[Pkg-openssl-changes] r920 - in openssl/branches: 1.1.0/debian 1.1.0/debian/patches jessie_backports/debian openssl1.0/debian stretch/debian stretch/debian/patches stretch1.0/debian stretch1.0/debian/patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Thu Nov 2 15:38:32 UTC 2017 

Author: kroeckx
Date: 2017-11-02 15:38:32 +0000 (Thu, 02 Nov 2017)
New Revision: 920

Added:
   openssl/branches/1.1.0/debian/patches/testsuite_race.patch
   openssl/branches/stretch/debian/patches/CVE-2017-3736.patch
   openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch
Modified:
   openssl/branches/1.1.0/debian/changelog
   openssl/branches/1.1.0/debian/patches/series
   openssl/branches/jessie_backports/debian/changelog
   openssl/branches/openssl1.0/debian/changelog
   openssl/branches/stretch/debian/changelog
   openssl/branches/stretch/debian/patches/series
   openssl/branches/stretch1.0/debian/changelog
   openssl/branches/stretch1.0/debian/patches/series
Log:
Security fixes


Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/1.1.0/debian/changelog	2017-11-02 15:38:32 UTC (rev 920)
@@ -1,3 +1,13 @@
+openssl (1.1.0g-1) unstable; urgency=medium
+
+  * New upstream version
+    - Fixes CVE-2017-3735
+    - Fixes CVE-2017-3736
+  * Temporary enable TLS 1.0 and 1.1 again (#875423)
+  * Attempt to fix testsuite race condition
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 02 Nov 2017 15:22:48 +0100
+
 openssl (1.1.0f-5) unstable; urgency=medium
 
   * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum

Modified: openssl/branches/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/1.1.0/debian/patches/series	2017-11-02 15:38:32 UTC (rev 920)
@@ -4,6 +4,5 @@
 pic.patch
 c_rehash-compat.patch
 #padlock_conf.patch
-0001-Only-release-thread-local-key-if-we-created-it.patch
-Fix-a-Proxy-race-condition.patch
-tls1_2_default.patch
+#tls1_2_default.patch
+testsuite_race.patch

Added: openssl/branches/1.1.0/debian/patches/testsuite_race.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/testsuite_race.patch	                        (rev 0)
+++ openssl/branches/1.1.0/debian/patches/testsuite_race.patch	2017-11-02 15:38:32 UTC (rev 920)
@@ -0,0 +1,22 @@
+Index: openssl-1.1.0g/util/TLSProxy/Proxy.pm
+===================================================================
+--- openssl-1.1.0g.orig/util/TLSProxy/Proxy.pm
++++ openssl-1.1.0g/util/TLSProxy/Proxy.pm
+@@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
+ use TLSProxy::ServerHello;
+ use TLSProxy::ServerKeyExchange;
+ use TLSProxy::NewSessionTicket;
++use Time::HiRes qw/usleep/;
+ 
+ my $have_IPv6 = 0;
+ my $IP_factory;
+@@ -317,6 +318,9 @@ sub clientstart
+               .$self->serverpid."\n";
+         waitpid( $self->serverpid, 0);
+         die "exit code $? from server process\n" if $? != 0;
++    } else {
++        # Give s_server sufficient time to finish what it was doing
++        usleep(250000);
+     }
+     die "clientpid is zero\n" if $self->clientpid == 0;
+     print "Waiting for client process to close: ".$self->clientpid."\n";

Modified: openssl/branches/jessie_backports/debian/changelog
===================================================================
--- openssl/branches/jessie_backports/debian/changelog	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/jessie_backports/debian/changelog	2017-11-02 15:38:32 UTC (rev 920)
@@ -1,3 +1,11 @@
+openssl (1.0.2m-1~bpo8+1) jessie-backports; urgency=medium
+
+  * New upstream version
+    - Fixes CVE-2017-3735
+    - Fixes CVE-2017-3736
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 02 Nov 2017 12:38:33 +0100
+
 openssl (1.0.2l-1~bpo8+1) jessie-backports; urgency=medium
 
   * New upstream release

Modified: openssl/branches/openssl1.0/debian/changelog
===================================================================
--- openssl/branches/openssl1.0/debian/changelog	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/openssl1.0/debian/changelog	2017-11-02 15:38:32 UTC (rev 920)
@@ -1,8 +1,14 @@
-openssl1.0 (1.0.2l-3) UNRELEASED; urgency=medium
+openssl1.0 (1.0.2m-1) unstable; urgency=high
 
+  [ Kurt Roeckx ]
+  * New upstream version
+    - Fixes CVE-2017-3735
+    - Fixes CVE-2017-3736
+
+  [ Sebastian Andrzej Siewior]
   * Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
 
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc>  Sat, 07 Oct 2017 11:35:29 +0200
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 02 Nov 2017 14:30:51 +0100
 
 openssl1.0 (1.0.2l-2) unstable; urgency=medium
 

Modified: openssl/branches/stretch/debian/changelog
===================================================================
--- openssl/branches/stretch/debian/changelog	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch/debian/changelog	2017-11-02 15:38:32 UTC (rev 920)
@@ -1,6 +1,7 @@
 openssl (1.1.0f-3+deb9u1) unstable; urgency=medium
 
