diff --git a/openssl-1.0.0e-chil-fixes.patch b/openssl-1.0.0e-chil-fixes.patch new file mode 100644 index 0000000..58a035f --- /dev/null +++ b/openssl-1.0.0e-chil-fixes.patch @@ -0,0 +1,24 @@ +diff -up openssl-1.0.0e/engines/e_chil.c.chil openssl-1.0.0e/engines/e_chil.c +--- openssl-1.0.0e/engines/e_chil.c.chil 2010-06-15 19:25:12.000000000 +0200 ++++ openssl-1.0.0e/engines/e_chil.c 2011-09-21 17:32:03.000000000 +0200 +@@ -1261,6 +1261,11 @@ static int hwcrhk_insert_card(const char + UI *ui; + void *callback_data = NULL; + UI_METHOD *ui_method = NULL; ++ /* Despite what the documentation says prompt_info can be ++ * an empty string. ++ */ ++ if (prompt_info && !*prompt_info) ++ prompt_info = NULL; + + if (cactx) + { +@@ -1287,7 +1292,7 @@ static int hwcrhk_insert_card(const char + + if (ui) + { +- char answer; ++ char answer = '\0'; + char buf[BUFSIZ]; + /* Despite what the documentation says wrong_info can be + * an empty string. diff --git a/openssl.spec b/openssl.spec index 8af4610..2a3ce57 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0e -Release: 1%{?dist} +Release: 2%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -75,6 +75,7 @@ Patch61: openssl-1.0.0d-cavs.patch Patch62: openssl-1.0.0-fips-aesni.patch Patch63: openssl-1.0.0d-xmpp-starttls.patch Patch64: openssl-1.0.0d-intelopts.patch +Patch65: openssl-1.0.0e-chil-fixes.patch # Backported fixes including security fixes Patch81: openssl-1.0.0d-padlock64.patch @@ -171,6 +172,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch62 -p1 -b .fips-aesni %patch63 -p1 -b .starttls %patch64 -p1 -b .intelopts +%patch65 -p1 -b .chil %patch81 -p1 -b .padlock64 @@ -422,6 +424,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Wed Sep 21 2011 Tomas Mraz 1.0.0e-2 +- fix missing initialization of variable in CHIL engine + * Wed Sep 7 2011 Tomas Mraz 1.0.0e-1 - new upstream release fixing CVE-2011-3207 (#736088)