- new upstream patch release, fixes CVE-2010-0742 (#598738) and
CVE-2010-1633 (#598732)
This commit is contained in:
parent
6adf85458c
commit
1b4b1eaf63
@ -1 +1 @@
|
|||||||
openssl-1.0.0-usa.tar.bz2
|
openssl-1.0.0a-usa.tar.bz2
|
||||||
|
@ -1,53 +0,0 @@
|
|||||||
diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
|
|
||||||
--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100
|
|
||||||
+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200
|
|
||||||
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
|
|
||||||
timeleft->tv_usec += 1000000;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* If remaining time is less than 15 ms, set it to 0
|
|
||||||
+ * to prevent issues because of small devergences with
|
|
||||||
+ * socket timeouts.
|
|
||||||
+ */
|
|
||||||
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
|
|
||||||
+ {
|
|
||||||
+ memset(timeleft, 0, sizeof(struct timeval));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+
|
|
||||||
return timeleft;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
|
|
||||||
--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200
|
|
||||||
+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200
|
|
||||||
@@ -667,14 +667,14 @@ again:
|
|
||||||
if (rr->length == 0) goto again;
|
|
||||||
|
|
||||||
/* If this record is from the next epoch (either HM or ALERT),
|
|
||||||
- * buffer it since it cannot be processed at this time. Records
|
|
||||||
- * from the next epoch are marked as received even though they
|
|
||||||
- * are not processed, so as to prevent any potential resource
|
|
||||||
- * DoS attack */
|
|
||||||
+ * and a handshake is currently in progress, buffer it since it
|
|
||||||
+ * cannot be processed at this time. */
|
|
||||||
if (is_next_epoch)
|
|
||||||
{
|
|
||||||
- dtls1_record_bitmap_update(s, bitmap);
|
|
||||||
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
|
|
||||||
+ if (SSL_in_init(s) || s->in_handshake)
|
|
||||||
+ {
|
|
||||||
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
|
|
||||||
+ }
|
|
||||||
rr->length = 0;
|
|
||||||
s->packet_length = 0;
|
|
||||||
goto again;
|
|
||||||
@@ -809,7 +809,7 @@ start:
|
|
||||||
* buffer the application data for later processing rather
|
|
||||||
* than dropping the connection.
|
|
||||||
*/
|
|
||||||
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
|
|
||||||
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
|
|
||||||
rr->length = 0;
|
|
||||||
goto start;
|
|
||||||
}
|
|
@ -1,79 +0,0 @@
|
|||||||
diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod
|
|
||||||
--- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100
|
|
||||||
+++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200
|
|
||||||
@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
|
|
||||||
-SSL_library_init() registers the available ciphers and digests.
|
|
||||||
+SSL_library_init() registers the available SSL/TLS ciphers and digests.
|
|
||||||
|
|
||||||
OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
|
|
||||||
for SSL_library_init().
|
|
||||||
@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant.
|
|
||||||
|
|
||||||
=head1 WARNING
|
|
||||||
|
|
||||||
-SSL_library_init() only registers ciphers. Another important initialization
|
|
||||||
-is the seeding of the PRNG (Pseudo Random Number Generator), which has to
|
|
||||||
-be performed separately.
|
|
||||||
+SSL_library_init() adds ciphers and digests used directly and indirectly by
|
|
||||||
+SSL/TLS.
|
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
A typical TLS/SSL application will start with the library initialization,
|
|
||||||
-will provide readable error messages and will seed the PRNG.
|
|
||||||
+and provide readable error messages.
|
|
||||||
|
|
||||||
SSL_load_error_strings(); /* readable error messages */
|
|
||||||
SSL_library_init(); /* initialize library */
|
|
||||||
- actions_to_seed_PRNG();
|
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
|
||||||
|
|
||||||
SSL_library_init() always returns "1", so it is safe to discard the return
|
|
||||||
value.
|
|
||||||
|
|
||||||
+=head1 NOTES
|
|
||||||
+
|
|
||||||
+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
|
|
||||||
+Applications which need to use SHA2 in earlier versions of OpenSSL should call
|
|
||||||
+OpenSSL_add_all_algorithms() as well.
