up to 1.0.2n [7 Dec 2017]; CVE-2017-3737; CVE-2017-3738 auto/th/openssl-1.0.2n-1
authorElan Ruusamäe <glen@pld-linux.org>
Sat, 9 Dec 2017 11:40:29 +0000 (13:40 +0200)
committerElan Ruusamäe <glen@pld-linux.org>
Sat, 9 Dec 2017 11:55:00 +0000 (13:55 +0200)
- Read/write after SSL object in error state (CVE-2017-3737)
- rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

https://www.openssl.org/news/openssl-1.0.2-notes.html

openssl-find.patch
openssl.spec

index 8ca7a55..30f6d8b 100644 (file)
@@ -59,3 +59,14 @@ index 0000000..8e1b42c
 +
 +1;
 
+--- openssl-1.0.2m/util/perlpath.pl~   2017-10-26 23:34:32.000000000 +0300
++++ openssl-1.0.2m/util/perlpath.pl    2017-11-01 13:08:24.963877348 +0200
+@@ -4,7 +4,7 @@
+ # line in all scripts that rely on perl.
+ #
+-require "find.pl";
++require "./find.pl";
+ $#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+ &find(".");
index dcaba4e..8e88d61 100644 (file)
@@ -24,13 +24,13 @@ Name:               openssl
 # 1.0.2 will be LTS release
 # Version 1.0.2 will be supported until 2019-12-31.
 # https://www.openssl.org/about/releasestrat.html
-Version:       1.0.2m
+Version:       1.0.2n
 Release:       1
 License:       Apache-like
 Group:         Libraries
 %if %{without snap}
 Source0:       https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 10e9e37f492094b9ef296f68f24a7666
+# Source0-md5: 13bdc1b1d1ff39b6fd42a255e74676a4
 %else
 Source1:       https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
 # Source1-md5: 6b846f8a4f55f5ddfa1e0d335241840a
@@ -286,7 +286,7 @@ sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
 %build
 touch Makefile.*
 
-PERL5LIB=$(pwd) %{__perl} util/perlpath.pl %{__perl}
+%{__perl} util/perlpath.pl %{__perl}
 
 OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
 PERL="%{__perl}" \
This page took 0.74638 seconds and 4 git commands to generate.