[Pkg-openssl-changes] r699 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Nov 6 21:22:29 UTC 2014
Author: kroeckx
Date: 2014-11-06 21:22:29 +0000 (Thu, 06 Nov 2014)
New Revision: 699
Removed:
openssl/trunk/debian/patches/defaults.patch
openssl/trunk/debian/patches/rehash-crt.patch
openssl/trunk/debian/patches/rehash_pod.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/libssl1.0.0.symbols
openssl/trunk/debian/patches/c_rehash-compat.patch
openssl/trunk/debian/patches/dgst_hmac.patch
openssl/trunk/debian/patches/engines-path.patch
openssl/trunk/debian/patches/series
openssl/trunk/debian/patches/version-script.patch
openssl/trunk/debian/rules
Log:
New usptream beta version
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/changelog 2014-11-06 21:22:29 UTC (rev 699)
@@ -1,3 +1,22 @@
+openssl (1.0.2~beta3-1) experimental; urgency=low
+
+ * New usptream beta version
+ * Merge changes between 1.0.1h-3 and 1.0.1j-1:
+ - Disables SSLv3 because of CVE-2014-3566
+ * Drop patch rehash-crt.patch: partially applied upstream.
+ c_rehash now doesn't support files in DER format anymore.
+ * Drop patch rehash_pod.patch: applied upstream
+ * Update c_rehash-compat.patch to apply to new upstream version. This
+ undoes upstream's "-old" option and creates both the new and old again.
+ It now also does it for CRLs.
+ * Drop defaults.patch, applied upstream
+ * dgst_hmac.patch updated to apply to upstream version.
+ * engines-path.patch updated to apply to upstream version.
+ * Update list of exported symbols
+ * Update symbols files to require beta3
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 01 Nov 2014 18:34:42 +0100
+
openssl (1.0.2~beta2-1) experimental; urgency=medium
* New usptream beta version
Modified: openssl/trunk/debian/libssl1.0.0.symbols
===================================================================
--- openssl/trunk/debian/libssl1.0.0.symbols 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/libssl1.0.0.symbols 2014-11-06 21:22:29 UTC (rev 699)
@@ -2,9 +2,9 @@
*@OPENSSL_1.0.0 1.0.0
*@OPENSSL_1.0.1 1.0.1
*@OPENSSL_1.0.1d 1.0.1d
- *@OPENSSL_1.0.2 1.0.2~beta1
+ *@OPENSSL_1.0.2 1.0.2~beta3
libssl.so.1.0.0 libssl1.0.0 #MINVER#
*@OPENSSL_1.0.0 1.0.0
*@OPENSSL_1.0.1 1.0.1
*@OPENSSL_1.0.1d 1.0.1d
- *@OPENSSL_1.0.2 1.0.2~beta1
+ *@OPENSSL_1.0.2 1.0.2~beta3
Modified: openssl/trunk/debian/patches/c_rehash-compat.patch
===================================================================
--- openssl/trunk/debian/patches/c_rehash-compat.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/c_rehash-compat.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -7,30 +7,50 @@
tools/c_rehash.in | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
-Index: openssl-1.0.0d/tools/c_rehash.in
+Index: openssl-1.0.2~beta3/tools/c_rehash.in
===================================================================
---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
-+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
-@@ -86,6 +86,7 @@
- }
+--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
++++ openssl-1.0.2~beta3/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ '-.*' ) {
+ my $flag = shift @ARGV;
+ last if ( $flag eq '--');
+- if ( $flag =~ /-old/) {
+- $x509hash = "-subject_hash_old";
+- $crlhash = "-hash_old";
+- } elsif ( $flag =~ /-h/) {
++ if ( $flag =~ /-h/) {
+ help();
+ } elsif ( $flag eq '-n' ) {
+ $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+ next;
}
link_hash_cert($fname) if($cert);
+ link_hash_cert_old($fname) if($cert);
link_hash_crl($fname) if($crl);
++ link_hash_crl_old($fname) if($crl);
}
}
-@@ -119,8 +120,9 @@
+@@ -146,6 +143,7 @@ sub check_file {
+
sub link_hash_cert {
my $fname = $_[0];
-+ my $hashopt = $_[1] || '-subject_hash';
++ my $x509hash = $_[1] || '-subject_hash';
$fname =~ s/'/'\\''/g;
-- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
-+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
+@@ -177,10 +175,20 @@ sub link_hash_cert {
$hashlist{$hash} = $fprint;
