- Sun Oct 1 2006 PLD Team <feedback@pld-linux.org>
All persons listed below can be reached at
@pld-linux.org
$Log: openssl.spec,v $
Revision 1.146.2.3.2.3 2006/10/01 09:38:53 paszczus
- updated to 0.9.7l (fixes CVS-2006-{2940,2937,3738,4343})
- STBR
Revision 1.146.2.3.2.2 2006/09/08 07:59:32 hawk
- add CVE note to changelog
Revision 1.146.2.3.2.1 2006/09/08 07:57:46 hawk
- can't wait any longer... AC-branch restored to proper place, updated
to 0.9.7k (fixes CVE-2006-4339)
Revision 1.146.2.3 2006/06/13 10:23:22 jajcus
- 'purify' bcond added
Revision 1.146.2.2 2006/03/21 19:56:12 radek
- really moved ca-bundle.crt
Revision 1.146.2.1 2006/03/21 19:53:13 radek
- release 2: added certificates from Mozilla
- moved ca-bundle.crt to main package (rev 1.75 didn't)
Revision 1.146 2005/12/04 23:10:18 glen
- adapterized (sorted %verify flags)
Revision 1.145 2005/10/15 15:15:38 glen
- updated to 0.9.7i
Revision 1.144 2005/10/13 06:27:41 arekm
- backward binary compatibility
Revision 1.143 2005/10/12 12:33:26 qboosh
- added CAN note
Revision 1.142 2005/10/12 11:15:42 havner
- 0.9.7h
[fixes CAN-2005-2969]
Revision 1.141 2005/08/27 14:37:04 arekm
- rel 3
Revision 1.140 2005/07/24 16:36:14 qboosh
- fix libdir in *.pc, release 2
Revision 1.139 2005/05/11 15:27:01 qboosh
- use x8664 macro
Revision 1.138 2005/05/11 02:48:14 pluto
- exclude invalid libfips.so symlink from %%files.
Revision 1.137 2005/04/15 22:08:33 qboosh
- updated to 0.9.7g
Revision 1.136 2005/03/24 19:53:04 qboosh
- updated to 0.9.7f, updated optflags patch
Revision 1.135 2005/03/21 18:28:44 mmazur
- rel 3 for th
Revision 1.134 2005/02/02 09:22:51 speedy
- redefine SSLeay_add_ssl_algorithms
- fix sparc64-linux optflags
- fix sparc64 md5
- release 2
Revision 1.133 2004/11/20 21:16:02 qboosh
- hack to fix build on i386
- use default x86 code on i486 (only i386 is exceptional)
Revision 1.132 2004/10/27 17:45:41 darekr
- added missing file openssl_fips_fingerprint
Revision 1.131 2004/10/26 18:32:48 qboosh
- updated to 0.9.7e, updated optflags,include patches, removed obsolete smime patch
Revision 1.130 2004/10/13 10:51:16 mmazur
- rel 6 for th
Revision 1.129 2004/09/02 14:36:07 snurf
- typos / formatting / etc.
Revision 1.128 2004/07/13 19:41:35 qboosh
- added ia64, sorted archs
Revision 1.127 2004/06/24 00:17:27 pluto
- %%install: %%{__cc} added.
Revision 1.126 2004/06/23 23:51:49 pluto
- more sparc targets.
Revision 1.125 2004/06/04 14:04:14 ankry
- rebuild, rel. 5
Revision 1.124 2004/06/04 10:45:34 aflinta
- release 4 - sparc edition upgrade ;)
Revision 1.123 2004/06/01 20:03:39 qboosh
- added smime patch ("make S/MIME encrypt work again"); release 3
Revision 1.122 2004/05/09 05:22:00 ankry
- BR fixes, rel. 2
Revision 1.121 2004/03/17 17:35:27 qboosh
- security update to 0.9.7d (fixes CAN-2004-0079, CAN-2004-0112)
- removed obsolete makefile,parallel_make patches
Revision 1.120 2004/03/14 15:27:48 adgor
- Typo
Revision 1.119 2004/03/14 13:23:53 gotar
- moved %dir %{_var}/lib/%{name}/{,certs,private} to the main package;
there are programs (like proftpd) which take certificates from that
directory, but they don't require openssl-tools,
- release 4.
