21 |
Summary: The OpenSSL toolkit |
Summary: The OpenSSL toolkit |
22 |
Name: openssl |
Name: openssl |
23 |
Version: 0.9.8e |
Version: 0.9.8e |
24 |
Release: 27.1%{?dist} |
Release: 27%{?dist}.4 |
25 |
# The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball |
# The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball |
26 |
Source: openssl-fips-%{version}-usa.tar.bz2 |
Source: openssl-fips-%{version}-usa.tar.bz2 |
27 |
Source1: hobble-openssl |
Source1: hobble-openssl |
94 |
Patch105: openssl-fips-0.9.8e-secure-getenv.patch |
Patch105: openssl-fips-0.9.8e-secure-getenv.patch |
95 |
Patch106: openssl-fips-0.9.8e-cve-2013-0166.patch |
Patch106: openssl-fips-0.9.8e-cve-2013-0166.patch |
96 |
Patch107: openssl-fips-0.9.8e-cve-2013-0169.patch |
Patch107: openssl-fips-0.9.8e-cve-2013-0169.patch |
97 |
|
Patch108: openssl-fips-0.9.8e-cve-2014-0224.patch |
98 |
|
Patch109: openssl-fips-0.9.8e-cve-2014-0221.patch |
99 |
|
Patch110: openssl-fips-0.9.8e-cve-2014-3505.patch |
100 |
|
Patch111: openssl-fips-0.9.8e-cve-2014-3506.patch |
101 |
|
Patch112: openssl-fips-0.9.8e-cve-2014-3508.patch |
102 |
|
Patch113: openssl-fips-0.9.8e-cve-2014-3510.patch |
103 |
|
|
104 |
License: BSDish |
License: BSDish |
105 |
Group: System Environment/Libraries |
Group: System Environment/Libraries |
201 |
%patch105 -p1 -b .secure-getenv |
%patch105 -p1 -b .secure-getenv |
202 |
%patch106 -p1 -b .ocsp-dos |
%patch106 -p1 -b .ocsp-dos |
203 |
%patch107 -p1 -b .lucky13 |
%patch107 -p1 -b .lucky13 |
204 |
|
%patch108 -p1 -b .keying-mitm |
205 |
|
%patch109 -p1 -b .dtls-recursion |
206 |
|
%patch110 -p1 -b .dtls-doublefree |
207 |
|
%patch111 -p1 -b .dtls-sizechecks |
208 |
|
%patch112 -p1 -b .oid-handling |
209 |
|
%patch113 -p1 -b .adh-dos |
210 |
|
|
211 |
# Modify the various perl scripts to reference perl in the right location. |
# Modify the various perl scripts to reference perl in the right location. |
212 |
perl util/perlpath.pl `dirname %{__perl}` |
perl util/perlpath.pl `dirname %{__perl}` |
460 |
%postun -p /sbin/ldconfig |
%postun -p /sbin/ldconfig |
461 |
|
|
462 |
%changelog |
%changelog |
463 |
* Mon Feb 17 2014 Ian Wells <esmith@wellsi.com> 0.9.8e-27.1.el5.sme |
* Fri Aug 8 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.4 |
464 |
- update with ca-bundle.crt from SME 9 [SME: 8208] |
- fix CVE-2014-0221 - recursion in DTLS code leading to DoS |
465 |
|
- fix CVE-2014-3505 - doublefree in DTLS packet processing |
466 |
|
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS |
467 |
|
- fix CVE-2014-3508 - fix OID handling to avoid information leak |
468 |
|
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS |
469 |
|
|
470 |
|
* Tue Jun 3 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.3 |
471 |
|
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability |
472 |
|
|
473 |
* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.1 |
* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.1 |
474 |
- replace expired GlobalSign Root CA certificate in ca-bundle.crt |
- replace expired GlobalSign Root CA certificate in ca-bundle.crt |