}
@@ -38,6 +58,16 @@
+ link_hash_cert($_[0], '-subject_hash_old');
+}
+
++sub link_hash_crl_old {
++ link_hash_crl($_[0], '-hash_old');
++}
++
++
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
+ my $fname = $_[0];
++ my $crlhash = $_[1] || "-hash";
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ chomp $hash;
Deleted: openssl/trunk/debian/patches/defaults.patch
===================================================================
--- openssl/trunk/debian/patches/defaults.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/defaults.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -1,117 +0,0 @@
-From: Kurt Roeckx <kurt at roeckx.be>
-Subject: Change default bit size and digest
-Date: Fri, 01 Nov 2013 20:47:14 +0100
-
-Index: openssl-1.0.1e/apps/openssl.cnf
-===================================================================
---- openssl-1.0.1e.orig/apps/openssl.cnf 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/apps/openssl.cnf 2013-12-22 15:36:37.175274904 +0100
-@@ -103,7 +103,7 @@
-
- ####################################################################
- [ req ]
--default_bits = 1024
-+default_bits = 2048
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
-Index: openssl-1.0.1e/crypto/dsa/dsa_ameth.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.175274904 +0100
-@@ -628,7 +628,7 @@
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 2;
-
- default:
-Index: openssl-1.0.1e/crypto/ec/ec_ameth.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.175274904 +0100
-@@ -615,7 +615,7 @@
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 2;
-
- default:
-Index: openssl-1.0.1e/crypto/hmac/hm_ameth.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.175274904 +0100
-@@ -89,7 +89,7 @@
- switch (op)
- {
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 1;
-
- default:
-Index: openssl-1.0.1e/crypto/rsa/rsa_ameth.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.175274904 +0100
-@@ -435,7 +435,7 @@
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 1;
-
- default:
-Index: openssl-1.0.1e/apps/gendh.c
-===================================================================
---- openssl-1.0.1e.orig/apps/gendh.c 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/apps/gendh.c 2013-12-22 15:36:37.175274904 +0100
-@@ -78,7 +78,7 @@
- #include <openssl/x509.h>
- #include <openssl/pem.h>
-
--#define DEFBITS 512
-+#define DEFBITS 2048
- #undef PROG
- #define PROG gendh_main
-
-Index: openssl-1.0.1e/apps/genrsa.c
-===================================================================
---- openssl-1.0.1e.orig/apps/genrsa.c 2013-12-22 15:36:37.179274819 +0100
-+++ openssl-1.0.1e/apps/genrsa.c 2013-12-22 15:36:37.175274904 +0100
-@@ -78,7 +78,7 @@
- #include <openssl/pem.h>
- #include <openssl/rand.h>
-
--#define DEFBITS 1024
-+#define DEFBITS 2048
- #undef PROG
- #define PROG genrsa_main
-
-Index: openssl-1.0.1e/apps/dhparam.c
-===================================================================
---- openssl-1.0.1e.orig/apps/dhparam.c 2013-12-22 15:37:05.438669443 +0100
-+++ openssl-1.0.1e/apps/dhparam.c 2013-12-22 15:38:18.417105946 +0100
-@@ -130,7 +130,7 @@
- #undef PROG
- #define PROG dhparam_main
-
--#define DEFBITS 512
-+#define DEFBITS 2048
-
- /* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
-@@ -253,7 +253,7 @@
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
- BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
-- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
-+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
- #ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
- #endif
Modified: openssl/trunk/debian/patches/dgst_hmac.patch
===================================================================
--- openssl/trunk/debian/patches/dgst_hmac.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/dgst_hmac.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -8,22 +8,22 @@
ding though, especially considering the FIPS option, which I
found as undocumented too.
