[openssl/f17] new upstream release fixing CVE-2012-2333 - improper record
Tomáš Mráz
tmraz at fedoraproject.org
Tue May 15 18:24:36 UTC 2012
commit f7a9c1c246257f28dcecf025cd9475c73ff31664
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue May 15 20:24:31 2012 +0200
new upstream release fixing CVE-2012-2333 - improper record
length checking in DTLS
.gitignore | 1 +
...i-version.patch => openssl-1.0.0j-version.patch | 12 ++++++------
openssl.spec | 8 ++++++--
sources | 2 +-
4 files changed, 14 insertions(+), 9 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3f846cb..47c7de5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0g-usa.tar.xz
/openssl-1.0.0h-usa.tar.xz
/openssl-1.0.0i-usa.tar.xz
+/openssl-1.0.0j-usa.tar.xz
diff --git a/openssl-1.0.0i-version.patch b/openssl-1.0.0j-version.patch
similarity index 54%
rename from openssl-1.0.0i-version.patch
rename to openssl-1.0.0j-version.patch
index 84c4185..cf18bd5 100644
--- a/openssl-1.0.0i-version.patch
+++ b/openssl-1.0.0j-version.patch
@@ -1,21 +1,21 @@
-diff -up openssl-1.0.0h/crypto/opensslv.h.version openssl-1.0.0h/crypto/opensslv.h
---- openssl-1.0.0h/crypto/opensslv.h.version 2012-03-23 18:28:55.204891622 +0100
-+++ openssl-1.0.0h/crypto/opensslv.h 2012-03-23 18:29:24.233500886 +0100
+diff -up openssl-1.0.0j/crypto/opensslv.h.version openssl-1.0.0j/crypto/opensslv.h
+--- openssl-1.0.0j/crypto/opensslv.h.version 2012-05-15 20:19:08.000000000 +0200
++++ openssl-1.0.0j/crypto/opensslv.h 2012-05-15 20:22:50.862185196 +0200
@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
--#define OPENSSL_VERSION_NUMBER 0x1000009fL
+-#define OPENSSL_VERSION_NUMBER 0x100000afL
+#define OPENSSL_VERSION_NUMBER 0x10000003
#ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0i-fips 19 Apr 2012"
+ #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0j-fips 10 May 2012"
#else
@@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
-+#define SHLIB_VERSION_NUMBER "1.0.0i"
++#define SHLIB_VERSION_NUMBER "1.0.0j"
#endif /* HEADER_OPENSSLV_H */
diff --git a/openssl.spec b/openssl.spec
index e831ca2..02e2c94 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -20,7 +20,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.0i
+Version: 1.0.0j
Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
@@ -60,7 +60,7 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1a-algo-doc.patch
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
-Patch51: openssl-1.0.0i-version.patch
+Patch51: openssl-1.0.0j-version.patch
Patch52: openssl-1.0.0b-aesni.patch
Patch53: openssl-1.0.0-name-hash.patch
Patch54: openssl-1.0.0c-speed-fips.patch
@@ -424,6 +424,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Tue May 15 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0j-1
+- new upstream release fixing CVE-2012-2333 - improper record
+ length checking in DTLS
+
* Fri Apr 20 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0i-1
- new upstream release fixing CVE-2012-2110 - memory corruption
when loading asn1 from BIO
diff --git a/sources b/sources
index 49b904a..4a4e3bd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-e6281b9c8afea0b55ae73b92238f1d22 openssl-1.0.0i-usa.tar.xz
+f6eff5c8ba4db07d702163ba2f37757c openssl-1.0.0j-usa.tar.xz
More information about the scm-commits
mailing list