Browse code
Update openssl to 1.0.2o
Change-Id: Idc083774dad46933c579de0dc0e9968b98d9d96a
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4969
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
suezzelur authored on 2018/04/04 06:56:28Showing 6 changed files
- SPECS/openssl/CVE-2016-2182.patch
- SPECS/openssl/CVE-2016-6303.patch
- SPECS/openssl/openssl-1.0.2n-ipv6apps.patch
- SPECS/openssl/openssl-drbg-default-read-system-fips.patch
- SPECS/openssl/openssl-use-fips-drbg-by-default.patch
- SPECS/openssl/openssl.spec
| 1 | 1 |
deleted file mode 100644 |
| ... | ... |
@@ -1,34 +0,0 @@ |
| 1 |
-diff -ru openssl-1.0.2h/crypto/bn/bn_print.c openssl-1.0.2h-modified/crypto/bn/bn_print.c |
|
| 2 |
-+++ openssl-1.0.2h-modified/crypto/bn/bn_print.c 2016-09-20 15:41:13.789132068 -0700 |
|
| 3 |
-@@ -111,6 +111,7 @@ |
|
| 4 |
- char *p; |
|
| 5 |
- BIGNUM *t = NULL; |
|
| 6 |
- BN_ULONG *bn_data = NULL, *lp; |
|
| 7 |
-+ int bn_data_num; |
|
| 8 |
- |
|
| 9 |
- /*- |
|
| 10 |
- * get an upper bound for the length of the decimal integer |
|
| 11 |
-@@ -120,8 +121,8 @@ |
|
| 12 |
- */ |
|
| 13 |
- i = BN_num_bits(a) * 3; |
|
| 14 |
- num = (i / 10 + i / 1000 + 1) + 1; |
|
| 15 |
-- bn_data = |
|
| 16 |
-- (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG)); |
|
| 17 |
-+ bn_data_num = num / BN_DEC_NUM + 1; |
|
| 18 |
-+ bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); |
|
| 19 |
- buf = (char *)OPENSSL_malloc(num + 3); |
|
| 20 |
- if ((buf == NULL) || (bn_data == NULL)) {
|
|
| 21 |
- BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); |
|
| 22 |
-@@ -143,7 +144,11 @@ |
|
| 23 |
- i = 0; |
|
| 24 |
- while (!BN_is_zero(t)) {
|
|
| 25 |
- *lp = BN_div_word(t, BN_DEC_CONV); |
|
| 26 |
-+ if (*lp == (BN_ULONG)-1) |
|
| 27 |
-+ goto err; |
|
| 28 |
- lp++; |
|
| 29 |
-+ if (lp - bn_data >= bn_data_num) |
|
| 30 |
-+ goto err; |
|
| 31 |
- } |
|
| 32 |
- lp--; |
|
| 33 |
- /* |
| 34 | 1 |
deleted file mode 100644 |
| ... | ... |
@@ -1,28 +0,0 @@ |
| 1 |
-From 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 Mon Sep 17 00:00:00 2001 |
|
| 2 |
-From: "Dr. Stephen Henson" <steve@openssl.org> |
|
| 3 |
-Date: Fri, 19 Aug 2016 23:28:29 +0100 |
|
| 4 |
-Subject: [PATCH] Avoid overflow in MDC2_Update() |
|
| 5 |
- |
|
| 6 |
-Thanks to Shi Lei for reporting this issue. |
|
| 7 |
- |
|
| 8 |
-CVE-2016-6303 |
|
| 9 |
- |
|
| 10 |
-Reviewed-by: Matt Caswell <matt@openssl.org> |
|
| 11 |
-(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07) |
|
| 12 |
- crypto/mdc2/mdc2dgst.c | 2 +- |
|
| 13 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
|
| 14 |
- |
|
| 15 |
-diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c |
|
| 16 |
-index 6615cf8..2dce493 100644 |
|
| 17 |
-+++ b/crypto/mdc2/mdc2dgst.c |
|
| 18 |
-@@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) |
|
| 19 |
- |
|
| 20 |
- i = c->num; |
|
| 21 |
- if (i != 0) {
|
|
| 22 |
-- if (i + len < MDC2_BLOCK) {
|
|
| 23 |
-+ if (len < MDC2_BLOCK - i) {
|
|
| 24 |
- /* partial block */ |
|
| 25 |
- memcpy(&(c->data[i]), in, len); |
|
| 26 |
- c->num += (int)len; |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 |
-diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h |
|
| 2 |
-+++ openssl-1.0.2a/apps/s_apps.h 2015-04-20 15:05:00.353137701 +0200 |
|
| 1 |
+diff -rup openssl-1.0.2o/apps/s_apps.h openssl-1.0.2o-new/apps/s_apps.h |
|
| 2 |
+--- openssl-1.0.2o/apps/s_apps.h 2018-03-27 06:54:46.000000000 -0700 |
|
| 3 | 3 |
@@ -151,7 +151,7 @@ typedef fd_mask fd_set; |
| 4 | 4 |
#define PORT_STR "4433" |
| 5 | 5 |
#define PROTOCOL "tcp" |
| ... | ... |
@@ -24,10 +24,10 @@ diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h |
| 24 | 24 |
|
| 25 | 25 |
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
| 26 | 26 |
int argi, long argl, long ret); |
| 27 |
-diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c |
|
| 28 |
-+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 15:06:42.338503234 +0200 |
|
| 29 |
-@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv) |
|
| 27 |
+diff -rup openssl-1.0.2o/apps/s_client.c openssl-1.0.2o-new/apps/s_client.c |
|
| 28 |
+--- openssl-1.0.2o/apps/s_client.c 2018-03-27 06:54:46.000000000 -0700 |
|
| 29 |
+@@ -668,7 +668,7 @@ int MAIN(int argc, char **argv) |
|
| 30 | 30 |
int cbuf_len, cbuf_off; |
| 31 | 31 |
int sbuf_len, sbuf_off; |
| 32 | 32 |
fd_set readfds, writefds; |
| ... | ... |
@@ -36,7 +36,7 @@ diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c |
| 36 | 36 |
int full_log = 1; |
| 37 | 37 |
char *host = SSL_HOST_NAME; |
| 38 | 38 |
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; |
| 39 |
-@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv) |
|
| 39 |
+@@ -792,13 +792,11 @@ int MAIN(int argc, char **argv) |
|
| 40 | 40 |
} else if (strcmp(*argv, "-port") == 0) {
|
| 41 | 41 |
if (--argc < 1) |
| 42 | 42 |
goto bad; |
| ... | ... |
@@ -52,7 +52,7 @@ diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c |
| 52 | 52 |
goto bad; |
| 53 | 53 |
} else if (strcmp(*argv, "-verify") == 0) {
|
| 54 | 54 |
verify = SSL_VERIFY_PEER; |
| 55 |
-@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv) |
|
| 55 |
+@@ -1449,7 +1447,7 @@ int MAIN(int argc, char **argv) |
|
| 56 | 56 |
|
| 57 | 57 |
re_start: |
| 58 | 58 |
|
| ... | ... |
@@ -61,10 +61,11 @@ diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c |
| 61 | 61 |
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); |
| 62 | 62 |
SHUTDOWN(s); |
| 63 | 63 |
goto end; |
| 64 |
-diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c |
|
| 65 |
-+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 15:10:47.245187746 +0200 |
|
| 66 |
-@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[]) |
|
| 64 |
+Only in openssl-1.0.2o-new/apps: s_client.c.orig |
|
| 65 |
+diff -rup openssl-1.0.2o/apps/s_server.c openssl-1.0.2o-new/apps/s_server.c |
|
| 66 |
+--- openssl-1.0.2o/apps/s_server.c 2018-03-27 06:54:46.000000000 -0700 |
|
| 67 |
+@@ -1082,7 +1082,7 @@ int MAIN(int argc, char *argv[]) |
|
| 67 | 68 |
{
|
| 68 | 69 |
X509_VERIFY_PARAM *vpm = NULL; |
| 69 | 70 |
int badarg = 0; |
| ... | ... |
@@ -73,7 +74,7 @@ diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c |
| 73 | 73 |
char *CApath = NULL, *CAfile = NULL; |
| 74 | 74 |
char *chCApath = NULL, *chCAfile = NULL; |
| 75 | 75 |
