[packages/openssl102: 415/432] up to OpenSSL 1.0.2h [3 May 2016]

Sat Sep 29 01:36:26 CEST 2018

commit ab4f815e9a9889c92d9bba9a23a30b376819b070
Merge: 583fceb 3641afb
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Tue May 3 20:11:33 2016 +0300

    up to OpenSSL 1.0.2h [3 May 2016]
    
    - Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
    - Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
    - Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
    - Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
    - EBCDIC overread (CVE-2016-2176)
    - Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
    - Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
    - Only remove the SSLv2 methods with the no-ssl2-method option.
    
    Merge branch 'dev-1.0.2h'

 openssl.spec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --cc openssl.spec
index 2103af1,2b25f08..e85f944

--- a/openssl.spec
+++ b/openssl.spec
@@@ -24,13 -24,13 +24,13 @@@ Name:		openss
  # 1.0.2 will be LTS release
  # Version 1.0.2 will be supported until 2019-12-31.
  # https://www.openssl.org/about/releasestrat.html
- Version:	1.0.2g
- Release:	8
+ Version:	1.0.2h
 -Release:	0.1
++Release:	1
  License:	Apache-like
  Group:		Libraries
  %if %{without snap}
  Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
--# Source0-md5:	f3c710c045cdee5fd114feb69feba7aa
++# Source0-md5:	9392e65072ce4b614c1392eefc1f23d0
  %else
  Source1:	https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
  %endif
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssl102.git/commitdiff/9fc1b1b87b259e8a327c99835865e91a391efc9e

