21 |
Summary: The OpenSSL toolkit |
Summary: The OpenSSL toolkit |
22 |
Name: openssl |
Name: openssl |
23 |
Version: 0.9.8e |
Version: 0.9.8e |
24 |
Release: 27.1%{?dist} |
Release: 33.1%{?dist} |
25 |
# The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball |
# The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball |
26 |
Source: openssl-fips-%{version}-usa.tar.bz2 |
Source: openssl-fips-%{version}-usa.tar.bz2 |
27 |
Source1: hobble-openssl |
Source1: hobble-openssl |
94 |
Patch105: openssl-fips-0.9.8e-secure-getenv.patch |
Patch105: openssl-fips-0.9.8e-secure-getenv.patch |
95 |
Patch106: openssl-fips-0.9.8e-cve-2013-0166.patch |
Patch106: openssl-fips-0.9.8e-cve-2013-0166.patch |
96 |
Patch107: openssl-fips-0.9.8e-cve-2013-0169.patch |
Patch107: openssl-fips-0.9.8e-cve-2013-0169.patch |
97 |
|
Patch108: openssl-fips-0.9.8e-cve-2014-0224.patch |
98 |
|
Patch109: openssl-fips-0.9.8e-cve-2014-0221.patch |
99 |
|
Patch110: openssl-fips-0.9.8e-cve-2014-3505.patch |
100 |
|
Patch111: openssl-fips-0.9.8e-cve-2014-3506.patch |
101 |
|
Patch112: openssl-fips-0.9.8e-cve-2014-3508.patch |
102 |
|
Patch113: openssl-fips-0.9.8e-cve-2014-3510.patch |
103 |
|
Patch114: openssl-fips-0.9.8e-fallback-scsv.patch |
104 |
|
Patch115: openssl-fips-0.9.8e-x509-store-lock.patch |
105 |
|
# This patch includes the CVE-2015-0286 fix |
106 |
|
Patch116: openssl-fips-0.9.8e-cve-2014-8275.patch |
107 |
|
Patch117: openssl-fips-0.9.8e-cve-2015-0204.patch |
108 |
|
Patch118: openssl-fips-0.9.8e-cve-2015-0287.patch |
109 |
|
Patch119: openssl-fips-0.9.8e-cve-2015-0288.patch |
110 |
|
Patch120: openssl-fips-0.9.8e-cve-2015-0289.patch |
111 |
|
Patch121: openssl-fips-0.9.8e-cve-2015-0292.patch |
112 |
|
Patch122: openssl-fips-0.9.8e-cve-2015-0293.patch |
113 |
|
|
114 |
License: BSDish |
License: BSDish |
115 |
Group: System Environment/Libraries |
Group: System Environment/Libraries |
211 |
%patch105 -p1 -b .secure-getenv |
%patch105 -p1 -b .secure-getenv |
212 |
%patch106 -p1 -b .ocsp-dos |
%patch106 -p1 -b .ocsp-dos |
213 |
%patch107 -p1 -b .lucky13 |
%patch107 -p1 -b .lucky13 |
214 |
|
%patch108 -p1 -b .keying-mitm |
215 |
|
%patch109 -p1 -b .dtls-recursion |
216 |
|
%patch110 -p1 -b .dtls-doublefree |
217 |
|
%patch111 -p1 -b .dtls-sizechecks |
218 |
|
%patch112 -p1 -b .oid-handling |
219 |
|
%patch113 -p1 -b .adh-dos |
220 |
|
%patch114 -p1 -b .fallback-scsv |
221 |
|
%patch115 -p1 -b .lock |
222 |
|
%patch116 -p1 -b .cert-fingerprint |
223 |
|
%patch117 -p1 -b .rsa-ephemeral |
224 |
|
%patch118 -p1 -b .item-reuse |
225 |
|
%patch119 -p1 -b .req-null-deref |
226 |
|
%patch120 -p1 -b .pkcs7-null-deref |
227 |
|
%patch121 -p1 -b .b64-underflow |
228 |
|
%patch122 -p1 -b .ssl2-assert |
229 |
|
|
230 |
# Modify the various perl scripts to reference perl in the right location. |
# Modify the various perl scripts to reference perl in the right location. |
231 |
perl util/perlpath.pl `dirname %{__perl}` |
perl util/perlpath.pl `dirname %{__perl}` |
479 |
%postun -p /sbin/ldconfig |
%postun -p /sbin/ldconfig |
480 |
|
|
481 |
%changelog |
%changelog |
482 |
* Mon Feb 17 2014 Ian Wells <esmith@wellsi.com> 0.9.8e-27.1.el5.sme |
* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-33.1.sme |
483 |
- update with ca-bundle.crt from SME 9 [SME: 8208] |
- update with ca-bundle.crt from SME 9 [SME: 8909] |
484 |
|
|
485 |
* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.1 |
* Thu Apr 2 2015 Tomas Mraz <tmraz@redhat.com> 0.9.8e-33 |
486 |
|
- fix CVE-2014-8275 (without introduction of CVE-2015-0286) - various |
487 |
|
certificate fingerprint issues |
488 |
|
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export |
489 |
|
ciphersuites and on server |
490 |
|
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption |
491 |
|
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference |
492 |
|
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data |
493 |
|
- fix CVE-2015-0292 - integer underflow in base64 decoder |
494 |
|
- fix CVE-2015-0293 - triggerable assert in SSLv2 server |
495 |
|
|
496 |
|
* Wed Dec 17 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-32 |
497 |
|
- properly lock X509_STORE accesses (#1168938) |
498 |
|
|
499 |
|
* Wed Oct 15 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-31 |
500 |
|
- add support for fallback SCSV to partially mitigate CVE-2014-3566 |
501 |
|
(padding attack on SSL3) |
502 |
|
|
503 |
|
* Fri Aug 8 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-30 |
504 |
|
- fix CVE-2014-0221 - recursion in DTLS code leading to DoS |
505 |
|
- fix CVE-2014-3505 - doublefree in DTLS packet processing |
506 |
|
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS |
507 |
|
- fix CVE-2014-3508 - fix OID handling to avoid information leak |
508 |
|
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS |
509 |
|
|
510 |
|
* Mon Jun 2 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-29 |
511 |
|
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability |
512 |
|
|
513 |
|
* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-28 |
514 |
- replace expired GlobalSign Root CA certificate in ca-bundle.crt |
- replace expired GlobalSign Root CA certificate in ca-bundle.crt |
515 |
|
|
516 |
* Mon Feb 25 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27 |
* Mon Feb 25 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27 |