From 3447c41c99a9a9fcbcccf8aecf8d073df1707968 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 7 Sep 2011 18:27:06 +0200 Subject: [PATCH] new upstream release fixing CVE-2011-3207 (#736088) --- .gitignore | 1 + ....0d-version.patch => openssl-1.0.0e-version.patch | 12 ++++++------ openssl.spec | 9 ++++++--- sources | 2 +- 4 files changed, 14 insertions(+), 10 deletions(-) rename openssl-1.0.0d-version.patch => openssl-1.0.0e-version.patch (57%) diff --git a/.gitignore b/.gitignore index d8c4d6d..bc03fd0 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.0b-usa.tar.bz2 /openssl-1.0.0c-usa.tar.bz2 /openssl-1.0.0d-usa.tar.bz2 +/openssl-1.0.0e-usa.tar.bz2 diff --git a/openssl-1.0.0d-version.patch b/openssl-1.0.0e-version.patch similarity index 57% rename from openssl-1.0.0d-version.patch rename to openssl-1.0.0e-version.patch index da50fb4..0a45f74 100644 --- a/openssl-1.0.0d-version.patch +++ b/openssl-1.0.0e-version.patch @@ -1,22 +1,22 @@ -diff -up openssl-1.0.0d/crypto/opensslv.h.version openssl-1.0.0d/crypto/opensslv.h ---- openssl-1.0.0d/crypto/opensslv.h.version 2011-02-10 14:24:52.000000000 +0100 -+++ openssl-1.0.0d/crypto/opensslv.h 2011-02-10 14:48:00.000000000 +0100 +diff -up openssl-1.0.0e/crypto/opensslv.h.version openssl-1.0.0e/crypto/opensslv.h +--- openssl-1.0.0e/crypto/opensslv.h.version 2011-09-07 13:55:52.000000000 +0200 ++++ openssl-1.0.0e/crypto/opensslv.h 2011-09-07 13:59:28.000000000 +0200 @@ -25,7 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ --#define OPENSSL_VERSION_NUMBER 0x1000004fL +-#define OPENSSL_VERSION_NUMBER 0x1000005fL +/* we have to keep the version number to not break the abi */ +#define OPENSSL_VERSION_NUMBER 0x10000003 #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d-fips 8 Feb 2011" + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" #else @@ -83,7 +84,7 @@ * should only keep the versions that are binary compatible with the current. */ #define SHLIB_VERSION_HISTORY "" -#define SHLIB_VERSION_NUMBER "1.0.0" -+#define SHLIB_VERSION_NUMBER "1.0.0d" ++#define SHLIB_VERSION_NUMBER "1.0.0e" #endif /* HEADER_OPENSSLV_H */ diff --git a/openssl.spec b/openssl.spec index e7eea60..8af4610 100644 --- a/openssl.spec +++ b/openssl.spec @@ -20,8 +20,8 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.0d -Release: 8%{?dist} +Version: 1.0.0e +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -61,7 +61,7 @@ Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0d-version.patch +Patch51: openssl-1.0.0e-version.patch Patch52: openssl-1.0.0b-aesni.patch Patch53: openssl-1.0.0-name-hash.patch Patch54: openssl-1.0.0c-speed-fips.patch @@ -422,6 +422,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Wed Sep 7 2011 Tomas Mraz 1.0.0e-1 +- new upstream release fixing CVE-2011-3207 (#736088) + * Wed Aug 24 2011 Tomas Mraz 1.0.0d-8 - drop the separate engine for Intel acceleration improvements and merge in the AES-NI, SHA1, and RC4 optimizations diff --git a/sources b/sources index 302a734..0190e0c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -531c1627ff9701cb8540ee3bd03de5d7 openssl-1.0.0d-usa.tar.bz2 +fb4e9d817dd5e4ca4ea50f3360e007f3 openssl-1.0.0e-usa.tar.bz2