Hi,
While many of us were busy lately with upgrading CentOS 6 systems to CentOS 8, a lot of systems may still be running CentOS 6 and migrations came to a halt this week with the announcement of RedHats new direction for the CentOS project.
Since security updates for CentOS 6 are not provided anymore, I've decided to try my best to address CVE-2020-1971 and I welcome others to do the same for this and other new issues which may come up.
Attached patches: openssl.spec.patch.gz openssl-1.0.1e-cve-2020-1971.patch.gz
Please let me know if you find any issues.
Regards, Simon
On Sat, Dec 12, 2020 at 08:20:04PM +0100, Simon Matter wrote:
Hi,
Attached patches: openssl.spec.patch.gz openssl-1.0.1e-cve-2020-1971.patch.gz
Please let me know if you find any issues.
Attachments scrubbed from your message when posted.
On Sat, Dec 12, 2020 at 08:20:04PM +0100, Simon Matter wrote:
Hi,
Attached patches: openssl.spec.patch.gz openssl-1.0.1e-cve-2020-1971.patch.gz
Please let me know if you find any issues.
Attachments scrubbed from your message when posted.
OK, let's try it again. Hope this one goes through.
Simon
---%<----------------------- openssl base64 -d -out openssl-1.0.1e-58.el6_10.invoca1.tar.gz << EOF H4sIANnh1V8AA+1a63bbNhLOX+spJulJalkSRZAidUmTjWIzibq27JXkJv3FA5KQ xY1EcknKl7p5mD5Lz77XDgDqalmW225zesr5IYngzGAwlw8DUmHEgiQZV4iiKoRV jIbCxqZNVMUPLkOXkuqT308qUr1u8G9SN9Tl7xk9IXrdNHRTrRPtiUoMUq8/AeMP mPtBmiYpjQGeJP7Ev97C99D9vyiFD8V/jcG9ZBVN1dQKadaJEtHUHT04Bw+wadbu iT8xNLKIv6bjuKbxL1D/hPX/3ePv+cMhVLp0GsNqpJUw9i+qbnwTpWGVJgERHzaL Y8VdY72Hq1CpVB6hdE9TiV5RtQohQMyWZrbUmjIHCCipRFULpVJpt8n3ZJKiNg2I 1jKaLa2maMTU6vVG08i0vXkDFaLqZRNK/KsOb94U4Nbq9ex3593D/Xa/S+x3tvjq DKwT++j8rFjeeyYG/JRNbG8aPftS3ipjfbIPT0/edrqW3bU+zsU33NtB05HWuaMB x7hkabtkRztaNZ1d277mPTQnitlvO6eroihnO364i+y7s7uiwwd9dtY+/OeqXETd z1yKRwwjyyOmrUasZ7X7p12pq2e3zz/ZOHraK8ISlZ/R6TVgfoTxwoRVwbftI/vw uN3vrwk61AN3TJNkm+Dp2++tw4H9wWofWXJmKRg6/2ZuCiNGPRYvgnVXAS7+7Lg9 sIprM6MLojFN2bbJz9Doj6e9I37raGnyCI2+CmMPYpx+m4JB+/3KoueT04t7xU7O +oNep/ve7vTtj71T/HFsdd8PPhRRdBIlaewHF+AncBWH+GPMgot0xJU9EnaU0UNV r4x2hhtllEFNraKrQIyWobdIYwVqtN2gRmhawEytpZIWbp2Nul4zTbPZWIYZ0mgK nOHfMm2/8djQDxhsgpk9JCBNsoVrFTwEv/YAP0KFVKzh8rYxYulKxlpti8YMHKSp 2gOM72Zr0rcw8sLP2BrSbVrDEG7TGuYmty1VupRDd69zzEs641h30obalYzampNW