[openssl] new upstream release fixing CVE-2011-3207 (#736088)
Tomáš Mráz
tmraz at fedoraproject.org
Wed Sep 7 16:27:22 UTC 2011
commit 3447c41c99a9a9fcbcccf8aecf8d073df1707968
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed Sep 7 18:27:06 2011 +0200
new upstream release fixing CVE-2011-3207 (#736088)
.gitignore | 1 +
...d-version.patch => openssl-1.0.0e-version.patch | 12 ++++++------
openssl.spec | 9 ++++++---
sources | 2 +-
4 files changed, 14 insertions(+), 10 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d8c4d6d..bc03fd0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0b-usa.tar.bz2
/openssl-1.0.0c-usa.tar.bz2
/openssl-1.0.0d-usa.tar.bz2
+/openssl-1.0.0e-usa.tar.bz2
diff --git a/openssl-1.0.0d-version.patch b/openssl-1.0.0e-version.patch
similarity index 57%
rename from openssl-1.0.0d-version.patch
rename to openssl-1.0.0e-version.patch
index da50fb4..0a45f74 100644
--- a/openssl-1.0.0d-version.patch
+++ b/openssl-1.0.0e-version.patch
@@ -1,22 +1,22 @@
-diff -up openssl-1.0.0d/crypto/opensslv.h.version openssl-1.0.0d/crypto/opensslv.h
---- openssl-1.0.0d/crypto/opensslv.h.version 2011-02-10 14:24:52.000000000 +0100
-+++ openssl-1.0.0d/crypto/opensslv.h 2011-02-10 14:48:00.000000000 +0100
+diff -up openssl-1.0.0e/crypto/opensslv.h.version openssl-1.0.0e/crypto/opensslv.h
+--- openssl-1.0.0e/crypto/opensslv.h.version 2011-09-07 13:55:52.000000000 +0200
++++ openssl-1.0.0e/crypto/opensslv.h 2011-09-07 13:59:28.000000000 +0200
@@ -25,7 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
--#define OPENSSL_VERSION_NUMBER 0x1000004fL
+-#define OPENSSL_VERSION_NUMBER 0x1000005fL
+/* we have to keep the version number to not break the abi */
+#define OPENSSL_VERSION_NUMBER 0x10000003
#ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d-fips 8 Feb 2011"
+ #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011"
#else
@@ -83,7 +84,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
-+#define SHLIB_VERSION_NUMBER "1.0.0d"
++#define SHLIB_VERSION_NUMBER "1.0.0e"
#endif /* HEADER_OPENSSLV_H */
diff --git a/openssl.spec b/openssl.spec
index e7eea60..8af4610 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -20,8 +20,8 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.0d
-Release: 8%{?dist}
+Version: 1.0.0e
+Release: 1%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@@ -61,7 +61,7 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
-Patch51: openssl-1.0.0d-version.patch
+Patch51: openssl-1.0.0e-version.patch
Patch52: openssl-1.0.0b-aesni.patch
Patch53: openssl-1.0.0-name-hash.patch
Patch54: openssl-1.0.0c-speed-fips.patch
@@ -422,6 +422,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Wed Sep 7 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0e-1
+- new upstream release fixing CVE-2011-3207 (#736088)
+
* Wed Aug 24 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-8
- drop the separate engine for Intel acceleration improvements
and merge in the AES-NI, SHA1, and RC4 optimizations
diff --git a/sources b/sources
index 302a734..0190e0c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-531c1627ff9701cb8540ee3bd03de5d7 openssl-1.0.0d-usa.tar.bz2
+fb4e9d817dd5e4ca4ea50f3360e007f3 openssl-1.0.0e-usa.tar.bz2
More information about the scm-commits
mailing list