|
|
||||||
+
|
|
||||||
=head1 SEE ALSO
|
|
||||||
|
|
||||||
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
|
|
||||||
diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c
|
|
||||||
--- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200
|
|
||||||
+++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200
|
|
||||||
@@ -111,6 +111,14 @@ int SSL_library_init(void)
|
|
||||||
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
|
||||||
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
|
||||||
#endif
|
|
||||||
+#ifndef OPENSSL_NO_SHA256
|
|
||||||
+ EVP_add_digest(EVP_sha224());
|
|
||||||
+ EVP_add_digest(EVP_sha256());
|
|
||||||
+#endif
|
|
||||||
+#ifndef OPENSSL_NO_SHA512
|
|
||||||
+ EVP_add_digest(EVP_sha384());
|
|
||||||
+ EVP_add_digest(EVP_sha512());
|
|
||||||
+#endif
|
|
||||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
|
|
||||||
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
|
|
||||||
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
|
||||||
@@ -148,6 +156,14 @@ int SSL_library_init(void)
|
|
||||||
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
|
||||||
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
|
||||||
#endif
|
|
||||||
+#ifndef OPENSSL_NO_SHA256
|
|
||||||
+ EVP_add_digest(EVP_sha224());
|
|
||||||
+ EVP_add_digest(EVP_sha256());
|
|
||||||
+#endif
|
|
||||||
+#ifndef OPENSSL_NO_SHA512
|
|
||||||
+ EVP_add_digest(EVP_sha384());
|
|
||||||
+ EVP_add_digest(EVP_sha512());
|
|
||||||
+#endif
|
|
||||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
|
|
||||||
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
|
|
||||||
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h
|
|
||||||
--- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200
|
|
||||||
+++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200
|
|
||||||
@@ -25,7 +25,8 @@
|
|
||||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
|
||||||
* major minor fix final patch/beta)
|
|
||||||
*/
|
|
||||||
-#define OPENSSL_VERSION_NUMBER 0x1000000fL
|
|
||||||
+/* we have to keep the version number to not break the abi */
|
|
||||||
+#define OPENSSL_VERSION_NUMBER 0x10000003L
|
|
||||||
#ifdef OPENSSL_FIPS
|
|
||||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010"
|
|
||||||
#else
|
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c
|
diff -up openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode openssl-1.0.0a/crypto/engine/eng_all.c
|
||||||
--- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
|
--- openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
|
||||||
+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200
|
+++ openssl-1.0.0a/crypto/engine/eng_all.c 2010-06-04 13:32:13.000000000 +0200
|
||||||
@@ -58,9 +58,23 @@
|
@@ -58,9 +58,23 @@
|
||||||
|
|
||||||
#include "cryptlib.h"
|
#include "cryptlib.h"
|
||||||
@ -25,9 +25,9 @@ diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta
|
|||||||
#if 0
|
#if 0
|
||||||
/* There's no longer any need for an "openssl" ENGINE unless, one day,
|
/* There's no longer any need for an "openssl" ENGINE unless, one day,
|
||||||
* it is the *only* way for standard builtin implementations to be be
|
* it is the *only* way for standard builtin implementations to be be
|
||||||
diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c
|
diff -up openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode openssl-1.0.0a/crypto/evp/c_allc.c
|
||||||
--- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200
|
--- openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode 2009-12-25 15:12:24.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200
|
+++ openssl-1.0.0a/crypto/evp/c_allc.c 2010-06-04 13:32:13.000000000 +0200
|
||||||
@@ -65,6 +65,11 @@
|
@@ -65,6 +65,11 @@
|
||||||
void OpenSSL_add_all_ciphers(void)
|
void OpenSSL_add_all_ciphers(void)
|
||||||
{
|
{
|
||||||
@ -40,7 +40,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr
|
|||||||
#ifndef OPENSSL_NO_DES
|
#ifndef OPENSSL_NO_DES
|
||||||
EVP_add_cipher(EVP_des_cfb());
|
EVP_add_cipher(EVP_des_cfb());
|
||||||
EVP_add_cipher(EVP_des_cfb1());
|
EVP_add_cipher(EVP_des_cfb1());
|
||||||
@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void)
|
@@ -221,4 +226,61 @@ void OpenSSL_add_all_ciphers(void)
|
||||||
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
|
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
|
||||||
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
|
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
|
||||||
#endif
|
#endif
|
||||||
@ -102,9 +102,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr
|
|||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
}
|
}
|
||||||
diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c
