[packages/openssl102: 124/432] - secuirty patch (patch4)

adwol adwol at pld-linux.org
Sat Sep 29 01:12:01 CEST 2018


commit adcb6f76e4153d4737bf3a2d355079a1ec7f1d81
Author: misi3k <misi3k at pld-linux.org>
Date:   Mon Mar 17 18:43:02 2003 +0000

    - secuirty patch (patch4)
    
    Bug (bugtraq):
    Researchers have discovered a timing attack on RSA keys, to which
    OpenSSL is generally vulnerable, unless RSA blinding has been turned
    on.
    
    Typically, it will not have been, because it is not easily possible to
    do so when using OpenSSL to provide SSL or TLS.
    
    The enclosed patch switches blinding on by default. Applications that
    wish to can remove the blinding with RSA_blinding_off(), but this is
    not generally advised. It is also possible to disable it completely by
    defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time.
    
    The performance impact of blinding appears to be small (a few
    percent).
    
    This problem affects many applications using OpenSSL, in particular,
    almost all SSL-enabled Apaches. You should rebuild and reinstall
    OpenSSL, and all affected applications.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2003-0147 to this issue.
    
    We strongly advise upgrading OpenSSL in all cases, as a precaution.
    
    Changed files:
        openssl.spec -> 1.94

 openssl.spec | 2 ++
 1 file changed, 2 insertions(+)
---
diff --git a/openssl.spec b/openssl.spec
index e52a7da..f9bf5d4 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -19,6 +19,7 @@ Patch0:		%{name}-alpha-ccc.patch
 Patch1:		%{name}-optflags.patch
 Patch2:		%{name}-globalCA.diff
 Patch3:		%{name}-parallel_make.patch
+Patch4:		%{name}-sec3.patch
 URL:		http://www.openssl.org/
 BuildRequires:	perl-devel >= 5.6.1
 BuildRequires:	textutils
@@ -178,6 +179,7 @@ ¦
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p0
 
 %build
 for f in ` grep -r "%{_prefix}/local/bin/perl" . | cut -d":" -f1`; do
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssl102.git/commitdiff/9fc1b1b87b259e8a327c99835865e91a391efc9e



More information about the pld-cvs-commit mailing list