diff -Nru openssl-1.0.1/debian/changelog openssl-1.0.1/debian/changelog --- openssl-1.0.1/debian/changelog 2012-07-03 12:53:50.000000000 -0700 +++ openssl-1.0.1/debian/changelog 2012-08-02 14:25:37.000000000 -0700 @@ -1,3 +1,18 @@ +openssl (1.0.1-4ubuntu5.5) precise-proposed; urgency=low + + * debian/patches/lp973741.patch: Apply complete and more recent changeset, + which fixes original issue on Intel CPUs and fixes FTBFS on non-x86 + architectures. (LP: #973741) + + -- Adam Gandelman Thu, 02 Aug 2012 14:23:10 -0700 + +openssl (1.0.1-4ubuntu5.4) precise-proposed; urgency=low + + * debian/patches/lp973741.patch: Avoid segfault on legacy Intel CPUs + by using correct cypher. (LP: #973741) + + -- Adam Gandelman Thu, 26 Jul 2012 00:14:32 -0700 + openssl (1.0.1-4ubuntu5.3) precise-security; urgency=low * SECURITY UPDATE: SSL_OP_ALL incorrectly disables TLS 1.1 (LP: #1018998) diff -Nru openssl-1.0.1/debian/patches/lp973741.patch openssl-1.0.1/debian/patches/lp973741.patch --- openssl-1.0.1/debian/patches/lp973741.patch 1969-12-31 16:00:00.000000000 -0800 +++ openssl-1.0.1/debian/patches/lp973741.patch 2012-08-02 13:17:42.000000000 -0700 @@ -0,0 +1,82 @@ +Origin: http://cvs.openssl.org/filediff?f=openssl/crypto/evp/e_rc4_hmac_md5.c&v1=1.2&v2=1.5 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/s3cmd/+bug/973741 +Subject: Difference in openssl/crypto/evp/e_rc4_hmac_md5.c versions 1.2 and 1.5 + +Backport architecture-specific fixes to e_rc4_hmac_md5.c that fix segfaults on legacy +Intel CPUs (Xeon) while still allowing builds on non-x86 archs. + +Index: openssl-1.0.1/crypto/evp/e_rc4_hmac_md5.c +=================================================================== +--- openssl-1.0.1.orig/crypto/evp/e_rc4_hmac_md5.c 2011-11-15 04:39:48.000000000 -0800 ++++ openssl-1.0.1/crypto/evp/e_rc4_hmac_md5.c 2012-08-02 13:15:22.169889536 -0700 +@@ -75,6 +75,8 @@ + size_t payload_length; + } EVP_RC4_HMAC_MD5; + ++#define NO_PAYLOAD_LENGTH ((size_t)-1) ++ + void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, + MD5_CTX *ctx,const void *inp,size_t blocks); + +@@ -93,7 +95,7 @@ + key->tail = key->head; + key->md = key->head; + +- key->payload_length = 0; ++ key->payload_length = NO_PAYLOAD_LENGTH; + + return 1; + } +@@ -119,19 +121,21 @@ + size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */ + md5_off = MD5_CBLOCK-key->md.num, + blocks; ++ extern unsigned int OPENSSL_ia32cap_P[]; + unsigned int l; + #endif + size_t plen = key->payload_length; + +- if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0; ++ if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0; + + if (ctx->encrypt) { +- if (plen==0) plen = len; ++ if (plen==NO_PAYLOAD_LENGTH) plen = len; + #if defined(STITCHED_CALL) + /* cipher has to "fall behind" */ + if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; + +- if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) { ++ if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && ++ (OPENSSL_ia32cap_P[0]&(1<<20))==0) { + MD5_Update(&key->md,in,md5_off); + RC4(&key->ks,rc4_off,in,out); + +@@ -171,7 +175,8 @@ + if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK; + else rc4_off += MD5_CBLOCK; + +- if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) { ++ if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && ++ (OPENSSL_ia32cap_P[0]&(1<<20))==0) { + RC4(&key->ks,rc4_off,in,out); + MD5_Update(&key->md,out,md5_off); + +@@ -191,7 +196,7 @@ + #endif + /* decrypt HMAC at once */ + RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); +- if (plen) { /* "TLS" mode of operation */ ++ if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ + MD5_Update(&key->md,out+md5_off,plen-md5_off); + + /* calculate HMAC and verify it */ +@@ -207,7 +212,7 @@ + } + } + +- key->payload_length = 0; ++ key->payload_length = NO_PAYLOAD_LENGTH; + + return 1; + } diff -Nru openssl-1.0.1/debian/patches/series openssl-1.0.1/debian/patches/series --- openssl-1.0.1/debian/patches/series 2012-07-03 12:53:34.000000000 -0700 +++ openssl-1.0.1/debian/patches/series 2012-08-02 13:14:54.000000000 -0700 @@ -40,3 +40,4 @@ CVE-2012-0884-extra.patch lp1018998.patch lp1020621.patch +lp973741.patch