char *vfyCApath = NULL, *vfyCAfile = NULL; |
| 76 |
-@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[]) |
|
| 76 |
+@@ -1170,7 +1170,8 @@ int MAIN(int argc, char *argv[]) |
|
| 77 | 77 |
if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
|
| 78 | 78 |
if (--argc < 1) |
| 79 | 79 |
goto bad; |
| ... | ... |
@@ -83,7 +84,7 @@ diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c |
| 83 | 83 |
goto bad; |
| 84 | 84 |
} else if (strcmp(*argv, "-naccept") == 0) {
|
| 85 | 85 |
if (--argc < 1) |
| 86 |
-@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[]) |
|
| 86 |
+@@ -2058,13 +2059,13 @@ int MAIN(int argc, char *argv[]) |
|
| 87 | 87 |
BIO_printf(bio_s_out, "ACCEPT\n"); |
| 88 | 88 |
(void)BIO_flush(bio_s_out); |
| 89 | 89 |
if (rev) |
| ... | ... |
@@ -100,9 +101,10 @@ diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c |
| 100 | 100 |
naccept); |
| 101 | 101 |
print_stats(bio_s_out, ctx); |
| 102 | 102 |
ret = 0; |
| 103 |
-diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
|
| 104 |
-+++ openssl-1.0.2a/apps/s_socket.c 2015-04-20 15:32:53.960079507 +0200 |
|
| 103 |
+Only in openssl-1.0.2o-new/apps: s_server.c.orig |
|
| 104 |
+diff -rup openssl-1.0.2o/apps/s_socket.c openssl-1.0.2o-new/apps/s_socket.c |
|
| 105 |
+--- openssl-1.0.2o/apps/s_socket.c 2018-03-27 06:54:46.000000000 -0700 |
|
| 105 | 106 |
@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha |
| 106 | 107 |
static void ssl_sock_cleanup(void); |
| 107 | 108 |
# endif |
| ... | ... |
@@ -114,7 +116,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 114 | 114 |
static int do_accept(int acc_sock, int *sock, char **host); |
| 115 | 115 |
static int host_ip(char *str, unsigned char ip[4]); |
| 116 | 116 |
|
| 117 |
-@@ -231,65 +229,66 @@ static int ssl_sock_init(void) |
|
| 117 |
+@@ -231,65 +229,67 @@ static int ssl_sock_init(void) |
|
| 118 | 118 |
return (1); |
| 119 | 119 |
} |
| 120 | 120 |
|
| ... | ... |
@@ -123,7 +125,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 123 | 123 |
{
|
| 124 | 124 |
- unsigned char ip[4]; |
| 125 | 125 |
- |
| 126 |
-- memset(ip, '\0', sizeof ip); |
|
| 126 |
+- memset(ip, '\0', sizeof(ip)); |
|
| 127 | 127 |
- if (!host_ip(host, &(ip[0]))) |
| 128 | 128 |
- return 0; |
| 129 | 129 |
- return init_client_ip(sock, ip, port, type); |
| ... | ... |
@@ -177,6 +179,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 177 | 177 |
+ failed_call = "socket"; |
| 178 | 178 |
+ goto nextres; |
| 179 | 179 |
+ } |
| 180 |
++ |
|
| 180 | 181 |
# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) |
| 181 | 182 |
- if (type == SOCK_STREAM) {
|
| 182 | 183 |
- i = 0; |
| ... | ... |
@@ -227,7 +230,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 227 | 227 |
int (*cb) (char *hostname, int s, int stype, |
| 228 | 228 |
unsigned char *context), unsigned char *context, |
| 229 | 229 |
int naccept) |
| 230 |
-@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r |
|
| 230 |
+@@ -328,69 +328,88 @@ int do_server(int port, int type, int *r |
|
| 231 | 231 |
} |
| 232 | 232 |
} |
| 233 | 233 |
|
| ... | ... |
@@ -295,7 +298,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 295 | 295 |
