From a6f4183e83385cbd21d31db07171fb7109b81d54 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 May 2012 19:42:02 +0200 Subject: [PATCH] openssl: security update to 0.9.8w. (CVE-2012-2131). SN1 BIO incomplete fix (CVE-2012-2131) ======================================= It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. Thanks to Red Hat for discovering and fixing this issue. Affected users should upgrade to 0.9.8w. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20120424.txt --- config/rootfiles/common/openssl | 2 +- lfs/openssl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index bc1ac49f0..02e4c1cdd 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -1116,7 +1116,6 @@ usr/lib/libssl.so.0.9.8 #usr/share/man/man3/dsa.3 #usr/share/man/man3/ecdsa.3 #usr/share/man/man3/engine.3 -#usr/share/man/man3/err.3 #usr/share/man/man3/evp.3 #usr/share/man/man3/hmac.3 #usr/share/man/man3/i2d_ASN1_OBJECT.3 @@ -1164,6 +1163,7 @@ usr/lib/libssl.so.0.9.8 #usr/share/man/man3/md5.3 #usr/share/man/man3/mdc2.3 #usr/share/man/man3/pem.3 +#usr/share/man/man3/rand.3 #usr/share/man/man3/rc4.3 #usr/share/man/man3/ripemd.3 #usr/share/man/man3/rsa.3 diff --git a/lfs/openssl b/lfs/openssl index 9d559e154..c58c0487f 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 0.9.8u +VER = 0.9.8w THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = cb41e94f762ed63e41d1cca2b8430ede +$(DL_FILE)_MD5 = 4ceb7d570e42c094b360cc7b8e848a0b install : $(TARGET) -- 2.39.2