[Pkg-openssl-changes] r675 - in openssl/branches/1.0.1/debian: . patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Mon Jun 9 09:25:26 UTC 2014 

Author: kroeckx
Date: 2014-06-09 09:25:26 +0000 (Mon, 09 Jun 2014)
New Revision: 675

Added:
   openssl/branches/1.0.1/debian/patches/git_snapshot.patch
Removed:
   openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch
Modified:
   openssl/branches/1.0.1/debian/changelog
   openssl/branches/1.0.1/debian/patches/series
Log:
New upstream snapshot


Modified: openssl/branches/1.0.1/debian/changelog
===================================================================
--- openssl/branches/1.0.1/debian/changelog	2014-06-07 10:04:11 UTC (rev 674)
+++ openssl/branches/1.0.1/debian/changelog	2014-06-09 09:25:26 UTC (rev 675)
@@ -1,3 +1,12 @@
+openssl (1.0.1h-2) unstable; urgency=medium
+
+  * Use upstream git snapshot:
+    - Fix resumption problem when using tls_session_secret_cb
+    - Create ~/.rnd with mode 0600 (Closes: #750103)
+    - Fix building on heartbeat test, drop patch to disable it.
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 09 Jun 2014 11:21:51 +0200
+
 openssl (1.0.1h-1) unstable; urgency=high
 
   * New upstream release

Deleted: openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch	2014-06-07 10:04:11 UTC (rev 674)
+++ openssl/branches/1.0.1/debian/patches/disable_heartbeat_test.patch	2014-06-09 09:25:26 UTC (rev 675)
@@ -1,27 +0,0 @@
-From: Kurt Roeckx <kurt at roeckx.be>
-Subject: Disable heartbeat test
-
-It fails to link, probably because it's using internal symbols.
-
-Index: openssl-1.0.1h/test/Makefile
-===================================================================
---- openssl-1.0.1h.orig/test/Makefile
-+++ openssl-1.0.1h/test/Makefile
-@@ -75,7 +75,7 @@ EXE=	$(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_
- 	$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
- 	$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
- 	$(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
--	$(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT)
-+	$(ASN1TEST)$(EXE_EXT)
- 
- # $(METHTEST)$(EXE_EXT)
- 
-@@ -140,7 +140,7 @@ alltests: \
- 	test_enc test_x509 test_rsa test_crl test_sid \
- 	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- 	test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
--	test_jpake test_srp test_cms test_heartbeat
-+	test_jpake test_srp test_cms
- 
- test_evp:
- 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt

Added: openssl/branches/1.0.1/debian/patches/git_snapshot.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/git_snapshot.patch	                        (rev 0)
+++ openssl/branches/1.0.1/debian/patches/git_snapshot.patch	2014-06-09 09:25:26 UTC (rev 675)
@@ -0,0 +1,145 @@
+diff --git a/CHANGES b/CHANGES
+index d161eca..53b6c6f 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -2,6 +2,10 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes between 1.0.1h and 1.0.1i [xx XXX xxxx]
++
++  *)
++
+  Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+ 
+   *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+diff --git a/NEWS b/NEWS
+index d062041..58ce8fa 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,15 @@
+   This file gives a brief overview of the major changes between each OpenSSL
+   release. For more details please read the CHANGES file.
+ 
++  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [under development]
++
++      o
++
++  Known issues in OpenSSL 1.0.1h:
++
++      o EAP-FAST and other applications using tls_session_secret_cb
++        wont resume sessions. Fixed in 1.0.1i-dev
++
+   Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+ 
+       o Fix for CVE-2014-0224
+diff --git a/README b/README
+index 95c5cd2..37dbb3b 100644
+--- a/README
++++ b/README
+@@ -1,5 +1,5 @@
+ 
+- OpenSSL 1.0.1h 5 Jun 2014
++ OpenSSL 1.0.1i-dev
+ 
+  Copyright (c) 1998-2011 The OpenSSL Project
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+diff --git a/crypto/opensslv.h b/crypto/opensslv.h
+index c3b6ace..a59982e 100644
+--- a/crypto/opensslv.h
++++ b/crypto/opensslv.h
+@@ -25,11 +25,11 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-#define OPENSSL_VERSION_NUMBER	0x1000108fL
++#define OPENSSL_VERSION_NUMBER	0x10001090L
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1h-fips 5 Jun 2014"
++#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1i-fips-dev xx XXX xxxx"
+ #else
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1h 5 Jun 2014"
++#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1i-dev xx XXX xxxx"
+ #endif
+ #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+ 
+diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
+index 7f14280..14ba69d 100644
+--- a/crypto/rand/randfile.c
++++ b/crypto/rand/randfile.c
+@@ -79,6 +79,7 @@
+ #endif
+ #ifndef OPENSSL_NO_POSIX_IO
+ # include <sys/stat.h>
++# include <fcntl.h>
+ #endif
+ 
+ #ifdef _WIN32
+diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
+index 367691c..310c65e 100644
+--- a/doc/crypto/EVP_DigestInit.pod
++++ b/doc/crypto/EVP_DigestInit.pod
+@@ -161,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
+ EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+ corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+ 
+-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+-EVP_MD_CTX_block_size()	and EVP_MD_block_size() return the digest or block
+-size in bytes.
++EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
++EVP_MD_CTX_block_size() return the digest or block size in bytes.
+ 
+ EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+ EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+diff --git a/openssl.spec b/openssl.spec
+index f0f5ea8..a7e2776 100644
+--- a/openssl.spec
++++ b/openssl.spec
+@@ -7,7 +7,7 @@ Release: 1
+ Summary: Secure Sockets Layer and cryptography libraries and tools
+ Name: openssl
+ #Version: %{libmaj}.%{libmin}.%{librel}
+-Version: 1.0.1h
++Version: 1.0.1i
+ Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+ License: OpenSSL
+ Group: System Environment/Libraries
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index 0457af8..167bfc6 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -901,6 +901,7 @@ int ssl3_get_server_hello(SSL *s)
+ 			{
+ 			s->session->cipher = pref_cipher ?
+ 				pref_cipher : ssl_get_cipher_by_char(s, p+j);
++	    		s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			}
+ 		}
+ #endif /* OPENSSL_NO_TLSEXT */
+diff --git a/test/Makefile b/test/Makefile
+index 005f2e8..3e9f819 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -370,6 +370,13 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ 		link_app.$${shlib_target}
+ 
++BUILD_CMD_STATIC=shlib_target=; \
++	LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \
++	$(MAKE) -f $(TOP)/Makefile.shared -e \
++		APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
++		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
++		link_app.$${shlib_target}
++
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+ 	@target=$(RSATEST); $(BUILD_CMD)
+ 
+@@ -476,7 +483,7 @@ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+ 	@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD)
++	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c

Modified: openssl/branches/1.0.1/debian/patches/series
===================================================================
--- openssl/branches/1.0.1/debian/patches/series	2014-06-07 10:04:11 UTC (rev 674)
+++ openssl/branches/1.0.1/debian/patches/series	2014-06-09 09:25:26 UTC (rev 675)
@@ -21,4 +21,4 @@
 #padlock_conf.patch
 defaults.patch
 openssl_fix_for_x32.patch
-disable_heartbeat_test.patch
+git_snapshot.patch

More information about the Pkg-openssl-changes mailing list