05-29 11:54:57.221659705 +0200 -+++ crypto/bio/bss_file.c 2015-05-29 13:33:08.553070567 +0200 -@@ -119,6 +119,10 @@ BIO *BIO_new_file(const char *filename, +--- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100 ++++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100 +@@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = { + static FILE *file_fopen(const char *filename, const char *mode) { - BIO *ret; FILE *file = NULL; + size_t modelen = strlen (mode); + char newmode[modelen + 2]; @@ -115,16 +115,16 @@ # if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename) + 1; -@@ -162,7 +166,7 @@ BIO *BIO_new_file(const char *filename, +@@ -161,7 +165,7 @@ static FILE *file_fopen(const char *file file = fopen(filename, mode); } # else - file = fopen(filename, mode); + file = fopen(filename, newmode); # endif - if (file == NULL) { - SYSerr(SYS_F_FOPEN, get_last_sys_error()); -@@ -275,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b + return (file); + } +@@ -282,7 +286,7 @@ static long MS_CALLBACK file_ctrl(BIO *b long ret = 1; FILE *fp = (FILE *)b->ptr; FILE **fpp; @@ -133,18 +133,18 @@ switch (cmd) { case BIO_C_FILE_SEEK: -@@ -386,6 +390,7 @@ static long MS_CALLBACK file_ctrl(BIO *b +@@ -393,6 +397,7 @@ static long MS_CALLBACK file_ctrl(BIO *b else strcat(p, "t"); # endif + strcat(p, "e"); - fp = fopen(ptr, p); + fp = file_fopen(ptr, p); if (fp == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); Index: crypto/rand/rand_unix.c =================================================================== ---- crypto/rand/rand_unix.c.orig 2015-05-29 11:54:57.222659716 +0200 -+++ crypto/rand/rand_unix.c 2015-05-29 13:36:11.270174218 +0200 +--- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100 ++++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100 @@ -269,7 +269,7 @@ int RAND_poll(void) for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && @@ -156,8 +156,8 @@ # endif Index: crypto/rand/randfile.c =================================================================== ---- crypto/rand/randfile.c.orig 2015-05-29 11:54:57.222659716 +0200 -+++ crypto/rand/randfile.c 2015-05-29 13:37:38.156170674 +0200 +--- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100 ++++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100 @@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon #ifdef OPENSSL_SYS_VMS in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);