fix use of uninitialized memory

openssl-1.1.1-upstream-sync.patch

@@ -65,3 +65,17 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
              }
          }
          if (str->string == NULL)
+diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
+--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync	2019-05-29 17:20:17.175099183 +0200
++++ openssl-1.1.1c/crypto/rand/rand_lib.c	2019-05-30 11:51:20.784850208 +0200
+@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr
+     struct {
+         void * instance;
+         int count;
+-    } data = { NULL, 0 };
++    } data;
+ 
++    memset(&data, 0, sizeof(data));
+     pool = rand_pool_new(0, min_len, max_len);
+     if (pool == NULL)
+         return 0;

openssl.spec

@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1c
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -454,6 +454,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu May 30 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2
+- fix use of uninitialized memory
+
 * Wed May 29 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1
 - update to the 1.1.1c release