[packages/openssl/openssl-1.0.1] up to 1.0.1n. fixes for CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791

glen glen at pld-linux.org
Thu Jun 11 17:22:02 CEST 2015 

commit 07f2984c5a67fd88ae39af119d8bd993c5af8404
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Thu Jun 11 18:19:29 2015 +0300

    up to 1.0.1n. fixes for CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791

 openssl-optflags.patch | 14 +++++++-------
 openssl.spec           |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)
---
diff --git a/openssl.spec b/openssl.spec
index d7b16b9..5937efc 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -19,12 +19,12 @@ Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocol
 Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
 Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
 Name:		openssl
-Version:	1.0.1m
+Version:	1.0.1n
 Release:	1
 License:	Apache-like
 Group:		Libraries
 Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5:	d143d1555d842a069cb7cc34ba745a06
+# Source0-md5:	139568bd5a56fa49b72a290d37113f30
 Source2:	%{name}.1.pl
 Source3:	%{name}-ssl-certificate.sh
 Source4:	%{name}-c_rehash.sh
diff --git a/openssl-optflags.patch b/openssl-optflags.patch
index 44717de..05af6f0 100644
--- a/openssl-optflags.patch
+++ b/openssl-optflags.patch
@@ -3,8 +3,8 @@ built on a i686/ev6/sparcv9 to not run on a i386/ev5/sparcv7 and so on.
 
 ...add $ENV{OPTFLAGS} instead
 
---- openssl-1.0.1c/Configure.orig	2013-01-14 19:37:10.656534171 +0100
-+++ openssl-1.0.1c/Configure	2013-01-14 20:07:02.553163489 +0100
+--- openssl-1.0.1n/Configure~	2015-06-11 18:13:10.000000000 +0300
++++ openssl-1.0.1n/Configure	2015-06-11 18:15:47.414930200 +0300
 @@ -165,8 +165,8 @@
  #"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
  
@@ -76,7 +76,7 @@ built on a i686/ev6/sparcv9 to not run on a i386/ev5/sparcv7 and so on.
  #### So called "highgprs" target for z/Architecture CPUs
  # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
  # /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -373,16 +373,16 @@
+@@ -375,16 +375,16 @@
  # ldconfig and run-time linker to autodiscover. Unfortunately it
  # doesn't work just yet, because of couple of bugs in glibc
  # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
@@ -85,15 +85,15 @@ built on a i686/ev6/sparcv9 to not run on a i386/ev5/sparcv7 and so on.
  #### SPARC Linux setups
  # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
  # assisted with debugging of following two configs.
--"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -fomit-frame-pointer $ENV{OPTFLAGS} -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN $ENV{OPTFLAGS} -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  # it's a real mess with -mcpu=ultrasparc option under Linux, but
  # -Wa,-Av8plus should do the trick no matter what.
 -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -fomit-frame-pointer $ENV{OPTFLAGS} -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN $ENV{OPTFLAGS} -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  # GCC 3.1 is a requirement
 -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -fomit-frame-pointer $ENV{OPTFLAGS} -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN $ENV{OPTFLAGS} -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
  #### Alpha Linux with GNU C and Compaq C setups
  # Special notes:
  # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssl.git/commitdiff/07f2984c5a67fd88ae39af119d8bd993c5af8404

More information about the pld-cvs-commit mailing list