-Index: openssl-1.0.2~beta1/doc/apps/dgst.pod
+Index: openssl-1.0.1j/doc/apps/dgst.pod
===================================================================
---- openssl-1.0.2~beta1.orig/doc/apps/dgst.pod 2014-02-25 00:15:34.364841692 +0100
-+++ openssl-1.0.2~beta1/doc/apps/dgst.pod 2014-02-25 00:15:34.360841777 +0100
-@@ -12,6 +12,8 @@
+--- openssl-1.0.1j.orig/doc/apps/dgst.pod
++++ openssl-1.0.1j/doc/apps/dgst.pod
+@@ -12,6 +12,8 @@ B<openssl> B<dgst>
[B<-d>]
[B<-hex>]
[B<-binary>]
+[B<-hmac arg>]
+[B<-non-fips-allow>]
+ [B<-r>]
[B<-out filename>]
[B<-sign filename>]
- [B<-keyform arg>]
-@@ -54,6 +56,14 @@
+@@ -62,6 +64,14 @@ output the digest or signature in binary
- output the digest or signature in binary form.
+ output the digest in the "coreutils" format used by programs like B<sha1sum>.
+=item B<-hmac arg>
+
@@ -36,11 +36,11 @@
=item B<-out filename>
filename to output to, or standard output by default.
-Index: openssl-1.0.2~beta1/apps/dgst.c
+Index: openssl-1.0.1j/apps/dgst.c
===================================================================
---- openssl-1.0.2~beta1.orig/apps/dgst.c 2014-02-25 00:15:34.364841692 +0100
-+++ openssl-1.0.2~beta1/apps/dgst.c 2014-02-25 00:15:34.360841777 +0100
-@@ -276,6 +276,8 @@
+--- openssl-1.0.1j.orig/apps/dgst.c
++++ openssl-1.0.1j/apps/dgst.c
+@@ -273,6 +273,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
Modified: openssl/trunk/debian/patches/engines-path.patch
===================================================================
--- openssl/trunk/debian/patches/engines-path.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/engines-path.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/Makefile.org
+Index: openssl-1.0.2~beta3/Makefile.org
===================================================================
---- openssl-1.0.0c.orig/Makefile.org 2010-01-27 17:06:58.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org 2010-12-13 19:41:03.000000000 +0100
-@@ -497,7 +497,7 @@
+--- openssl-1.0.2~beta3.orig/Makefile.org
++++ openssl-1.0.2~beta3/Makefile.org
+@@ -541,7 +541,7 @@ install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
@@ -11,11 +11,11 @@
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-Index: openssl-1.0.0c/engines/Makefile
+Index: openssl-1.0.2~beta3/engines/Makefile
===================================================================
---- openssl-1.0.0c.orig/engines/Makefile 2010-08-24 23:46:34.000000000 +0200
-+++ openssl-1.0.0c/engines/Makefile 2010-12-12 19:16:22.000000000 +0100
-@@ -107,7 +107,7 @@
+--- openssl-1.0.2~beta3.orig/engines/Makefile
++++ openssl-1.0.2~beta3/engines/Makefile
+@@ -107,13 +107,13 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
@@ -24,16 +24,19 @@
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
-@@ -119,13 +119,13 @@
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -122,10 +122,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
- else \
- sfx=".so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -42,11 +45,11 @@
done; \
fi
@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.0c/Configure
+Index: openssl-1.0.2~beta3/Configure
===================================================================
---- openssl-1.0.0c.orig/Configure 2010-12-12 19:16:22.000000000 +0100
-+++ openssl-1.0.0c/Configure 2010-12-13 19:40:53.000000000 +0100
-@@ -1732,7 +1732,7 @@
+--- openssl-1.0.2~beta3.orig/Configure
++++ openssl-1.0.2~beta3/Configure
+@@ -1893,7 +1893,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
@@ -55,19 +58,25 @@
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
-Index: openssl-1.0.0c/engines/ccgost/Makefile
+Index: openssl-1.0.2~beta3/engines/ccgost/Makefile
===================================================================
---- openssl-1.0.0c.orig/engines/ccgost/Makefile 2010-12-13 19:41:14.000000000 +0100
-+++ openssl-1.0.0c/engines/ccgost/Makefile 2010-12-13 19:42:21.000000000 +0100
-@@ -53,13 +53,13 @@
+--- openssl-1.0.2~beta3.orig/engines/ccgost/Makefile
++++ openssl-1.0.2~beta3/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- sfx=".so"; \
- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
Deleted: openssl/trunk/debian/patches/rehash-crt.patch
