[Pkg-openssl-changes] r623 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Sun Dec 22 16:47:39 UTC 2013
Author: kroeckx
Date: 2013-12-22 16:47:39 +0000 (Sun, 22 Dec 2013)
New Revision: 623
Added:
openssl/trunk/debian/patches/rdrand.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/patches/series
Log:
disable rdrand engine by default
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2013-12-22 16:42:44 UTC (rev 622)
+++ openssl/trunk/debian/changelog 2013-12-22 16:47:39 UTC (rev 623)
@@ -6,8 +6,16 @@
ca-certificates has been split.
* Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
* Remove make-targets.patch. It prevented the test dir from being cleaned.
+ * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
+ - Fixes CVE-2013-6449 (Closes: #732754)
+ - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
+ dtls_version.patch get_certificate.patch, since they where all
+ already commited upstream.
+ - adjust fix-pod-errors.patch for the reordering of items in the
+ documentation they've done trying to fix those pod errors.
+ * disable rdrand engine by default (Closes: #732710)
- -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 17:11:19 +0100
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 22 Dec 2013 17:46:08 +0100
openssl (1.0.1e-4) unstable; urgency=low
Added: openssl/trunk/debian/patches/rdrand.patch
===================================================================
--- openssl/trunk/debian/patches/rdrand.patch (rev 0)
+++ openssl/trunk/debian/patches/rdrand.patch 2013-12-22 16:47:39 UTC (rev 623)
@@ -0,0 +1,25 @@
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Wed, 11 Dec 2013 14:45:12 +0000
+Subject: [PATCH] Don't use rdrand engine as default unless explicitly
+ requested.
+Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=8f68678989a198ead3ab59a698302ecb0f1c8fb1
+
+---
+ crypto/engine/eng_rdrand.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
+index a9ba5ae..4e9e91d 100644
+--- a/crypto/engine/eng_rdrand.c
++++ b/crypto/engine/eng_rdrand.c
+@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
+ {
+ if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+ !ENGINE_set_name(e, engine_e_rdrand_name) ||
++ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+ !ENGINE_set_init_function(e, rdrand_init) ||
+ !ENGINE_set_RAND(e, &rdrand_meth) )
+ return 0;
+--
+1.8.5.1
+
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2013-12-22 16:42:44 UTC (rev 622)
+++ openssl/trunk/debian/patches/series 2013-12-22 16:47:39 UTC (rev 623)
@@ -32,3 +32,4 @@
defaults.patch
openssl_fix_for_x32.patch
fix-pod-errors.patch
+rdrand.patch
More information about the Pkg-openssl-changes
mailing list