|
diff -up openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode openssl-1.0.0a/crypto/evp/c_alld.c
|
||||||
--- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
|
--- openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
|
||||||
+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200
|
+++ openssl-1.0.0a/crypto/evp/c_alld.c 2010-06-04 13:32:13.000000000 +0200
|
||||||
@@ -64,6 +64,11 @@
|
@@ -64,6 +64,11 @@
|
||||||
|
|
||||||
void OpenSSL_add_all_digests(void)
|
void OpenSSL_add_all_digests(void)
|
||||||
@ -117,11 +117,10 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr
|
|||||||
#ifndef OPENSSL_NO_MD4
|
#ifndef OPENSSL_NO_MD4
|
||||||
EVP_add_digest(EVP_md4());
|
EVP_add_digest(EVP_md4());
|
||||||
#endif
|
#endif
|
||||||
@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void)
|
@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_WHIRLPOOL
|
#ifndef OPENSSL_NO_WHIRLPOOL
|
||||||
EVP_add_digest(EVP_whirlpool());
|
EVP_add_digest(EVP_whirlpool());
|
||||||
+#endif
|
#endif
|
||||||
+#ifdef OPENSSL_FIPS
|
+#ifdef OPENSSL_FIPS
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
@ -149,11 +148,11 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr
|
|||||||
+ EVP_add_digest(EVP_sha512());
|
+ EVP_add_digest(EVP_sha512());
|
||||||
+#endif
|
+#endif
|
||||||
+ }
|
+ }
|
||||||
#endif
|
+#endif
|
||||||
}
|
}
|
||||||
diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c
|
diff -up openssl-1.0.0a/crypto/o_init.c.fipsmode openssl-1.0.0a/crypto/o_init.c
|
||||||
--- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200
|
--- openssl-1.0.0a/crypto/o_init.c.fipsmode 2010-06-04 13:32:13.000000000 +0200
|
||||||
+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200
|
+++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 13:32:13.000000000 +0200
|
||||||
@@ -59,6 +59,43 @@
|
@@ -59,6 +59,43 @@
|
||||||
#include <e_os.h>
|
#include <e_os.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
@ -206,9 +205,9 @@ diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto
|
|||||||
done = 1;
|
done = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c
|
diff -up openssl-1.0.0a/ssl/ssl_algs.c.fipsmode openssl-1.0.0a/ssl/ssl_algs.c
|
||||||
--- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
|
--- openssl-1.0.0a/ssl/ssl_algs.c.fipsmode 2010-04-07 15:18:30.000000000 +0200
|
||||||
+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200
|
+++ openssl-1.0.0a/ssl/ssl_algs.c 2010-06-04 13:32:48.000000000 +0200
|
||||||
@@ -64,6 +64,12 @@
|
@@ -64,6 +64,12 @@
|
||||||
int SSL_library_init(void)
|
int SSL_library_init(void)
|
||||||
{
|
{
|
||||||
@ -222,7 +221,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl
|
|||||||
#ifndef OPENSSL_NO_DES
|
#ifndef OPENSSL_NO_DES
|
||||||
EVP_add_cipher(EVP_des_cbc());
|
EVP_add_cipher(EVP_des_cbc());
|
||||||
EVP_add_cipher(EVP_des_ede3_cbc());
|
EVP_add_cipher(EVP_des_ede3_cbc());
|
||||||
@@ -115,6 +121,40 @@ int SSL_library_init(void)
|
@@ -127,6 +133,48 @@ int SSL_library_init(void)
|
||||||
EVP_add_digest(EVP_sha());
|
EVP_add_digest(EVP_sha());
|
||||||
EVP_add_digest(EVP_dss());
|
EVP_add_digest(EVP_dss());
|
||||||
#endif
|
#endif
|
||||||
@ -249,6 +248,14 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl
|
|||||||
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
||||||
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
||||||
+#endif
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SHA256
|
||||||
|
+ EVP_add_digest(EVP_sha224());
|
||||||
|
+ EVP_add_digest(EVP_sha256());
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_SHA512
|
||||||
|
+ EVP_add_digest(EVP_sha384());
|
||||||
|
+ EVP_add_digest(EVP_sha512());
|
||||||
|
+#endif
|
||||||
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
|
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
|
||||||
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
|
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
|
||||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
13
openssl-1.0.0a-version.patch
Normal file
13
openssl-1.0.0a-version.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h
|
||||||
|
--- openssl-1.0.0a/crypto/opensslv.h.version 2010-06-04 13:28:52.000000000 +0200
|
||||||
|
+++ openssl-1.0.0a/crypto/opensslv.h 2010-06-04 13:29:42.000000000 +0200
|
||||||
|
@@ -25,7 +25,8 @@
|
||||||
|
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||||
|
* major minor fix final patch/beta)
|
||||||
|
*/
|
||||||
|
-#define OPENSSL_VERSION_NUMBER 0x1000001fL
|
||||||
|
+/* we have to keep the version number to not break the abi */
|
||||||
|
+#define OPENSSL_VERSION_NUMBER 0x10000003L
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010"
