affects F19/F20/F21 and the Fedora changelog looks like the commit below is not beckported -------- Original-Nachricht -------- Betreff: Postfix: OpenSSL 1.0.1[de] (upgrade to 1.0.1f recommended) Datum: Mon, 3 Mar 2014 23:25:20 +0000 Von: Viktor Dukhovni <postfix-users> Antwort an: postfix-users An: postfix-users Though the problem is somewhat infrequent, OpenSSL 1.0.1d and 1.0.1e will at times incorrectly compute the SSL message-authentication-code (or MAC) on systems with Intel AES-NI hardware AES support. >From OpenSSL git history: 9ab3ce1 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. There are additional problems in 1.0.1d. If you build your own OpenSSL version (1.0.1 branch) for linking with Postfix, use at least 1.0.1f. Note, some O/S distributions backport selected patches without updating the package version number. For example, Debian wheezy's latest 1.0.1e build in fact includes the relevant fix from 1.0.1f.
This commit is included as the openssl-1.0.1e-bad-mac.patch We will update to 1.0.1f in Rawhide soon. *** This bug has been marked as a duplicate of bug 1049231 ***