[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 928b3cbf66a249236ffa672f66edaf402a54289f

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 928b3cbf66a249236ffa672f66edaf402a54289f
Date: Wed, 21 Nov 2018 11:23:22 +0000	[thread overview]
Message-ID: <20181121112322.BAA661081BB0@git01.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 6288 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  928b3cbf66a249236ffa672f66edaf402a54289f (commit)
       via  5ca47910a7b5b7fd19422ed6311a391d68c56e95 (commit)
      from  6170b2536325f824998b0e4a2ade31e58d3b7fb5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 928b3cbf66a249236ffa672f66edaf402a54289f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Nov 21 11:21:42 2018 +0000

    openssl: Update to 1.1.0j
    
      *) Timing vulnerability in DSA signature generation
    
         The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
         timing side channel attack. An attacker could use variations in the signing
         algorithm to recover the private key.
    
         This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
         (CVE-2018-0734)
         [Paul Dale]
    
      *) Timing vulnerability in ECDSA signature generation
    
         The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
         timing side channel attack. An attacker could use variations in the signing
         algorithm to recover the private key.
    
         This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
         (CVE-2018-0735)
         [Paul Dale]
    
      *) Add coordinate blinding for EC_POINT and implement projective
         coordinate blinding for generic prime curves as a countermeasure to
         chosen point SCA attacks.
         [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 5ca47910a7b5b7fd19422ed6311a391d68c56e95
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Nov 20 16:28:52 2018 +0000

    openssl-compat: Update to 1.0.2q
    
      *) Microarchitecture timing vulnerability in ECC scalar multiplication
    
         OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
         shown to be vulnerable to a microarchitecture timing side channel attack.
         An attacker with sufficient access to mount local timing attacks during
         ECDSA signature generation could recover the private key.
    
         This issue was reported to OpenSSL on 26th October 2018 by Alejandro
         Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
         Nicola Tuveri.
         (CVE-2018-5407)
         [Billy Brumley]
    
      *) Timing vulnerability in DSA signature generation
    
         The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
         timing side channel attack. An attacker could use variations in the signing
         algorithm to recover the private key.
    
         This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
         (CVE-2018-0734)
         [Paul Dale]
    
      *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
         Module, accidentally introduced while backporting security fixes from the
         development branch and hindering the use of ECC in FIPS mode.
         [Nicola Tuveri]
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/common/openssl | 4 ++++
 lfs/openssl                     | 4 ++--
 lfs/openssl-compat              | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

Difference in files:
diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 8b26c4b42..f7d6f2fb5 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -1654,7 +1654,10 @@ usr/lib/libssl.so.1.1
 #usr/share/doc/openssl/html/man3/OCSP_resp_get0_certs.html
 #usr/share/doc/openssl/html/man3/OCSP_resp_get0_id.html
 #usr/share/doc/openssl/html/man3/OCSP_resp_get0_produced_at.html
+#usr/share/doc/openssl/html/man3/OCSP_resp_get0_respdata.html
+#usr/share/doc/openssl/html/man3/OCSP_resp_get0_signature.html
 #usr/share/doc/openssl/html/man3/OCSP_resp_get0_signer.html
+#usr/share/doc/openssl/html/man3/OCSP_resp_get0_tbs_sigalg.html
 #usr/share/doc/openssl/html/man3/OCSP_response_create.html
 #usr/share/doc/openssl/html/man3/OCSP_response_get1_basic.html
 #usr/share/doc/openssl/html/man3/OCSP_response_status.html
@@ -1676,6 +1679,7 @@ usr/lib/libssl.so.1.1
 #usr/share/doc/openssl/html/man3/OPENSSL_LH_stats.html
 #usr/share/doc/openssl/html/man3/OPENSSL_LH_stats_bio.html
 #usr/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html
+#usr/share/doc/openssl/html/man3/OPENSSL_VERSION_TEXT.html
 #usr/share/doc/openssl/html/man3/OPENSSL_atexit.html
 #usr/share/doc/openssl/html/man3/OPENSSL_buf2hexstr.html
 #usr/share/doc/openssl/html/man3/OPENSSL_cleanse.html
diff --git a/lfs/openssl b/lfs/openssl
index 94a08b97d..d7a616ff2 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.1.0i
+VER        = 1.1.0j
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -87,7 +87,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 9495126aafd2659d357ea66a969c3fe1
+$(DL_FILE)_MD5 = b4ca5b78ae6ae79da80790b30dbedbdc
 
 install : $(TARGET)
 
diff --git a/lfs/openssl-compat b/lfs/openssl-compat
index 1dcb829e5..062f85fdb 100644
--- a/lfs/openssl-compat
+++ b/lfs/openssl-compat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.0.2p
+VER        = 1.0.2q
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -84,7 +84,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ac5eb30bf5798aa14b1ae6d0e7da58df
+$(DL_FILE)_MD5 = 7563e1ce046cb21948eeb6ba1a0eb71c
 
 install : $(TARGET)
 


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2018-11-21 11:23 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181121112322.BAA661081BB0@git01.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox