[openssl/f17] new upstream release fixing CVE-2012-0884 - Bleichenbacher attack
Tomáš Mráz
tmraz at fedoraproject.org
Fri Mar 23 17:37:52 UTC 2012
commit 9ade2aa2dfb3de6cb307efddcf15cc9c0e7ecb21
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Mar 23 18:34:20 2012 +0100
new upstream release fixing CVE-2012-0884 - Bleichenbacher attack
against PKCS#7 and CMS (#802725) and CVE-2012-1165 mime_param_cmp
NULL dereference (#802489)
.gitignore | 1 +
openssl-0.9.8j-bad-mime.patch | 14 --------
openssl-1.0.0a-load-certs.patch | 23 --------------
openssl-1.0.0e-pkgconfig-private.patch | 33 --------------------
...g-version.patch => openssl-1.0.0h-version.patch | 15 ++++-----
openssl.spec | 17 +++++-----
sources | 2 +-
7 files changed, 17 insertions(+), 88 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d0e8a97..12d27b8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0e-usa.tar.bz2
/openssl-1.0.0f-usa.tar.bz2
/openssl-1.0.0g-usa.tar.xz
+/openssl-1.0.0h-usa.tar.xz
diff --git a/openssl-1.0.0g-version.patch b/openssl-1.0.0h-version.patch
similarity index 50%
rename from openssl-1.0.0g-version.patch
rename to openssl-1.0.0h-version.patch
index 55aa0c0..6dbfb1d 100644
--- a/openssl-1.0.0g-version.patch
+++ b/openssl-1.0.0h-version.patch
@@ -1,17 +1,16 @@
-diff -up openssl-1.0.0g/crypto/opensslv.h.version openssl-1.0.0g/crypto/opensslv.h
---- openssl-1.0.0g/crypto/opensslv.h.version 2012-01-19 14:50:50.094028047 +0100
-+++ openssl-1.0.0g/crypto/opensslv.h 2012-01-19 14:51:48.655529671 +0100
-@@ -25,7 +25,8 @@
+diff -up openssl-1.0.0h/crypto/opensslv.h.version openssl-1.0.0h/crypto/opensslv.h
+--- openssl-1.0.0h/crypto/opensslv.h.version 2012-03-23 18:28:55.204891622 +0100
++++ openssl-1.0.0h/crypto/opensslv.h 2012-03-23 18:29:24.233500886 +0100
+@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
--#define OPENSSL_VERSION_NUMBER 0x1000007fL
-+/* we have to keep the version number to not break the abi */
+-#define OPENSSL_VERSION_NUMBER 0x1000008fL
+#define OPENSSL_VERSION_NUMBER 0x10000003
#ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0g-fips 18 Jan 2012"
+ #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0h-fips 12 Mar 2012"
#else
-@@ -83,7 +84,7 @@
+@@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
diff --git a/openssl.spec b/openssl.spec
index 35a20b2..81215eb 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -20,8 +20,8 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.0g
-Release: 4%{?dist}
+Version: 1.0.0h
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -44,9 +44,7 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch
# Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch
-Patch24: openssl-0.9.8j-bad-mime.patch
Patch25: openssl-1.0.0a-manfix.patch
-Patch26: openssl-1.0.0a-load-certs.patch
# Functionality changes
Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch
@@ -62,7 +60,7 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
-Patch51: openssl-1.0.0g-version.patch
+Patch51: openssl-1.0.0h-version.patch
Patch52: openssl-1.0.0b-aesni.patch
Patch53: openssl-1.0.0-name-hash.patch
Patch54: openssl-1.0.0c-speed-fips.patch
@@ -78,7 +76,6 @@ Patch63: openssl-1.0.0d-xmpp-starttls.patch
Patch64: openssl-1.0.0d-intelopts.patch
Patch65: openssl-1.0.0e-chil-fixes.patch
Patch66: openssl-1.0.0-sha2test.patch
-Patch67: openssl-1.0.0e-pkgconfig-private.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.0d-padlock64.patch
@@ -144,9 +141,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch7 -p1 -b .timezone
%patch23 -p1 -b .default-paths
-%patch24 -p1 -b .bad-mime
%patch25 -p1 -b .manfix
-%patch26 -p1 -b .load-certs
%patch32 -p1 -b .ia64
%patch33 -p1 -b .ca-dir
@@ -178,7 +173,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch64 -p1 -b .intelopts
%patch65 -p1 -b .chil
%patch66 -p1 -b .sha2test
-%patch67 -p1 -b .private
%patch81 -p1 -b .padlock64
@@ -430,6 +424,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0h-1
+- new upstream release fixing CVE-2012-0884 - Bleichenbacher attack
+ against PKCS#7 and CMS (#802725) and CVE-2012-1165 mime_param_cmp
+ NULL dereference (#802489)
+
* Wed Feb 29 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0g-4
- fixup requires to properly require the Epoch 1
diff --git a/sources b/sources
index 45e0449..4da4ff2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-9d7281bdc7ec0845c240eb6c0adc8dc3 openssl-1.0.0g-usa.tar.xz
+909886cae52acc459225ff056f0bec1f openssl-1.0.0h-usa.tar.xz
More information about the scm-commits
mailing list