# if defined SOL_SOCKET && defined SO_REUSEADDR |
| 296 | 296 |
- {
|
| 297 | 297 |
- int j = 1; |
| 298 |
-- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); |
|
| 298 |
+- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); |
|
| 299 | 299 |
- } |
| 300 | 300 |
-# endif |
| 301 | 301 |
- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
|
| ... | ... |
@@ -307,6 +310,15 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 307 | 307 |
+ } |
| 308 | 308 |
# endif |
| 309 | 309 |
- goto err; |
| 310 |
+- } |
|
| 311 |
+- /* Make it 128 for linux */ |
|
| 312 |
+- if (type == SOCK_STREAM && listen(s, 128) == -1) |
|
| 313 |
+- goto err; |
|
| 314 |
+- *sock = s; |
|
| 315 |
+- ret = 1; |
|
| 316 |
+- err: |
|
| 317 |
+- if ((ret == 0) && (s != -1)) {
|
|
| 318 |
+- SHUTDOWN(s); |
|
| 310 | 319 |
+ |
| 311 | 320 |
+ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
|
| 312 | 321 |
+ failed_call = "bind"; |
| ... | ... |
@@ -325,17 +337,14 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 325 | 325 |
+ close(s); |
| 326 | 326 |
+ res = res->ai_next; |
| 327 | 327 |
} |
| 328 |
-- /* Make it 128 for linux */ |
|
| 329 |
-- if (type == SOCK_STREAM && listen(s, 128) == -1) |
|
| 330 |
-- goto err; |
|
| 331 |
-- *sock = s; |
|
| 332 |
-- ret = 1; |
|
| 333 |
-- err: |
|
| 334 |
-- if ((ret == 0) && (s != -1)) {
|
|
| 335 |
-- SHUTDOWN(s); |
|
| 328 |
+- return (ret); |
|
| 329 |
+-} |
|
| 336 | 330 |
+ if (res0) |
| 337 | 331 |
+ freeaddrinfo(res0); |
| 338 |
-+ |
|
| 332 |
+ |
|
| 333 |
+-static int init_server(int *sock, int port, int type) |
|
| 334 |
+-{
|
|
| 335 |
+- return (init_server_long(sock, port, NULL, type)); |
|
| 339 | 336 |
+ if (s == INVALID_SOCKET) {
|
| 340 | 337 |
+ if (hints.ai_family == AF_INET6) {
|
| 341 | 338 |
+ hints.ai_family = AF_INET; |
| ... | ... |
@@ -343,13 +352,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 343 | 343 |
+ } |
| 344 | 344 |
+ perror("socket");
|
| 345 | 345 |
+ return (0); |
| 346 |
- } |
|
| 347 |
-- return (ret); |
|
| 348 |
--} |
|
| 349 |
- |
|
| 350 |
--static int init_server(int *sock, int port, int type) |
|
| 351 |
--{
|
|
| 352 |
-- return (init_server_long(sock, port, NULL, type)); |
|
| 346 |
++ } |
|
| 353 | 347 |
+ perror(failed_call); |
| 354 | 348 |
+ return (0); |
| 355 | 349 |
} |
| ... | ... |
@@ -523,4 +526,3 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
| 523 | 523 |
return (1); |
| 524 | 524 |
} |
| 525 | 525 |
|
| 526 |
- |
| ... | ... |
@@ -1,14 +1,17 @@ |
| 1 |
-diff -rup openssl-1.0.2k/crypto/o_init.c openssl-1.0.2k-new/crypto/o_init.c |
|
| 2 |
-+++ openssl-1.0.2k-new/crypto/o_init.c 2017-07-27 17:18:49.016782797 -0700 |
|
| 3 |
-@@ -57,10 +57,57 @@ |
|
| 1 |
+diff -rup openssl-1.0.2o/crypto/o_init.c openssl-1.0.2o-new/crypto/o_init.c |
|
| 2 |
+--- openssl-1.0.2o/crypto/o_init.c 2018-03-27 06:54:46.000000000 -0700 |
|
| 3 |
+@@ -57,6 +57,7 @@ |
|
| 4 | 4 |
#include <openssl/err.h> |
| 5 | 5 |
#ifdef OPENSSL_FIPS |
| 6 | 6 |
# include <openssl/fips.h> |
| 7 | 7 |
+# include <openssl/fips_rand.h> |
| 8 | 8 |
# include <openssl/rand.h> |
| 9 |
+ |
|
| 10 |