Revision 1.118 2004/02/28 21:41:12 qboosh
- strict internal deps, removed redundant BR textutils
- simplified grep -r | cut -> grep -l -r
Revision 1.117 2004/02/28 17:20:27 saq
- a minor speed-up (invoke perl -pi -e once for many files)
- generalized the ix86 architecture condition
Revision 1.116 2004/02/28 16:55:17 andree
- allow build on pentium3 (ifarch)
Revision 1.115 2004/01/08 10:05:45 qboosh
- well, one ifarch for one arch is enough...
Revision 1.114 2004/01/08 09:54:41 blues
- release 3 - added script for creating selfsigned certs, taken from debian
Revision 1.113 2004/01/02 17:49:49 jajcus
- Release: 2 (STBR after AMD64 fixes)
Revision 1.112 2003/12/18 22:46:47 jajcus
- put pkgconfig file in the right directory on amd64
Revision 1.111 2003/11/18 16:59:03 adasi
- x86_64 arch support
Revision 1.110 2003/10/20 19:00:28 qboosh
- use _pkgconfigdir macro
Revision 1.109 2003/10/01 08:41:23 qboosh
- cosmetics
Revision 1.108 2003/09/30 21:27:58 pius
- added openssl-makefile.patch
Revision 1.107 2003/09/30 19:38:10 blues
- md5 fix & cosmetics
Revision 1.106 2003/09/30 19:32:17 eothane
- openssl 0.9.7c
- next release
Revision 1.105 2003/08/24 23:51:24 mmazur
- rel 1 for ac
Revision 1.104 2003/08/20 19:20:22 krzak
- make with set INSTALLTOP
- include.patch
- rel 0.3
Revision 1.103 2003/08/12 22:32:51 ankry
- cosmetics
Revision 1.102 2003/05/25 11:00:56 malekith
- massive attack, adding Source-md5
Revision 1.101 2003/05/25 06:24:32 misi3k
- massive attack s/pld.org.pl/pld-linux.org/
Revision 1.100 2003/04/24 13:50:19 radek
- removed BR:perl-tools-pod, it's implied by perl-devel
Revision 1.99 2003/04/15 21:44:01 qboosh
- fixed broken entries in optflags patch, release 0.2
Revision 1.98 2003/04/12 10:23:19 misi3k
- updated to 0.9.7b
- removed patch 4 & 5 (not needed)
- rel 0.1
Note: Test me
Revision 1.97 2003/03/20 09:59:34 djrzulf
- added BR: perl-tools-pod
Revision 1.96 2003/03/20 09:09:52 misi3k
- security patch (no 5) - CAN-2003-0131 (Klima-Pokorny-Rosa attack on RSA in SSL/TLS)
Revision 1.95 2003/03/17 19:01:36 misi3k
- rel 1
Revision 1.94 2003/03/17 18:43:02 misi3k
- secuirty patch (patch4)
Bug (bugtraq):
Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on.
Typically, it will not have been, because it is not easily possible to
do so when using OpenSSL to provide SSL or TLS.
The enclosed patch switches blinding on by default. Applications that
wish to can remove the blinding with RSA_blinding_off(), but this is
not generally advised. It is also possible to disable it completely by
defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time.
The performance impact of blinding appears to be small (a few
percent).
This problem affects many applications using OpenSSL, in particular,
almost all SSL-enabled Apaches. You should rebuild and reinstall
OpenSSL, and all affected applications.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0147 to this issue.
We strongly advise upgrading OpenSSL in all cases, as a precaution.
Revision 1.93 2003/03/03 08:52:07 trojan