]> git.ipfire.org Git - people/trikolon/ipfire-2.x.git/commitdiff
projects / people / trikolon / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75c2cf6)
openssl: security update to 0.9.8w. (CVE-2012-2131).
authorArne Fitzenreiter <arne_f@ipfire.org>
Wed, 2 May 2012 17:42:02 +0000 (19:42 +0200)
committerArne Fitzenreiter <arne_f@ipfire.org>
Sat, 12 May 2012 17:28:24 +0000 (19:28 +0200)
SN1 BIO incomplete fix (CVE-2012-2131)
=======================================

It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.

Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.

This issue only affects OpenSSL 0.9.8v.  OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.

Thanks to Red Hat for discovering and fixing this issue.

Affected users should upgrade to 0.9.8w.

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt

config/rootfiles/common/openssl patch | blob | blame | history
lfs/openssl patch | blob | blame | history

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index bc1ac49f0b86720f71602acacfb0d6292dff825b..02e4c1cdd9509e37590cb8f903262f14b86f7119 100644 (file)
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -1116,7 +1116,6 @@ usr/lib/libssl.so.0.9.8
 #usr/share/man/man3/dsa.3
 #usr/share/man/man3/ecdsa.3
 #usr/share/man/man3/engine.3
 #usr/share/man/man3/dsa.3
 #usr/share/man/man3/ecdsa.3
 #usr/share/man/man3/engine.3
-#usr/share/man/man3/err.3
 #usr/share/man/man3/evp.3
 #usr/share/man/man3/hmac.3
 #usr/share/man/man3/i2d_ASN1_OBJECT.3
 #usr/share/man/man3/evp.3
 #usr/share/man/man3/hmac.3
 #usr/share/man/man3/i2d_ASN1_OBJECT.3
@@ -1164,6 +1163,7 @@ usr/lib/libssl.so.0.9.8
 #usr/share/man/man3/md5.3
 #usr/share/man/man3/mdc2.3
 #usr/share/man/man3/pem.3
 #usr/share/man/man3/md5.3
 #usr/share/man/man3/mdc2.3
 #usr/share/man/man3/pem.3
+#usr/share/man/man3/rand.3
 #usr/share/man/man3/rc4.3
 #usr/share/man/man3/ripemd.3
 #usr/share/man/man3/rsa.3
 #usr/share/man/man3/rc4.3
 #usr/share/man/man3/ripemd.3
 #usr/share/man/man3/rsa.3
diff --git a/lfs/openssl b/lfs/openssl
index 9d559e1549f112984a4f723dddc00bfee85ed1d3..c58c0487f99da5f46955a9b8846802438041bd88 100644 (file)
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
 
 include Config
 
-VER        = 0.9.8u
+VER        = 0.9.8w
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = cb41e94f762ed63e41d1cca2b8430ede
+$(DL_FILE)_MD5 = 4ceb7d570e42c094b360cc7b8e848a0b
 
 install : $(TARGET)
 
 
 install : $(TARGET)
 
Ben's tree of IPFire 2.x.