From b073820eb57e97a68035c07e44999630ca9ea416 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Wed, 12 Oct 2005 12:01:16 +0000 Subject: [PATCH] - fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) --- openssl.spec | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/openssl.spec b/openssl.spec index ab13807..282fb6d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -8,7 +8,7 @@ %define soversion 5 # Number of threads to spawn when testing some threading fixes. -#%define thread_test_threads %{?threads:%{threads}}%{!?threads:100} +#%define thread_test_threads %{?threads:%{threads}}%{!?threads:1} # Arches on which we need to prevent arch conflicts on opensslconf.h, must # also be handled in opensslconf-new.h. @@ -22,7 +22,7 @@ Summary: The OpenSSL toolkit. Name: openssl Version: 0.9.7f -Release: 9 +Release: 10 Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -55,6 +55,7 @@ Patch47: openssl-0.9.7f-can-2005-0109.patch Patch48: openssl-0.9.7f-dsa-consttime.patch Patch49: openssl-0.9.7f-bn-ppc-div.patch Patch50: openssl-0.9.7f-apps-initialize.patch +Patch51: openssl-0.9.7a-can-2005-2969.patch License: BSDish Group: System Environment/Libraries @@ -140,6 +141,8 @@ popd %patch48 -p1 -b .dsa-consttime %patch49 -p1 -b .ppc-div %patch50 -p1 -b .apps-initialize +# CAN-2005-2969 +%patch51 -p0 -b .ssl2-rollback # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -407,6 +410,12 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion} %postun -p /sbin/ldconfig %changelog +* Wed Oct 12 2005 Tomas Mraz 0.9.7f-10 +- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which + disables the countermeasure against man in the middle attack in SSLv2 + (#169863) +- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) + * Tue Aug 23 2005 Tomas Mraz 0.9.7f-9 - add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595)