From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 928b3cbf66a249236ffa672f66edaf402a54289f Date: Wed, 21 Nov 2018 11:23:22 +0000 Message-ID: <20181121112322.BAA661081BB0@git01.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2235108211258158325==" List-Id: --===============2235108211258158325== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 928b3cbf66a249236ffa672f66edaf402a54289f (commit) via 5ca47910a7b5b7fd19422ed6311a391d68c56e95 (commit) from 6170b2536325f824998b0e4a2ade31e58d3b7fb5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 928b3cbf66a249236ffa672f66edaf402a54289f Author: Michael Tremer Date: Wed Nov 21 11:21:42 2018 +0000 openssl: Update to 1.1.0j =20 *) Timing vulnerability in DSA signature generation =20 The OpenSSL DSA signature algorithm has been shown to be vulnerable = to a timing side channel attack. An attacker could use variations in the = signing algorithm to recover the private key. =20 This issue was reported to OpenSSL on 16th October 2018 by Samuel We= iser. (CVE-2018-0734) [Paul Dale] =20 *) Timing vulnerability in ECDSA signature generation =20 The OpenSSL ECDSA signature algorithm has been shown to be vulnerabl= e to a timing side channel attack. An attacker could use variations in the = signing algorithm to recover the private key. =20 This issue was reported to OpenSSL on 25th October 2018 by Samuel We= iser. (CVE-2018-0735) [Paul Dale] =20 *) Add coordinate blinding for EC_POINT and implement projective coordinate blinding for generic prime curves as a countermeasure to chosen point SCA attacks. [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley] =20 Signed-off-by: Michael Tremer commit 5ca47910a7b5b7fd19422ed6311a391d68c56e95 Author: Michael Tremer Date: Tue Nov 20 16:28:52 2018 +0000 openssl-compat: Update to 1.0.2q =20 *) Microarchitecture timing vulnerability in ECC scalar multiplication =20 OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has = been shown to be vulnerable to a microarchitecture timing side channel at= tack. An attacker with sufficient access to mount local timing attacks dur= ing ECDSA signature generation could recover the private key. =20 This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garci= a and Nicola Tuveri. (CVE-2018-5407) [Billy Brumley] =20 *) Timing vulnerability in DSA signature generation =20 The OpenSSL DSA signature algorithm has been shown to be vulnerable = to a timing side channel attack. An attacker could use variations in the = signing algorithm to recover the private key. =20 This issue was reported to OpenSSL on 16th October 2018 by Samuel We= iser. (CVE-2018-0734) [Paul Dale] =20 *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Obj= ect Module, accidentally introduced while backporting security fixes fro= m the development branch and hindering the use of ECC in FIPS mode. [Nicola Tuveri] =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/openssl | 4 ++++ lfs/openssl | 4 ++-- lfs/openssl-compat | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) Difference in files: diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index 8b26c4b42..f7d6f2fb5 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -1654,7 +1654,10 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/OCSP_resp_get0_certs.html #usr/share/doc/openssl/html/man3/OCSP_resp_get0_id.html #usr/share/doc/openssl/html/man3/OCSP_resp_get0_produced_at.html +#usr/share/doc/openssl/html/man3/OCSP_resp_get0_respdata.html +#usr/share/doc/openssl/html/man3/OCSP_resp_get0_signature.html #usr/share/doc/openssl/html/man3/OCSP_resp_get0_signer.html +#usr/share/doc/openssl/html/man3/OCSP_resp_get0_tbs_sigalg.html #usr/share/doc/openssl/html/man3/OCSP_response_create.html #usr/share/doc/openssl/html/man3/OCSP_response_get1_basic.html #usr/share/doc/openssl/html/man3/OCSP_response_status.html @@ -1676,6 +1679,7 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/OPENSSL_LH_stats.html #usr/share/doc/openssl/html/man3/OPENSSL_LH_stats_bio.html #usr/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html +#usr/share/doc/openssl/html/man3/OPENSSL_VERSION_TEXT.html #usr/share/doc/openssl/html/man3/OPENSSL_atexit.html #usr/share/doc/openssl/html/man3/OPENSSL_buf2hexstr.html #usr/share/doc/openssl/html/man3/OPENSSL_cleanse.html diff --git a/lfs/openssl b/lfs/openssl index 94a08b97d..d7a616ff2 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 1.1.0i +VER =3D 1.1.0j =20 THISAPP =3D openssl-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -87,7 +87,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 9495126aafd2659d357ea66a969c3fe1 +$(DL_FILE)_MD5 =3D b4ca5b78ae6ae79da80790b30dbedbdc =20 install : $(TARGET) =20 diff --git a/lfs/openssl-compat b/lfs/openssl-compat index 1dcb829e5..062f85fdb 100644 --- a/lfs/openssl-compat +++ b/lfs/openssl-compat @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 1.0.2p +VER =3D 1.0.2q =20 THISAPP =3D openssl-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -84,7 +84,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D ac5eb30bf5798aa14b1ae6d0e7da58df +$(DL_FILE)_MD5 =3D 7563e1ce046cb21948eeb6ba1a0eb71c =20 install : $(TARGET) =20 hooks/post-receive -- IPFire 2.x development tree --===============2235108211258158325==--