[Pkg-openssl-changes] r920 - in openssl/branches: 1.1.0/debian 1.1.0/debian/patches jessie_backports/debian openssl1.0/debian stretch/debian stretch/debian/patches stretch1.0/debian stretch1.0/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Nov 2 15:38:32 UTC 2017
Author: kroeckx
Date: 2017-11-02 15:38:32 +0000 (Thu, 02 Nov 2017)
New Revision: 920
Added:
openssl/branches/1.1.0/debian/patches/testsuite_race.patch
openssl/branches/stretch/debian/patches/CVE-2017-3736.patch
openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch
Modified:
openssl/branches/1.1.0/debian/changelog
openssl/branches/1.1.0/debian/patches/series
openssl/branches/jessie_backports/debian/changelog
openssl/branches/openssl1.0/debian/changelog
openssl/branches/stretch/debian/changelog
openssl/branches/stretch/debian/patches/series
openssl/branches/stretch1.0/debian/changelog
openssl/branches/stretch1.0/debian/patches/series
Log:
Security fixes
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/1.1.0/debian/changelog 2017-11-02 15:38:32 UTC (rev 920)
@@ -1,3 +1,13 @@
+openssl (1.1.0g-1) unstable; urgency=medium
+
+ * New upstream version
+ - Fixes CVE-2017-3735
+ - Fixes CVE-2017-3736
+ * Temporary enable TLS 1.0 and 1.1 again (#875423)
+ * Attempt to fix testsuite race condition
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 15:22:48 +0100
+
openssl (1.1.0f-5) unstable; urgency=medium
* Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
Modified: openssl/branches/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/1.1.0/debian/patches/series 2017-11-02 15:38:32 UTC (rev 920)
@@ -4,6 +4,5 @@
pic.patch
c_rehash-compat.patch
#padlock_conf.patch
-0001-Only-release-thread-local-key-if-we-created-it.patch
-Fix-a-Proxy-race-condition.patch
-tls1_2_default.patch
+#tls1_2_default.patch
+testsuite_race.patch
Added: openssl/branches/1.1.0/debian/patches/testsuite_race.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/testsuite_race.patch (rev 0)
+++ openssl/branches/1.1.0/debian/patches/testsuite_race.patch 2017-11-02 15:38:32 UTC (rev 920)
@@ -0,0 +1,22 @@
+Index: openssl-1.1.0g/util/TLSProxy/Proxy.pm
+===================================================================
+--- openssl-1.1.0g.orig/util/TLSProxy/Proxy.pm
++++ openssl-1.1.0g/util/TLSProxy/Proxy.pm
+@@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
+ use TLSProxy::ServerHello;
+ use TLSProxy::ServerKeyExchange;
+ use TLSProxy::NewSessionTicket;
++use Time::HiRes qw/usleep/;
+
+ my $have_IPv6 = 0;
+ my $IP_factory;
+@@ -317,6 +318,9 @@ sub clientstart
+ .$self->serverpid."\n";
+ waitpid( $self->serverpid, 0);
+ die "exit code $? from server process\n" if $? != 0;
++ } else {
++ # Give s_server sufficient time to finish what it was doing
++ usleep(250000);
+ }
+ die "clientpid is zero\n" if $self->clientpid == 0;
+ print "Waiting for client process to close: ".$self->clientpid."\n";
Modified: openssl/branches/jessie_backports/debian/changelog
===================================================================
--- openssl/branches/jessie_backports/debian/changelog 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/jessie_backports/debian/changelog 2017-11-02 15:38:32 UTC (rev 920)
@@ -1,3 +1,11 @@
+openssl (1.0.2m-1~bpo8+1) jessie-backports; urgency=medium
+
+ * New upstream version
+ - Fixes CVE-2017-3735
+ - Fixes CVE-2017-3736
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:38:33 +0100
+
openssl (1.0.2l-1~bpo8+1) jessie-backports; urgency=medium
* New upstream release
Modified: openssl/branches/openssl1.0/debian/changelog
===================================================================
--- openssl/branches/openssl1.0/debian/changelog 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/openssl1.0/debian/changelog 2017-11-02 15:38:32 UTC (rev 920)
@@ -1,8 +1,14 @@
-openssl1.0 (1.0.2l-3) UNRELEASED; urgency=medium
+openssl1.0 (1.0.2m-1) unstable; urgency=high
+ [ Kurt Roeckx ]
+ * New upstream version
+ - Fixes CVE-2017-3735
+ - Fixes CVE-2017-3736
+
+ [ Sebastian Andrzej Siewior]
* Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Sat, 07 Oct 2017 11:35:29 +0200
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 14:30:51 +0100
openssl1.0 (1.0.2l-2) unstable; urgency=medium
Modified: openssl/branches/stretch/debian/changelog
===================================================================
--- openssl/branches/stretch/debian/changelog 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch/debian/changelog 2017-11-02 15:38:32 UTC (rev 920)
@@ -1,6 +1,7 @@
openssl (1.1.0f-3+deb9u1) unstable; urgency=medium
* Fix CVE-2017-3735
+ * Fix CVE-2017-3736
-- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:29:36 +0100
Added: openssl/branches/stretch/debian/patches/CVE-2017-3736.patch
===================================================================
--- openssl/branches/stretch/debian/patches/CVE-2017-3736.patch (rev 0)
+++ openssl/branches/stretch/debian/patches/CVE-2017-3736.patch 2017-11-02 15:38:32 UTC (rev 920)
@@ -0,0 +1,43 @@
+From 4443cf7aa0099e5ce615c18cee249fff77fb0871 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro at openssl.org>
+Date: Thu, 17 Aug 2017 21:08:57 +0200
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
+
+Credit to OSS-Fuzz for finding this.