   * Fix CVE-2017-3735
+  * Fix CVE-2017-3736
 
  -- Kurt Roeckx <kurt at roeckx.be>  Thu, 02 Nov 2017 12:29:36 +0100
 

Added: openssl/branches/stretch/debian/patches/CVE-2017-3736.patch
===================================================================
--- openssl/branches/stretch/debian/patches/CVE-2017-3736.patch	                        (rev 0)
+++ openssl/branches/stretch/debian/patches/CVE-2017-3736.patch	2017-11-02 15:38:32 UTC (rev 920)
@@ -0,0 +1,43 @@
+From 4443cf7aa0099e5ce615c18cee249fff77fb0871 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro at openssl.org>
+Date: Thu, 17 Aug 2017 21:08:57 +0200
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
+
+Credit to OSS-Fuzz for finding this.
+
+CVE-2017-3736
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+---
+ crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
+index 6807ab5cfe..5779059ea2 100755
+--- a/crypto/bn/asm/x86_64-mont5.pl
++++ b/crypto/bn/asm/x86_64-mont5.pl
+@@ -3099,11 +3099,19 @@ $code.=<<___;
+ 
+ .align	32
+ .Lsqrx8x_break:
+-	sub	16+8(%rsp),%r8		# consume last carry
++	xor	$zero,$zero
++	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
++	adcx	$zero,%r8
+ 	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
++	adcx	$zero,%r9
+ 	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
+-	xor	%ebp,%ebp		# xor	$zero,$zero
++	adc	\$0,%r10
+ 	mov	%r8,0*8($tptr)
++	adc	\$0,%r11
++	adc	\$0,%r12
++	adc	\$0,%r13
++	adc	\$0,%r14
++	adc	\$0,%r15
+ 	cmp	$carry,$tptr		# cf=0, of=0
+ 	je	.Lsqrx8x_outer_loop
+ 
+-- 
+2.14.2
+

Modified: openssl/branches/stretch/debian/patches/series
===================================================================
--- openssl/branches/stretch/debian/patches/series	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch/debian/patches/series	2017-11-02 15:38:32 UTC (rev 920)
@@ -6,3 +6,4 @@
 #padlock_conf.patch
 0001-Only-release-thread-local-key-if-we-created-it.patch
 CVE-2017-3735.patch
+CVE-2017-3736.patch

Modified: openssl/branches/stretch1.0/debian/changelog
===================================================================
--- openssl/branches/stretch1.0/debian/changelog	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch1.0/debian/changelog	2017-11-02 15:38:32 UTC (rev 920)
@@ -1,8 +1,9 @@
 openssl1.0 (1.0.2l-2+deb9u1) unstable; urgency=medium
 
   * Fix CVE-2017-3735
+  * Fix CVE-2017-3736
 
- -- Kurt Roeckx <kurt at roeckx.be>  Thu, 02 Nov 2017 12:31:37 +0100
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 02 Nov 2017 14:03:53 +0100
 
 openssl1.0 (1.0.2l-2) unstable; urgency=medium
 

Added: openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch
===================================================================
--- openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch	                        (rev 0)
+++ openssl/branches/stretch1.0/debian/patches/CVE-2017-3736.patch	2017-11-02 15:38:32 UTC (rev 920)
@@ -0,0 +1,43 @@
+From 38d600147331d36e74174ebbd4008b63188b321b Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro at openssl.org>
+Date: Thu, 17 Aug 2017 21:08:57 +0200
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
+
+Credit to OSS-Fuzz for finding this.
+
+CVE-2017-3736
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+---
+ crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
+index 3bb0cdf5bd..42178e455a 100755
+--- a/crypto/bn/asm/x86_64-mont5.pl
++++ b/crypto/bn/asm/x86_64-mont5.pl
+@@ -3090,11 +3090,19 @@ $code.=<<___;
+ 
+ .align	32
+ .Lsqrx8x_break:
+-	sub	16+8(%rsp),%r8		# consume last carry
++	xor	$zero,$zero
++	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
++	adcx	$zero,%r8
+ 	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
++	adcx	$zero,%r9
+ 	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
+-	xor	%ebp,%ebp		# xor	$zero,$zero
++	adc	\$0,%r10
+ 	mov	%r8,0*8($tptr)
++	adc	\$0,%r11
++	adc	\$0,%r12
++	adc	\$0,%r13
++	adc	\$0,%r14
++	adc	\$0,%r15
+ 	cmp	$carry,$tptr		# cf=0, of=0
+ 	je	.Lsqrx8x_outer_loop
+ 
+-- 
+2.14.2
+

Modified: openssl/branches/stretch1.0/debian/patches/series
===================================================================
--- openssl/branches/stretch1.0/debian/patches/series	2017-11-02 14:12:36 UTC (rev 919)
+++ openssl/branches/stretch1.0/debian/patches/series	2017-11-02 15:38:32 UTC (rev 920)
@@ -19,3 +19,4 @@
 libdoc-manpgs-pod-spell.patch
 Mark-3DES-and-RC4-ciphers-as-weak.patch
 CVE-2017-3735.patch
+CVE-2017-3736.patch

More information about the Pkg-openssl-changes mailing list