up to OpenSSL 1.0.2h [3 May 2016] auto/ac/openssl-1.0.2h-1 auto/th/openssl-1.0.2h-1
authorElan Ruusamäe <glen@delfi.ee>
Tue, 3 May 2016 17:11:33 +0000 (20:11 +0300)
committerElan Ruusamäe <glen@delfi.ee>
Tue, 3 May 2016 17:12:25 +0000 (20:12 +0300)
- Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
- Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
- Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- EBCDIC overread (CVE-2016-2176)
- Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
- Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
- Only remove the SSLv2 methods with the no-ssl2-method option.

Merge branch 'dev-1.0.2h'

1  2 
openssl.spec

diff --cc openssl.spec
index 2103af145001567d98ac0d77b5206d9c7ba7837f,2b25f08be0b380e2500c32b64e3112ef9205e39a..e85f944d39ee8ba879cdfce3f2ee0af71d8b549d
@@@ -24,13 -24,13 +24,13 @@@ Name:              openss
  # 1.0.2 will be LTS release
  # Version 1.0.2 will be supported until 2019-12-31.
  # https://www.openssl.org/about/releasestrat.html
- Version:      1.0.2g
- Release:      8
+ Version:      1.0.2h
 -Release:      0.1
++Release:      1
  License:      Apache-like
  Group:                Libraries
  %if %{without snap}
  Source0:      ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
--# Source0-md5:        f3c710c045cdee5fd114feb69feba7aa
++# Source0-md5:        9392e65072ce4b614c1392eefc1f23d0
  %else
  Source1:      https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
  %endif
This page took 0.075362 seconds and 4 git commands to generate.