a1Rowz5lo7aVYpTa1tc9L7q9zK51V28pLz4zqT2milL8tD3mbt+8F1w7VdOC/Y/Y vFe0LW/emt4ykF8zDcNQdXWpqrBO5VaglokpsmNvz0Gc+/yyAPy3S5PMmZ3Bj2eW fSLd2SqU9vaqB/wTDqCTQsAuWQwT+pklkKCBDIYhXk/HqV+RIJZAGsKIXjLwEYp9 1085Ll7gnTIkYabJH/JBePoKE7cM6YgF+IHoNw7Dz/jpf2ZAA7n/gM/vsTmyK1JF lX+hmv25niLc8rE9vgqUvK8tKAsmyba+mbwU9y5CXAFqkFdfCiXuoAhewYEfvOS/ qwfwPXbDYp8Q5qEJNMi2PW4a8sQsRQnRZrkj5n62U8T0/e758XEZXoQowb+EQBnk qPiUwdJksHQ1q+Rlg7PI2N3TgX3e7fxg9frt46Kwa8lyWFiO1h5yC4SZE34Owdg5 GJYJjTJjuR+fSochk4Y397mJRXgBflp5PU1vIlYsCqW3wkJdbXALddIsE2ni5jQ6 /HDaObR2zCLJDHyyr5dEIuaPSqTHZhKfT+aFAy9ewNPst5zm9Iyrts96VhmiSzou YwBkamT+lzqxO5uFmas74KzFR6McC3ZBOcG1O8oJ9j8M5WbaVlCu2SIEjygGaZC6 udI7GEa5iXsgfmnG3xflsIsob9qIs6xEaJrGAeoSl18ytOJDIhX5yQPPPFGM5/jU v2T7Mg/DaSqTka+FCuQq3uPWv17V/1+c+lCh82ZvS6FnGlVZ5bPN5IKluKGEvsvs hI3xsBTG+zN5NGU3CLg21OalXr3UUV0Q3IsB62wPgcA6/+9EgQ3qFjDAO52Wqit6 A1sdk2j6EgzUtTKiAn42BQZ0MFDWidUdyIDyk/Sgc9rt758OPli9bvvEKvI8Fjf7 1r/Ore6htW8ddc7avcGP4jY6/7ZQkUCP2jB4gxWGMgR0wtpJ4l8ELC7DUaeHLfJp 70eJL2VQi+Xt8hGN05suKtkgLDYl3MWP/FjE+6Y/Py3S5fLBGoEpVhW7Xi0emfFi cuvTbzR+If84w+HLql9tq3u06lvu+nsjtMopn0LV5VOoRllfao5g3x3RGA6KQEUv hAVYKCUpTX0XUSAF5vnCUr5U251E+24YYAe3rB8OaBk2DTvc/xwguKKYJVjh/IJX N7x6JWoWfv4ZnNlFhiZz6OuPwunYC75NwWEQhehoZ8w4NlHAwvU9eG91rV772JYe daYpXDHEwcDjbGmmhQY3V/RGgXnS8mVAirtbmkgbnma2YBqgvBcK7EtwwTBiMVvC vhWs+jJbS+X1ch7MV4bI5azdyiYq3tG1Sc/T+/W8uqtHqMFc7wz5GhDshO0S5p0w HcntYUVLwhA4EezF7SluK6lc5hZjsghhLLGyZX7KpppnxppMed3s4mylXBwVqsv2 y/QQThXxx8DNK4QXbMz+M8Uy9viGxleF5ZqI9Mh2R8wQbqACH5mMLSYAporUNI8n JgLuBuJ6cwqC2JKpE14yIbrkj4U5y4Ibxu+EF6+zyw0uW8KBZWXcWaLvxZj2hHAC qtjDRwzXgKFFh/DdizsSMIIsvvITpoiDCa+35doQcy0PiJJdHXD47nmbPUky+T5A ao0ybkACKpIrH88/3F5xpOHgcYsfwluox/5UU9VWlhrY7c2yQ3Q12UI95RqZ2p6H LIlY7MqIbAeyprO0rHsGKi3cCbbqF17INIvfUudc5A6WCSkcPVuJweqQPCEuNcNz u+aA0pJeM2vCa83mutcecNm6b9BShLcp280hi5WvyN1Z2uLubsvhTzwa/CyNSaA+ OglkV7y2sO1xXYiI1bxcV7S8mPtNhw2qpMTXfg/2d6Vd3/8qScTcHd/3rtP297+q VtfJ4v2vhnyaaupG/v73z6Cls48MMT/58BNOs6LW8ZAjnkyQltHc9n5ESK69CuEv VcidY5GA4jKeakhZPMkoPc+eeHs+NqhZ7nEg+gbeYfPDWwF3GvvhNGnxMVVpKgbF JgObisQPA4RNdTZuwso4kThJynUOk9kTx/50MqHxTQva2IRh00PHEE1jbF5xGnE6 u4hpNLrB87YTIx8gpI5gcNwXJ3c2YQFvvcOgABy0WrPlF+AHOW0LZBkVKj08xCL+ tcBoPL/9B18ctgsbBmdlxhfxkck2MA2xn5rgUsBlcUqxo8ayw6mZB3R8gfFJR5ME