+
+CVE-2017-3736
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+---
+ crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
+index 6807ab5cfe..5779059ea2 100755
+--- a/crypto/bn/asm/x86_64-mont5.pl
++++ b/crypto/bn/asm/x86_64-mont5.pl
+@@ -3099,11 +3099,19 @@ $code.=<<___;
+
+ .align 32
+ .Lsqrx8x_break:
+- sub 16+8(%rsp),%r8 # consume last carry
++ xor $zero,$zero
++ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
++ adcx $zero,%r8
+ mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
++ adcx $zero,%r9
+ mov 0*8($aptr),%rdx # a[8], modulo-scheduled
+- xor %ebp,%ebp # xor $zero,$zero
++ adc \$0,%r10
+ mov %r8,0*8($tptr)
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15
+ cmp $carry,$tptr # cf=0, of=0
+ je .Lsqrx8x_outer_loop
+
+--
+2.14.2
+
Modified: openssl/branches/stretch/debian/patches/series
===================================================================
--- openssl/branches/stretch/debian/patches/series 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch/debian/patches/series 2017-11-02 15:38:32 UTC (rev 920)
@@ -6,3 +6,4 @@
#padlock_conf.patch
0001-Only-release-thread-local-key-if-we-created-it.patch
CVE-2017-3735.patch
+CVE-2017-3736.patch
Modified: openssl/branches/stretch1.0/debian/changelog
===================================================================
--- openssl/branches/stretch1.0/debian/changelog 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch1.0/debian/changelog 2017-11-02 15:38:32 UTC (rev 920)
@@ -1,8 +1,9 @@
openssl1.0 (1.0.2l-2+deb9u1) unstable; urgency=medium
* Fix CVE-2017-3735
+ * Fix CVE-2017-3736
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:31:37 +0100
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 14:03:53 +0100
openssl1.0 (1.0.2l-2) unstable; urgency=medium
Added: openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch
===================================================================
--- openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch (rev 0)
+++ openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch 2017-11-02 15:38:32 UTC (rev 920)
@@ -0,0 +1,43 @@
+From 38d600147331d36e74174ebbd4008b63188b321b Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro at openssl.org>
+Date: Thu, 17 Aug 2017 21:08:57 +0200
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
+
+Credit to OSS-Fuzz for finding this.
+
+CVE-2017-3736
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+---
+ crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
+index 3bb0cdf5bd..42178e455a 100755
+--- a/crypto/bn/asm/x86_64-mont5.pl
++++ b/crypto/bn/asm/x86_64-mont5.pl
+@@ -3090,11 +3090,19 @@ $code.=<<___;
+
+ .align 32
+ .Lsqrx8x_break:
+- sub 16+8(%rsp),%r8 # consume last carry
++ xor $zero,$zero
++ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
++ adcx $zero,%r8
+ mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
++ adcx $zero,%r9
+ mov 0*8($aptr),%rdx # a[8], modulo-scheduled
+- xor %ebp,%ebp # xor $zero,$zero
++ adc \$0,%r10
+ mov %r8,0*8($tptr)
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15
+ cmp $carry,$tptr # cf=0, of=0
+ je .Lsqrx8x_outer_loop
+
+--
+2.14.2
+
Modified: openssl/branches/stretch1.0/debian/patches/series
===================================================================
--- openssl/branches/stretch1.0/debian/patches/series 2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch1.0/debian/patches/series 2017-11-02 15:38:32 UTC (rev 920)
@@ -19,3 +19,4 @@
libdoc-manpgs-pod-spell.patch
Mark-3DES-and-RC4-ciphers-as-weak.patch
CVE-2017-3735.patch
+CVE-2017-3736.patch
More information about the Pkg-openssl-changes
mailing list