diff --git a/openssl-1.0.0d-CVE-2012-2333.diff b/openssl-1.0.0d-CVE-2012-2333.diff new file mode 100644 index 0000000..73a7a9c --- /dev/null +++ b/openssl-1.0.0d-CVE-2012-2333.diff @@ -0,0 +1,15 @@ + +http://cvs.openssl.org/chngview?cn=22547 +http://openssl.org/news/secadv_20120510.txt + +--- ssl/d1_enc.c 2011-01-04 19:33:22.000000000 +0000 ++++ ssl/d1_enc.c.oden 2012-05-11 09:49:13.000000000 +0000 +@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send) + } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ +- if (i > (int)rec->length) ++ if (i + bs > (int)rec->length) + { + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is diff --git a/openssl.spec b/openssl.spec index 8d06530..edc8056 100644 --- a/openssl.spec +++ b/openssl.spec @@ -18,7 +18,7 @@ Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: %{maj}i -Release: %mkrel 1 +Release: %mkrel 2 License: BSD-like Group: System/Libraries URL: http://www.openssl.org/ @@ -48,6 +48,7 @@ Patch16: pkcs11_engine-1.0.0.diff Patch300: openssl-1.0.0-mips.patch Patch301: openssl-1.0.0-arm.patch Patch302: openssl-1.0.0-enginesdir.patch +Patch400: openssl-1.0.0d-CVE-2012-2333.diff Requires: %{libname} = %{version}-%{release} Requires: perl-base Requires: rootcerts @@ -140,6 +141,8 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %patch301 -p1 -b .arm %patch302 -p1 -b .engines +%patch400 -p0 + perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile # fix perl path @@ -357,6 +360,9 @@ rm -fr %{buildroot} %changelog +* Wed May 30 2012 Danil Leontiev 1.0.0d-2.5 +- P27: security fix for CVE-2012-2333 + * Mon Mar 26 2012 Oden Eriksson 1.0.0d-2.4 - P25: security fix for CVE-2006-7250_CVE-2012-1165 (upstream) - P26: security fix for CVE-2012-0884 (upstream)