===================================================================
--- openssl/trunk/debian/patches/rehash-crt.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/rehash-crt.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -1,33 +0,0 @@
-Index: openssl-1.0.0c/tools/c_rehash.in
-===================================================================
---- openssl-1.0.0c.orig/tools/c_rehash.in 2010-04-15 01:07:28.000000000 +0200
-+++ openssl-1.0.0c/tools/c_rehash.in 2010-12-12 17:10:51.000000000 +0100
-@@ -75,12 +75,15 @@
- }
- }
- closedir DIR;
-- FILE: foreach $fname (grep {/\.pem$/} @flist) {
-+ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
- # Check to see if certificates and/or CRLs present.
- my ($cert, $crl) = check_file($fname);
- if(!$cert && !$crl) {
-- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-- next;
-+ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | ");
-+ if(!$cert && !$crl) {
-+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-+ next;
-+ }
- }
- link_hash_cert($fname) if($cert);
- link_hash_crl($fname) if($crl);
-@@ -153,6 +156,9 @@
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
-+ if(!$hash || !fprint) {
-+ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`;
-+ }
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
Deleted: openssl/trunk/debian/patches/rehash_pod.patch
===================================================================
--- openssl/trunk/debian/patches/rehash_pod.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/rehash_pod.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -1,60 +0,0 @@
-Index: openssl-0.9.8k/doc/apps/c_rehash.pod
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-0.9.8k/doc/apps/c_rehash.pod 2009-07-19 11:36:27.000000000 +0200
-@@ -0,0 +1,55 @@
-+
-+=pod
-+
-+=head1 NAME
-+
-+c_rehash - Create symbolic links to files named by the hash values
-+
-+=head1 SYNOPSIS
-+
-+B<c_rehash>
-+[directory] ...
-+
-+=head1 DESCRIPTION
-+
-+c_rehash scans directories and takes a hash value of each .pem and .crt file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require.
-+
-+If any directories are named on the command line then these directories are processed in turn. If not then and the environment variable SSL_CERT_DIR is defined then that is consulted. This variable should be a colon (:) separated list of directories, all of which will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is processed.
-+
-+For each directory that is to be processed he user must have write permissions on the directory, if they do not then nothing will be printed for that directory.
-+
-+Note that this program deletes all the symbolic links that look like ones that it creates before processing a directory. Beware that if you run the program on a directory that contains symbolic links for other purposes that are named in the same format as those created by this program they will be lost.
-+
-+The hashes for certificate files are of the form <hash>.<n> where n is an integer. If the hash value already exists then n will be incremented, unless the file is a duplicate. Duplicates are detected using the fingerprint of the certificate. A warning will be printed if a duplicate is detected. The hashes for CRL files are of the form <hash>.r<n> and have the same behavior.
-+
-+The program will also warn if there are files with extension .pem which are not certificate or CRL files.
-+
-+The program uses the openssl program to compute the hashes and fingerprints. It expects the executable to be named openssl and be on the PATH, or in the /usr/lib/ssl/bin directory. If the OPENSSL environment variable is defined then this is used instead as the executable that provides the hashes and fingerprints. When called as $OPENSSL x509 -hash -fingerprint -noout -in $file it must output the hash of $file on the first line followed by the fingerprint on the second line, optionally prefixed with some text and an equals sign (=).
-+
-+=head1 OPTIONS
-+
-+None
-+
-+=head1 ENVIRONMENT
-+
-+=over 4
-+
-+=item B<OPENSSL>
-+
-+The name (and path) of an executable to use to generate hashes and fingerprints (see above).
