added patches from sec team

openssl-1.0.0d-CVE-2012-2333.diff

@@ -0,0 +1,15 @@
+
+http://cvs.openssl.org/chngview?cn=22547
+http://openssl.org/news/secadv_20120510.txt
+
+--- ssl/d1_enc.c	2011-01-04 19:33:22.000000000 +0000
++++ ssl/d1_enc.c.oden	2012-05-11 09:49:13.000000000 +0000
+@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
+ 				}
+ 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+ 			 * All of them must have value 'padding_length'. */
+-			if (i > (int)rec->length)
++			if (i + bs > (int)rec->length)
+ 				{
+ 				/* Incorrect padding. SSLerr() and ssl3_alert are done
+ 				 * by caller: we don't want to reveal whether this is

openssl.spec

@@ -18,7 +18,7 @@
 Summary:	Secure Sockets Layer communications libs & utils
 Name:		openssl
 Version:	%{maj}i
-Release:	%mkrel 1
+Release:	%mkrel 2
 License:	BSD-like
 Group:		System/Libraries
 URL:		http://www.openssl.org/
@@ -48,6 +48,7 @@ Patch16:	pkcs11_engine-1.0.0.diff
 Patch300:	openssl-1.0.0-mips.patch
 Patch301:	openssl-1.0.0-arm.patch
 Patch302:	openssl-1.0.0-enginesdir.patch
+Patch400:	openssl-1.0.0d-CVE-2012-2333.diff
 Requires:	%{libname} = %{version}-%{release}
 Requires:	perl-base
 Requires:	rootcerts
@@ -140,6 +141,8 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
 %patch301 -p1 -b .arm
 %patch302 -p1 -b .engines
 
+%patch400 -p0
+
 perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
 
 # fix perl path
@@ -357,6 +360,9 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Wed May 30 2012 Danil Leontiev <danila.leontiev@rosalab.ru> 1.0.0d-2.5
+- P27: security fix for CVE-2012-2333
+
 * Mon Mar 26 2012 Oden Eriksson <oeriksson@mandriva.com> 1.0.0d-2.4
 - P25: security fix for CVE-2006-7250_CVE-2012-1165 (upstream)
 - P26: security fix for CVE-2012-0884 (upstream)