[Pkg-openssl-changes] r623 - in openssl/trunk/debian: . patches

[Kurt Roeckx]

Author: kroeckx
Date: 2013-12-22 16:47:39 +0000 (Sun, 22 Dec 2013)
New Revision: 623

Added:
   openssl/trunk/debian/patches/rdrand.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/patches/series
Log:
disable rdrand engine by default


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2013-12-22 16:42:44 UTC (rev 622)
+++ openssl/trunk/debian/changelog	2013-12-22 16:47:39 UTC (rev 623)
@@ -6,8 +6,16 @@
     ca-certificates has been split.
   * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
   * Remove make-targets.patch.  It prevented the test dir from being cleaned.
+  * Update to a git snapshot of the OpenSSL_1_0_1-stable branch. 
+    - Fixes CVE-2013-6449 (Closes: #732754)
+    - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
+      dtls_version.patch get_certificate.patch, since they where all
+      already commited upstream.
+    - adjust fix-pod-errors.patch for the reordering of items in the
+      documentation they've done trying to fix those pod errors.
+  * disable rdrand engine by default (Closes: #732710)
 
- -- Kurt Roeckx <kurt at roeckx.be>  Sun, 22 Dec 2013 17:11:19 +0100
+ -- Kurt Roeckx <kurt at roeckx.be>  Sun, 22 Dec 2013 17:46:08 +0100
 
 openssl (1.0.1e-4) unstable; urgency=low
 

Added: openssl/trunk/debian/patches/rdrand.patch
===================================================================
--- openssl/trunk/debian/patches/rdrand.patch	                        (rev 0)
+++ openssl/trunk/debian/patches/rdrand.patch	2013-12-22 16:47:39 UTC (rev 623)
@@ -0,0 +1,25 @@
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Wed, 11 Dec 2013 14:45:12 +0000
+Subject: [PATCH] Don't use rdrand engine as default unless explicitly
+ requested.
+Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=8f68678989a198ead3ab59a698302ecb0f1c8fb1
+
+---
+ crypto/engine/eng_rdrand.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
+index a9ba5ae..4e9e91d 100644
+--- a/crypto/engine/eng_rdrand.c
++++ b/crypto/engine/eng_rdrand.c
+@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
+ 	{
+ 	if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+ 	    !ENGINE_set_name(e, engine_e_rdrand_name) ||
++            !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+ 	    !ENGINE_set_init_function(e, rdrand_init) ||
+ 	    !ENGINE_set_RAND(e, &rdrand_meth) )
+ 		return 0;
+-- 
+1.8.5.1
+

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2013-12-22 16:42:44 UTC (rev 622)
+++ openssl/trunk/debian/patches/series	2013-12-22 16:47:39 UTC (rev 623)
@@ -32,3 +32,4 @@
 defaults.patch
 openssl_fix_for_x32.patch
 fix-pod-errors.patch
+rdrand.patch