diff --git a/openssl-1.1.1j.tar.gz b/openssl-1.1.1j.tar.gz deleted file mode 100644 index 1d78375..0000000 --- a/openssl-1.1.1j.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf -size 9823161 diff --git a/openssl-1.1.1j.tar.gz.asc b/openssl-1.1.1j.tar.gz.asc deleted file mode 100644 index f1b9906..0000000 --- a/openssl-1.1.1j.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAr45gACgkQ2cTSbQ5g -RJE55AgAuAYlKdgDPQHfh7gyLmFl+fnO91iF8oaN/W4vFaAO2i3a/rwQayOOGWjh -UR4lUayR8ZLg+9p+69OGxogRd9mPp9YnZYSyLt/TO6BQcU9++CUIVYLgntUDiMzg -+doHvzWx7d9O070KBGb6+AwdUR2xZ29w+hcnq7DJ1xcLlbSj4iXzM1KapCEVlI08 -gHw9UpIy3LASfx9CgiPK1FdKcelpRp4VvUDU4i2QgKzVtQrOLXv7InDBqIiLpwi5 -PP0fAFnxQR1l7PgIF0T+dEyrz5xt60+6JpRaU8WIGqfrN+U4CuxKBvHW2ce7MgWz -oOIJ/1B7o5spKou6eKqm3gMP53J4hw== -=vzFe ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1k.tar.gz b/openssl-1.1.1k.tar.gz new file mode 100644 index 0000000..16e7751 --- /dev/null +++ b/openssl-1.1.1k.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5 +size 9823400 diff --git a/openssl-1.1.1k.tar.gz.asc b/openssl-1.1.1k.tar.gz.asc new file mode 100644 index 0000000..e64b1ca --- /dev/null +++ b/openssl-1.1.1k.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmBckA0ACgkQ2cTSbQ5g +RJE17Qf/RlHonnl+fhmD+rqQ5b5q6zuN0UassMwglwfbvajSTw0RAPk9IAAAuw6l +g0htn8wRYKQDgAUz469H1TM983HqFaxoc2VThVt4Et3Vd0ddalxNjlz2ycndTpvm +gEURrL3czSOEZNEBczsJElclNpXrG61vcMFruLc27uwMMU3KPvgwRJj9DsSoyB7g +Scsbze4wRbkolfOCiXpPcNYgNBSJRCuStEePtrwwB8iMAoPrDbnCtPl4EWrDq7yi +VtEb5kR2v0I8Yb9uxo1vRf80yida2Rx2K/AWKNS4dz+7NMYKaS5VXj2+eiTxszNl +xDZYd2ZMLseRUooR+QwU8K8YGPyOAw== +=e5aY +-----END PGP SIGNATURE----- diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 746b7c9..e80d2a2 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Thu Mar 25 23:51:47 UTC 2021 - Jason Sikes + +- Update to 1.1.1k + * Fixed a problem with verifying a certificate chain when using + the X509_V_FLAG_X509_STRICT flag. This flag enables additional + security checks of the certificates present in a certificate + chain. It is not set by default. ([CVE-2021-3450]) + + * Fixed an issue where an OpenSSL TLS server may crash if sent a + maliciously crafted renegotiation ClientHello message from a + client. If a TLSv1.2 renegotiation ClientHello omits the + signature_algorithms extension (where it was present in the + initial ClientHello), but includes a signature_algorithms_cert + extension then a NULL pointer dereference will result, leading + to a crash and a denial of service attack. + + A server is only vulnerable if it has TLSv1.2 and renegotiation + enabled (which is the default configuration). OpenSSL TLS + clients are not impacted by this issue. ([CVE-2021-3449]) + ------------------------------------------------------------------- Tue Mar 2 19:40:25 UTC 2021 - Pedro Monreal diff --git a/openssl-1_1.spec b/openssl-1_1.spec index ae44b35..27c5fc5 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1j +Version: 1.1.1k Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL