rpms/openssl/devel openssl-0.9.8b-cve-2007-3108.patch, 1.1, 1.2 openssl.spec, 1.93, 1.94
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Fri Oct 12 12:16:04 UTC 2007
- Previous message (by thread): rpms/udev/F-7 0032-rules-Gentoo-update.patch, NONE, 1.1 0033-rules-call-usb_id-only-for-SUBSYSTEMS-usb.patch, NONE, 1.1 0034-rules-split-out-and-fix-persistent-tape-rules.patch, NONE, 1.1 0035-fix-debug-output-string.patch, NONE, 1.1 0036-rule_generator-always-match-netif-type-in-generated.patch, NONE, 1.1 0037-rules-Gentoo-update.patch, NONE, 1.1
- Next message (by thread): rpms/openssl/devel openssl-0.9.8b-cve-2007-4995.patch, NONE, 1.1 openssl-0.9.8b-cve-2007-5135.patch, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv630
Modified Files:
openssl-0.9.8b-cve-2007-3108.patch openssl.spec
Log Message:
* Fri Oct 12 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8b-16
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
- add alpha sub-archs (#296031)
openssl-0.9.8b-cve-2007-3108.patch:
Index: openssl-0.9.8b-cve-2007-3108.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl-0.9.8b-cve-2007-3108.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssl-0.9.8b-cve-2007-3108.patch 3 Aug 2007 12:16:54 -0000 1.1
+++ openssl-0.9.8b-cve-2007-3108.patch 12 Oct 2007 12:16:00 -0000 1.2
@@ -336,7 +336,7 @@
r->neg=a->neg^n->neg;
np=n->d;
-@@ -228,37 +228,56 @@ int BN_from_montgomery(BIGNUM *ret, cons
+@@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons
}
bn_correct_top(r);
@@ -413,10 +413,12 @@
-#endif
+ for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0;
++ bn_correct_top(r);
++ bn_correct_top(ret);
#else /* !MONT_WORD */
BIGNUM *t1,*t2;
-@@ -276,12 +295,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
+@@ -276,12 +297,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
if (!BN_add(t2,a,t1)) goto err;
if (!BN_rshift(ret,t2,mont->ri)) goto err;
Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- openssl.spec 21 Aug 2007 19:42:52 -0000 1.93
+++ openssl.spec 12 Oct 2007 12:16:00 -0000 1.94
@@ -66,6 +66,8 @@
Patch64: openssl-0.9.8b-test-use-localhost.patch
Patch65: openssl-0.9.8b-cve-2007-3108.patch
Patch66: openssl-0.9.7a-ssl-strict-matching.patch
+Patch67: openssl-0.9.8b-cve-2007-4995.patch
+Patch68: openssl-0.9.8b-cve-2007-5135.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -142,6 +144,8 @@
%patch64 -p1 -b .use-localhost
%patch65 -p1 -b .no-branch
%patch66 -p1 -b .strict-matching
+%patch67 -p1 -b .dtls-fixes
+%patch68 -p1 -b .shciphers
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -164,7 +168,7 @@
sslarch=linux-sparcv9
sslflags=no-asm
%endif
-%ifarch alpha
+%ifarch alpha alphaev56 alphaev6 alphaev67
sslarch=linux-alpha-gcc
%endif
%ifarch s390
@@ -382,6 +386,11 @@
%postun -p /sbin/ldconfig
%changelog
+* Fri Oct 12 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8b-16
+- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
+- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
+- add alpha sub-archs (#296031)
+
* Tue Aug 21 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8b-15
- rebuild
- Previous message (by thread): rpms/udev/F-7 0032-rules-Gentoo-update.patch, NONE, 1.1 0033-rules-call-usb_id-only-for-SUBSYSTEMS-usb.patch, NONE, 1.1 0034-rules-split-out-and-fix-persistent-tape-rules.patch, NONE, 1.1 0035-fix-debug-output-string.patch, NONE, 1.1 0036-rule_generator-always-match-netif-type-in-generated.patch, NONE, 1.1 0037-rules-Gentoo-update.patch, NONE, 1.1
- Next message (by thread): rpms/openssl/devel openssl-0.9.8b-cve-2007-4995.patch, NONE, 1.1 openssl-0.9.8b-cve-2007-5135.patch, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list