hnE4Ef7JjMDFT2OXcUWY0A4dj6X1nGUUOtibV+acbuxH2I2PfHfEuzc/cMdTD9U7 bBxeKVzFgCvGTPADdNFMbspf6DE6mU/g0iAIRf+fjPwoYt7s0YSSxK4SRxMl23tN cbgxG9nR9YzDCDHrLdj47xJSr+iICRJt5tyN+7ib/AFZc8ZdKH0DHeFUiORT4UJJ asAsvEfFyt9ZePYd+y5/ktOCU2Tv948L8D4Op1EL+jdJyiZgBZd+HAY8IarHIld8 nAfOe8ctGKVp1KpWr66ulFl5hPFFVT5gNoh4wGyYmSeeR5kroBIRqDigpPE0cDHe 3uJmY35TPP+p8AMg27zSTIQX3ExmZYl8cQnGqeLDt0m1/+G489bmz9rxWGp3z0/e Wj14xl2jPrvn5vPbrMS+PKt+mxXNbI+4VLj/MXtOQs8f3ohMuKSieiFi8SzxEpnh QzwBBS6Td7K8wYwbpTDGJfEyk9ljEvHawCSNuc/CJJ1i9x5BNXH8oDr28Hw79C/4 5M/xwBxcYB5fFEp4RsWTxhFzEcSAuwD6/gTB4YSmKTZk3yX8SpmIqzeyEBV39BoW e+GsOksVGPrXcPiDtXAl4NiYXs1MX+/oYYhxFGCBLj+AwZTB99MxAAGesjAIJ7/+ 8t9f4CT+9Zef4Lt0EtOf3uAJakRTxQ0nS0YUYHnyLNtxTK04Nym6jLn85X5EPY8/ FAlj6o55cuyI/w/u//0Pbc0w++cnv32PeWD/xwZAm+//Zo3//8/UTS3f//8MamJg hq5OVZeqQ82taaymelRnhHpqo96kLsX2jA51d1hTDdaoqUMHB3WNqhRj5TYA7jaI hWat7ujaUCPDhmYQQvQho02H1ZvakDio0aOO6+o1s0a8mus1mOs6po7TNhxn6KqM wS4w/bU9l1NOOeWUU0455ZRTTjnllFNOOeWUU0455ZRTTjnllFNOOeWUU0455ZRT Tjnl9HXpf2A+OtAAUAAA EOF ---%<-----------------------
Simon Matter wrote:
Since security updates for CentOS 6 are not provided anymore, I've decided to try my best to address CVE-2020-1971 and I welcome others to do the same for this and other new issues which may come up.
Thanks to Simon for doing this.
I made my own patch which ended up the same as Simon's apart from whitespace and formatting. It's been deployed on a CentOS 6 system that can't be upgraded yet due to... reasons. Seems to work in the limited testing I've done.
Cheers,
Ron
Simon Matter wrote:
Since security updates for CentOS 6 are not provided anymore, I've decided to try my best to address CVE-2020-1971 and I welcome others to do the same for this and other new issues which may come up.
Thanks to Simon for doing this.
I made my own patch which ended up the same as Simon's apart from whitespace and formatting. It's been deployed on a CentOS 6 system that can't be upgraded yet due to... reasons. Seems to work in the limited testing I've done.
Thanks Ron for your feedback! It gives us more confidence that the patch is correct.
I'm also using it on a number of systems without issues.
Regards, Simon
-
John R. Dennison -
Ron Yorston -
Simon Matter