-+
-+=item B<SSL_CERT_DIR>
-+
-+Colon separated list of directories to operate on. Ignored if directories are listed on the command line.
-+
-+=back
-+
-+=head1 SEE ALSO
-+
-+L<openssl(1)|openssl(1)>, L<x509(1)|x509(1)>
-+
-+=head1 BUGS
-+
-+No known bugs
-+
-+=cut
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/series 2014-11-06 21:22:29 UTC (rev 699)
@@ -8,8 +8,6 @@
no-symbolic.patch
pic.patch
valgrind.patch
-rehash-crt.patch
-rehash_pod.patch
shared-lib-ext.patch
stddef.patch
version-script.patch
@@ -21,4 +19,3 @@
block_diginotar.patch
block_digicert_malaysia.patch
#padlock_conf.patch
-defaults.patch
Modified: openssl/trunk/debian/patches/version-script.patch
===================================================================
--- openssl/trunk/debian/patches/version-script.patch 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/patches/version-script.patch 2014-11-06 21:22:29 UTC (rev 699)
@@ -15,7 +15,7 @@
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4601 @@
+@@ -0,0 +1,4614 @@
+OPENSSL_1.0.0 {
+ global:
+ BIO_f_ssl;
@@ -4517,6 +4517,7 @@
+ SSL_CTX_get0_certificate;
+ SSL_CTX_get0_privatekey;
+ SSL_COMP_set0_compression_methods;
++ SSL_COMP_free_compression_methods;
+ SSL_CIPHER_find;
+ SSL_is_server;
+ SSL_CONF_CTX_new;
@@ -4560,6 +4561,8 @@
+ ECDH_KDF_X9_62;
+ ECDSA_METHOD_new;
+ ECDSA_METHOD_free;
++ ECDSA_METHOD_set_app_data;
++ ECDSA_METHOD_get_app_data;
+ ECDSA_METHOD_set_sign;
+ ECDSA_METHOD_set_sign_setup;
+ ECDSA_METHOD_set_verify;
@@ -4592,6 +4595,7 @@
+ X509_http_nbio;
+ X509_CRL_http_nbio;
+ X509_REVOKED_dup;
++ i2d_re_X509_tbs;
+ X509_get0_signature;
+ X509_get_signature_nid;
+ X509_CRL_diff;
@@ -4604,6 +4608,9 @@
+ X509_STORE_set_lookup_crls_cb;
+ X509_STORE_CTX_get0_store;
+ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_add1_host;
++ X509_VERIFY_PARAM_set_hostflags;
++ X509_VERIFY_PARAM_get0_peername;
+ X509_VERIFY_PARAM_set1_email;
+ X509_VERIFY_PARAM_set1_ip;
+ X509_VERIFY_PARAM_set1_ip_asc;
@@ -4611,10 +4618,16 @@
+ X509_VERIFY_PARAM_get_count;
+ X509_VERIFY_PARAM_get0;
+ X509V3_EXT_free;
++ EC_GROUP_get_mont_data;
+ EC_curve_nid2nist;
+ EC_curve_nist2nid;
+ PEM_write_bio_DHxparams;
+ PEM_write_DHxparams;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_extension_supported;
++ BUF_strnlen;
++ sk_deep_copy;
+} OPENSSL_1.0.1d;
+
Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
Modified: openssl/trunk/debian/rules
===================================================================
--- openssl/trunk/debian/rules 2014-11-01 15:26:07 UTC (rev 698)
+++ openssl/trunk/debian/rules 2014-11-06 21:22:29 UTC (rev 699)
@@ -26,7 +26,7 @@
export CROSS_COMPILE ?= $(DEB_HOST_GNU_TYPE)-
endif
-CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2
+CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2 no-ssl3
OPT_alpha = ev4 ev5
OPT_i386 = i586 i686/cmov
ARCHOPTS = OPT_$(DEB_HOST_ARCH)
More information about the Pkg-openssl-changes
mailing list