[Pkg-openssl-changes] r586 - in openssl/trunk/debian: . patches

Kurt Roeckx kroeckx at alioth.debian.org
Mon Feb 11 18:45:29 UTC 2013 

Author: kroeckx
Date: 2013-02-11 18:45:29 +0000 (Mon, 11 Feb 2013)
New Revision: 586

Added:
   openssl/trunk/debian/patches/ssltest_no_sslv2.patch
Removed:
   openssl/trunk/debian/patches/renegiotate_tls.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/libssl1.0.0.symbols
   openssl/trunk/debian/patches/series
   openssl/trunk/debian/patches/version-script.patch
Log:
  * New upstream version (Closes: #699889)
    - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
    - Drop renegiotate_tls.patch, applied upstream
    - Export new CRYPTO_memcmp symbol, update symbol file
  * Add ssltest_no_sslv2.patch so that "make test" works.


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/changelog	2013-02-11 18:45:29 UTC (rev 586)
@@ -1,3 +1,13 @@
+openssl (1.0.1e-1) unstable; urgency=high
+
+  * New upstream version (Closes: #699889)
+    - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
+    - Drop renegiotate_tls.patch, applied upstream
+    - Export new CRYPTO_memcmp symbol, update symbol file
+  * Add ssltest_no_sslv2.patch so that "make test" works.
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 11 Feb 2013 19:39:44 +0100
+
 openssl (1.0.1c-5) unstable; urgency=low
 
   * Re-enable assembler versions on sparc.  They shouldn't have

Modified: openssl/trunk/debian/libssl1.0.0.symbols
===================================================================
--- openssl/trunk/debian/libssl1.0.0.symbols	2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/libssl1.0.0.symbols	2013-02-11 18:45:29 UTC (rev 586)
@@ -1,6 +1,8 @@
 libcrypto.so.1.0.0 libssl1.0.0 #MINVER#
  *@OPENSSL_1.0.0 1.0.0
  *@OPENSSL_1.0.1 1.0.1
+ *@OPENSSL_1.0.1d 1.0.1d
 libssl.so.1.0.0 libssl1.0.0 #MINVER#
  *@OPENSSL_1.0.0 1.0.0
  *@OPENSSL_1.0.1 1.0.1
+ *@OPENSSL_1.0.1d 1.0.1d

Deleted: openssl/trunk/debian/patches/renegiotate_tls.patch
===================================================================
--- openssl/trunk/debian/patches/renegiotate_tls.patch	2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/patches/renegiotate_tls.patch	2013-02-11 18:45:29 UTC (rev 586)
@@ -1,10 +0,0 @@
---- openssl/ssl/s3_pkt.c	2012/04/17 13:21:19	1.95
-+++ openssl/ssl/s3_pkt.c	2012/05/11 13:34:29	1.96
-@@ -744,6 +744,7 @@
- 	 * bytes and record version number > TLS 1.0
- 	 */
- 	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
-+				&& !s->renegotiate
- 				&& TLS1_get_version(s) > TLS1_VERSION)
- 		*(p++) = 0x1;
- 	else

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/patches/series	2013-02-11 18:45:29 UTC (rev 586)
@@ -29,6 +29,6 @@
 block_diginotar.patch
 block_digicert_malaysia.patch
 c_rehash-multi.patch
-renegiotate_tls.patch
 #padlock_conf.patch
 default_bits.patch
+ssltest_no_sslv2.patch

Added: openssl/trunk/debian/patches/ssltest_no_sslv2.patch
===================================================================
--- openssl/trunk/debian/patches/ssltest_no_sslv2.patch	                        (rev 0)
+++ openssl/trunk/debian/patches/ssltest_no_sslv2.patch	2013-02-11 18:45:29 UTC (rev 586)
@@ -0,0 +1,24 @@
+From: Dr. Stephen Henson <steve at openssl.org>
+Date: Mon Feb 11 18:17:50 2013 +0000
+Origin: upstream, commit:cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4
+Subject: Fix in ssltest is no-ssl2 configured
+
+diff --git a/ssl/ssltest.c b/ssl/ssltest.c
+index 316bbb0..4f80be8 100644
+--- a/ssl/ssltest.c
++++ b/ssl/ssltest.c
+@@ -881,7 +881,13 @@ bad:
+ 		meth=SSLv23_method();
+ #else
+ #ifdef OPENSSL_NO_SSL2
+-	meth=SSLv3_method();
++	if (tls1)
++		meth=TLSv1_method();
++	else
++	if (ssl3)
++		meth=SSLv3_method();
++	else
++		meth=SSLv23_method();
+ #else
+ 	meth=SSLv2_method();
+ #endif

Modified: openssl/trunk/debian/patches/version-script.patch
===================================================================
--- openssl/trunk/debian/patches/version-script.patch	2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/patches/version-script.patch	2013-02-11 18:45:29 UTC (rev 586)
@@ -1,8 +1,8 @@
-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.1d/Configure
 ===================================================================
---- openssl-1.0.1.orig/Configure	2012-03-17 11:25:15.000000000 +0000
-+++ openssl-1.0.1/Configure	2012-03-17 11:48:15.000000000 +0000
-@@ -1616,6 +1616,8 @@
+--- openssl-1.0.1d.orig/Configure	2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.1d/Configure	2013-02-06 19:41:43.000000000 +0100
+@@ -1621,6 +1621,8 @@
  		}
  	}
  
@@ -11,11 +11,11 @@
  open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
  unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
  open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1/openssl.ld
+Index: openssl-1.0.1d/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1/openssl.ld	2012-03-17 11:46:37.000000000 +0000
-@@ -0,0 +1,4615 @@
++++ openssl-1.0.1d/openssl.ld	2013-02-06 19:44:25.000000000 +0100
+@@ -0,0 +1,4620 @@
 +OPENSSL_1.0.0 {
 +	global:
 +		BIO_f_ssl;
@@ -4631,10 +4631,15 @@
 +		BIO_dgram_sctp_notification_cb;
 +} OPENSSL_1.0.0;
 +
-Index: openssl-1.0.1/engines/openssl.ld
++OPENSSL_1.0.1d {
++	global:
++		CRYPTO_memcmp;
++} OPENSSL_1.0.1;
++
+Index: openssl-1.0.1d/engines/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1/engines/openssl.ld	2012-03-17 11:25:15.000000000 +0000
++++ openssl-1.0.1d/engines/openssl.ld	2013-02-06 19:41:43.000000000 +0100
 @@ -0,0 +1,10 @@
 +OPENSSL_1.0.0 {
 +	global:
@@ -4646,10 +4651,10 @@
 +		*;
 +};
 +
-Index: openssl-1.0.1/engines/ccgost/openssl.ld
+Index: openssl-1.0.1d/engines/ccgost/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1/engines/ccgost/openssl.ld	2012-03-17 11:25:15.000000000 +0000
++++ openssl-1.0.1d/engines/ccgost/openssl.ld	2013-02-06 19:41:43.000000000 +0100
 @@ -0,0 +1,10 @@
 +OPENSSL_1.0.0 {
 +	global:

More information about the Pkg-openssl-changes mailing list