OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes

- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SWEET32 Mitigation (CVE-2016-2183)
- OOB write in MDC2_Update() (CVE-2016-6303)
- Malformed SHA512 ticket DoS (CVE-2016-6302)
- OOB write in BN_bn2dec() (CVE-2016-2182)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
- Pointer arithmetic undefined behaviour (CVE-2016-2177)
- Constant time flag not preserved in DSA signing (CVE-2016-2178)
- DTLS buffered message DoS (CVE-2016-2179)
- DTLS replay protection DoS (CVE-2016-2181)
- Certificate message OOB reads (CVE-2016-6306)

https://www.openssl.org/news/openssl-1.0.2-notes.html

diff --git a/openssl.spec b/openssl.spec
index 23ccce135194e2c5398e82aa409480251c103833..0d140d67e40503335dfc77816ba9368d944ea161 100644 (file)
--- a/openssl.spec
+++ b/openssl.spec
@@ -30,7 +30,7 @@ License:      Apache-like
 Group:         Libraries
 %if %{without snap}
 Source0:       https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 9392e65072ce4b614c1392eefc1f23d0
+# Source0-md5: 678374e63f8df456a697d3e5e5a931fb
 %else
 Source1:       https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
 %endif