[Pkg-openssl-changes] r675 - in openssl/branches/1.0.1/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Mon Jun 9 09:25:26 UTC 2014
Author: kroeckx
Date: 2014-06-09 09:25:26 +0000 (Mon, 09 Jun 2014)
New Revision: 675
Added:
openssl/branches/1.0.1/debian/patches/git_snapshot.patch
Removed:
openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch
Modified:
openssl/branches/1.0.1/debian/changelog
openssl/branches/1.0.1/debian/patches/series
Log:
New upstream snapshot
Modified: openssl/branches/1.0.1/debian/changelog
===================================================================
--- openssl/branches/1.0.1/debian/changelog 2014-06-07 10:04:11 UTC (rev 674)
+++ openssl/branches/1.0.1/debian/changelog 2014-06-09 09:25:26 UTC (rev 675)
@@ -1,3 +1,12 @@
+openssl (1.0.1h-2) unstable; urgency=medium
+
+ * Use upstream git snapshot:
+ - Fix resumption problem when using tls_session_secret_cb
+ - Create ~/.rnd with mode 0600 (Closes: #750103)
+ - Fix building on heartbeat test, drop patch to disable it.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 09 Jun 2014 11:21:51 +0200
+
openssl (1.0.1h-1) unstable; urgency=high
* New upstream release
Deleted: openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch 2014-06-07 10:04:11 UTC (rev 674)
+++ openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch 2014-06-09 09:25:26 UTC (rev 675)
@@ -1,27 +0,0 @@
-From: Kurt Roeckx <kurt at roeckx.be>
-Subject: Disable heartbeat test
-
-It fails to link, probably because it's using internal symbols.
-
-Index: openssl-1.0.1h/test/Makefile
-===================================================================
---- openssl-1.0.1h.orig/test/Makefile
-+++ openssl-1.0.1h/test/Makefile
-@@ -75,7 +75,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_
- $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
- $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
- $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
-- $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT)
-+ $(ASN1TEST)$(EXE_EXT)
-
- # $(METHTEST)$(EXE_EXT)
-
-@@ -140,7 +140,7 @@ alltests: \
- test_enc test_x509 test_rsa test_crl test_sid \
- test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
-- test_jpake test_srp test_cms test_heartbeat
-+ test_jpake test_srp test_cms
-
- test_evp:
- ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
Added: openssl/branches/1.0.1/debian/patches/git_snapshot.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/git_snapshot.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/git_snapshot.patch 2014-06-09 09:25:26 UTC (rev 675)
@@ -0,0 +1,145 @@
+diff --git a/CHANGES b/CHANGES
+index d161eca..53b6c6f 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -2,6 +2,10 @@
+ OpenSSL CHANGES
+ _______________
+
++ Changes between 1.0.1h and 1.0.1i [xx XXX xxxx]
++
++ *)
++
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+diff --git a/NEWS b/NEWS
+index d062041..58ce8fa 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,15 @@
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
++ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [under development]
++
++ o
++
++ Known issues in OpenSSL 1.0.1h:
++
++ o EAP-FAST and other applications using tls_session_secret_cb
++ wont resume sessions. Fixed in 1.0.1i-dev
++
+ Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+ o Fix for CVE-2014-0224
+diff --git a/README b/README
+index 95c5cd2..37dbb3b 100644
+--- a/README
++++ b/README
+@@ -1,5 +1,5 @@
+
+- OpenSSL 1.0.1h 5 Jun 2014
++ OpenSSL 1.0.1i-dev
+
+ Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+diff --git a/crypto/opensslv.h b/crypto/opensslv.h
+index c3b6ace..a59982e 100644
+--- a/crypto/opensslv.h
++++ b/crypto/opensslv.h
+@@ -25,11 +25,11 @@
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+-#define OPENSSL_VERSION_NUMBER 0x1000108fL
++#define OPENSSL_VERSION_NUMBER 0x10001090L
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014"
++#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips-dev xx XXX xxxx"
+ #else
+-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014"
++#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-dev xx XXX xxxx"
+ #endif
+ #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
+
+diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
+index 7f14280..14ba69d 100644
+--- a/crypto/rand/randfile.c
++++ b/crypto/rand/randfile.c
+@@ -79,6 +79,7 @@
+ #endif
+ #ifndef OPENSSL_NO_POSIX_IO
+ # include <sys/stat.h>
++# include <fcntl.h>
+ #endif
+
+ #ifdef _WIN32
+diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
+index 367691c..310c65e 100644
+--- a/doc/crypto/EVP_DigestInit.pod
++++ b/doc/crypto/EVP_DigestInit.pod
+@@ -161,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
+ EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+ corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+
+-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+-EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
+-size in bytes.
++EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
++EVP_MD_CTX_block_size() return the digest or block size in bytes.
+
+ EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+ EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+diff --git a/openssl.spec b/openssl.spec
+index f0f5ea8..a7e2776 100644
+--- a/openssl.spec
++++ b/openssl.spec
+@@ -7,7 +7,7 @@ Release: 1
+ Summary: Secure Sockets Layer and cryptography libraries and tools
+ Name: openssl
+ #Version: %{libmaj}.%{libmin}.%{librel}
+-Version: 1.0.1h
++Version: 1.0.1i
+ Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+ License: OpenSSL
+ Group: System Environment/Libraries
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index 0457af8..167bfc6 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -901,6 +901,7 @@ int ssl3_get_server_hello(SSL *s)
+ {
+ s->session->cipher = pref_cipher ?
+ pref_cipher : ssl_get_cipher_by_char(s, p+j);
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ }
+ }
+ #endif /* OPENSSL_NO_TLSEXT */
+diff --git a/test/Makefile b/test/Makefile
+index 005f2e8..3e9f819 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -370,6 +370,13 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ link_app.$${shlib_target}
+
++BUILD_CMD_STATIC=shlib_target=; \
++ LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \
++ $(MAKE) -f $(TOP)/Makefile.shared -e \
++ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
++ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
++ link_app.$${shlib_target}
++
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+ @target=$(RSATEST); $(BUILD_CMD)
+
+@@ -476,7 +483,7 @@ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+ @target=$(SRPTEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD)
++ @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
Modified: openssl/branches/1.0.1/debian/patches/series
===================================================================
--- openssl/branches/1.0.1/debian/patches/series 2014-06-07 10:04:11 UTC (rev 674)
+++ openssl/branches/1.0.1/debian/patches/series 2014-06-09 09:25:26 UTC (rev 675)
@@ -21,4 +21,4 @@
#padlock_conf.patch
defaults.patch
openssl_fix_for_x32.patch
-disable_heartbeat_test.patch
+git_snapshot.patch
More information about the Pkg-openssl-changes
mailing list