|
||||||
|
#else
|
18
openssl.spec
18
openssl.spec
@ -20,8 +20,8 @@
|
|||||||
|
|
||||||
Summary: A general purpose cryptography library with TLS implementation
|
Summary: A general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.0
|
Version: 1.0.0a
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
# We remove certain patented algorithms from the openssl source tarball
|
# We remove certain patented algorithms from the openssl source tarball
|
||||||
# with the hobble-openssl script which is included below.
|
# with the hobble-openssl script which is included below.
|
||||||
Source: openssl-%{version}-usa.tar.bz2
|
Source: openssl-%{version}-usa.tar.bz2
|
||||||
@ -50,20 +50,18 @@ Patch34: openssl-0.9.6-x509.patch
|
|||||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||||
Patch38: openssl-1.0.0-beta5-cipher-change.patch
|
Patch38: openssl-1.0.0-beta5-cipher-change.patch
|
||||||
Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
|
Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
|
||||||
Patch40: openssl-1.0.0-fips.patch
|
Patch40: openssl-1.0.0a-fips.patch
|
||||||
Patch41: openssl-1.0.0-beta3-fipscheck.patch
|
Patch41: openssl-1.0.0-beta3-fipscheck.patch
|
||||||
Patch43: openssl-1.0.0-beta3-fipsmode.patch
|
Patch43: openssl-1.0.0a-fipsmode.patch
|
||||||
Patch44: openssl-1.0.0-beta3-fipsrng.patch
|
Patch44: openssl-1.0.0-beta3-fipsrng.patch
|
||||||
Patch45: openssl-0.9.8j-env-nozlib.patch
|
Patch45: openssl-0.9.8j-env-nozlib.patch
|
||||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||||
Patch49: openssl-1.0.0-beta4-algo-doc.patch
|
Patch49: openssl-1.0.0-beta4-algo-doc.patch
|
||||||
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
|
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
|
||||||
Patch51: openssl-1.0.0-version.patch
|
Patch51: openssl-1.0.0a-version.patch
|
||||||
Patch52: openssl-1.0.0-beta4-aesni.patch
|
Patch52: openssl-1.0.0-beta4-aesni.patch
|
||||||
Patch53: openssl-1.0.0-name-hash.patch
|
Patch53: openssl-1.0.0-name-hash.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
Patch60: openssl-1.0.0-dtls1-backports.patch
|
|
||||||
Patch61: openssl-1.0.0-init-sha256.patch
|
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -145,8 +143,6 @@ from other formats to the formats used by the OpenSSL toolkit.
|
|||||||
%patch52 -p1 -b .aesni
|
%patch52 -p1 -b .aesni
|
||||||
%patch53 -p1 -b .name-hash
|
%patch53 -p1 -b .name-hash
|
||||||
|
|
||||||
%patch60 -p1 -b .dtls1
|
|
||||||
%patch61 -p1 -b .sha256
|
|
||||||
# Modify the various perl scripts to reference perl in the right location.
|
# Modify the various perl scripts to reference perl in the right location.
|
||||||
perl util/perlpath.pl `dirname %{__perl}`
|
perl util/perlpath.pl `dirname %{__perl}`
|
||||||
|
|
||||||
@ -395,6 +391,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 4 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-1
|
||||||
|
- new upstream patch release, fixes CVE-2010-0742 (#598738)
|
||||||
|
and CVE-2010-1633 (#598732)
|
||||||
|
|
||||||
* Wed May 19 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-5
|
* Wed May 19 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-5
|
||||||
- pkgconfig files now contain the correct libdir (#593723)
|
- pkgconfig files now contain the correct libdir (#593723)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user