+ # ifndef OPENSSL_NO_DEPRECATED |
|
| 11 |
+@@ -66,6 +67,52 @@ void FIPS_crypto_set_id_callback(unsigne |
|
| 9 | 12 |
#endif |
| 10 |
- |
|
| 13 |
+ |
|
| 11 | 14 |
/* |
| 12 | 15 |
+ * |
| 13 | 16 |
+ * Enable FIPS mode based on host FIPS mode / env variable. |
| ... | ... |
@@ -59,7 +62,7 @@ diff -rup openssl-1.0.2k/crypto/o_init.c openssl-1.0.2k-new/crypto/o_init.c |
| 59 | 59 |
* Perform any essential OpenSSL initialization operations. Currently only |
| 60 | 60 |
* sets FIPS callbacks |
| 61 | 61 |
*/ |
| 62 |
-@@ -79,6 +126,17 @@ void OPENSSL_init(void) |
|
| 62 |
+@@ -84,6 +131,17 @@ void OPENSSL_init(void) |
|
| 63 | 63 |
FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); |
| 64 | 64 |
FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); |
| 65 | 65 |
RAND_init_fips(); |
| 66 | 66 |
deleted file mode 100644 |
| ... | ... |
@@ -1,26 +0,0 @@ |
| 1 |
-diff -aur openssl-1.0.2h/crypto/o_init.c openssl-1.0.2h-1/crypto/o_init.c |
|
| 2 |
-+++ openssl-1.0.2h-1/crypto/o_init.c 2016-07-22 17:14:23.368059530 -0700 |
|
| 3 |
-@@ -57,6 +57,7 @@ |
|
| 4 |
- #include <openssl/err.h> |
|
| 5 |
- #ifdef OPENSSL_FIPS |
|
| 6 |
- # include <openssl/fips.h> |
|
| 7 |
-+# include <openssl/fips_rand.h> |
|
| 8 |
- # include <openssl/rand.h> |
|
| 9 |
- #endif |
|
| 10 |
- |
|
| 11 |
-@@ -76,6 +77,14 @@ |
|
| 12 |
- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); |
|
| 13 |
- FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); |
|
| 14 |
- RAND_init_fips(); |
|
| 15 |
-+/* |
|
| 16 |
-+* Calling RAND_init_fips() followed by |
|
| 17 |
-+* RAND_set_rand_method(FIPS_rand_get_method()) will |
|
| 18 |
-+* cause OpenSSL to use the FIPS default DRBG |
|
| 19 |
-+* in lieu of the non-compliant OpenSSL default RAND. This |
|
| 20 |
-+* requires FIPS-capable OpenSSL. |
|
| 21 |
-+*/ |
|
| 22 |
-+ RAND_set_rand_method(FIPS_rand_get_method()); |
|
| 23 |
- #endif |
|
| 24 |
- #if 0 |
|
| 25 |
- fprintf(stderr, "Called OPENSSL_init\n"); |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Management tools and libraries relating to cryptography |
| 2 | 2 |
Name: openssl |
| 3 |
-Version: 1.0.2n |
|
| 3 |
+Version: 1.0.2o |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: OpenSSL |
| 6 | 6 |
URL: http://www.openssl.org |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Security |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
|
| 11 |
-%define sha1 openssl=0ca2957869206de193603eca6d89f532f61680b1 |
|
| 11 |
+%define sha1 openssl=a47faaca57b47a0d9d5fb085545857cc92062691 |
|
| 12 | 12 |
Patch0: c_rehash.patch |
| 13 | 13 |
Patch1: openssl-1.0.2n-ipv6apps.patch |
| 14 | 14 |
Patch2: openssl-init-conslidate.patch |
| ... | ... |
@@ -112,6 +112,8 @@ rm -rf %{buildroot}/*
|
| 112 | 112 |
/%{_bindir}/c_rehash
|
| 113 | 113 |
|
| 114 | 114 |
%changelog |
| 115 |
+* Tue Apr 03 2018 Anish Swaminathan <anishs@vmware.com> 1.0.2o-1 |
|
| 116 |
+- Upgrade to 1.0.2o - Fixes CVE-2017-3738, CVE-2018-0733, CVE-2018-0739 |
|
| 115 | 117 |
* Tue Jan 02 2018 Xiaolin Li <xiaolinl@vmware.com> 1.0.2n-1 |
| 116 | 118 |
- Upgrade to 1.0.2n |
| 117 | 119 |
* Tue Nov 07 2017 Anish Swaminathan <anishs@vmware.com> 1.0.2m-1 |