[Pkg-openssl-changes] r559 - in openssl/trunk/debian: . patches

Thu Apr 19 18:18:54 UTC 2012

Author: kroeckx
Date: 2012-04-19 18:18:53 +0000 (Thu, 19 Apr 2012)
New Revision: 559

Removed:
   openssl/trunk/debian/patches/no_ssl2.patch
   openssl/trunk/debian/patches/tls1.2_client_algorithms.patch
   openssl/trunk/debian/patches/vpaes.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/patches/series
Log:
New upstream version


Modified: openssl/trunk/debian/changelog
===================================================================

--- openssl/trunk/debian/changelog	2012-03-31 19:05:13 UTC (rev 558)
+++ openssl/trunk/debian/changelog	2012-04-19 18:18:53 UTC (rev 559)
@@ -1,3 +1,15 @@
+openssl (1.0.1a-1) unstable; urgency=high
+
+  * New upstream version
+    - Fixes CVE-2012-2110
+    - Fix crash in rc4_hmac_md5 (Closes: #666405)
+    - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
+      supported
+    - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
+      applied upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 19 Apr 2012 19:54:12 +0200
+
 openssl (1.0.1-4) unstable; urgency=low
 
   * Use official patch for the vpaes problem, also covering amd64.

Deleted: openssl/trunk/debian/patches/no_ssl2.patch
===================================================================
--- openssl/trunk/debian/patches/no_ssl2.patch	2012-03-31 19:05:13 UTC (rev 558)
+++ openssl/trunk/debian/patches/no_ssl2.patch	2012-04-19 18:18:53 UTC (rev 559)
@@ -1,40 +0,0 @@
-Index: openssl-1.0.1/apps/s_client.c
-===================================================================
---- openssl-1.0.1.orig/apps/s_client.c	2012-03-14 14:32:14.000000000 +0100
-+++ openssl-1.0.1/apps/s_client.c	2012-03-18 16:08:29.000000000 +0100
-@@ -622,13 +622,7 @@
- 	SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
- #endif
- 
--#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- 	meth=SSLv23_client_method();
--#elif !defined(OPENSSL_NO_SSL3)
--	meth=SSLv3_client_method();
--#elif !defined(OPENSSL_NO_SSL2)
--	meth=SSLv2_client_method();
--#endif
- 
- 	apps_startup();
- 	c_Pause=0;
-Index: openssl-1.0.1/apps/s_server.c
-===================================================================
---- openssl-1.0.1.orig/apps/s_server.c	2012-02-12 00:21:09.000000000 +0100
-+++ openssl-1.0.1/apps/s_server.c	2012-03-18 16:09:21.000000000 +0100
-@@ -969,17 +969,7 @@
- 	char *srpuserseed = NULL;
- 	char *srp_verifier_file = NULL;
- #endif
--#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- 	meth=SSLv23_server_method();
--#elif !defined(OPENSSL_NO_SSL3)
--	meth=SSLv3_server_method();
--#elif !defined(OPENSSL_NO_SSL2)
--	meth=SSLv2_server_method();
--#elif !defined(OPENSSL_NO_TLS1)
--	meth=TLSv1_server_method();
--#else
--  /*  #error no SSL version enabled */
--#endif
- 
- 	local_argc=argc;
- 	local_argv=argv;

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2012-03-31 19:05:13 UTC (rev 558)
+++ openssl/trunk/debian/patches/series	2012-04-19 18:18:53 UTC (rev 559)
@@ -29,7 +29,4 @@
 block_diginotar.patch
 block_digicert_malaysia.patch
 c_rehash-multi.patch
-no_ssl2.patch
-vpaes.patch
-tls1.2_client_algorithms.patch
 

Deleted: openssl/trunk/debian/patches/tls1.2_client_algorithms.patch
===================================================================
--- openssl/trunk/debian/patches/tls1.2_client_algorithms.patch	2012-03-31 19:05:13 UTC (rev 558)
+++ openssl/trunk/debian/patches/tls1.2_client_algorithms.patch	2012-04-19 18:18:53 UTC (rev 559)
@@ -1,13 +0,0 @@
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 57d1107..27c8e34 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -544,7 +544,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
- 		}
- 		skip_ext:
- 
--	if (TLS1_get_version(s) >= TLS1_2_VERSION)
-+	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
- 		{
- 		if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
- 			return NULL; 

Deleted: openssl/trunk/debian/patches/vpaes.patch
===================================================================
--- openssl/trunk/debian/patches/vpaes.patch	2012-03-31 19:05:13 UTC (rev 558)
+++ openssl/trunk/debian/patches/vpaes.patch	2012-04-19 18:18:53 UTC (rev 559)
@@ -1,69 +0,0 @@
-Index: openssl/crypto/aes/asm/vpaes-x86.pl
-RCS File: /v/openssl/cvs/openssl/crypto/aes/asm/vpaes-x86.pl,v
-rcsdiff -q -kk '-r1.5.4.4' '-r1.5.4.5' -u '/v/openssl/cvs/openssl/crypto/aes/asm/vpaes-x86.pl,v' 2>/dev/null
---- a/crypto/aes/asm/vpaes-x86.pl	2011/12/15 22:20:26	1.5.4.4
-+++ b/crypto/aes/asm/vpaes-x86.pl	2012/03/31 16:55:18	1.5.4.5
-@@ -843,6 +843,8 @@
- 	&mov	($out,&wparam(1));		# out
- 	&mov	($round,&wparam(2));		# len
- 	&mov	($key,&wparam(3));		# key
-+	&sub	($round,16);
-+	&jc	(&label("cbc_abort"));
- 	&lea	($base,&DWP(-56,"esp"));
- 	&mov	($const,&wparam(4));		# ivp
- 	&and	($base,-16);
-@@ -853,7 +855,6 @@
- 	&mov	(&DWP(48,"esp"),$base);
- 
- 	&mov	(&DWP(0,"esp"),$out);		# save out
--	&sub	($round,16);
- 	&mov	(&DWP(4,"esp"),$key)		# save key
- 	&mov	(&DWP(8,"esp"),$const);		# save ivp
- 	&mov	($out,$round);			# $out works as $len
-@@ -896,6 +897,7 @@
- 	&mov	($base,&DWP(8,"esp"));		# restore ivp
- 	&mov	("esp",&DWP(48,"esp"));
- 	&movdqu	(&QWP(0,$base),"xmm1");		# write IV
-+&set_label("cbc_abort");
- &function_end("${PREFIX}_cbc_encrypt");
- 
- &asm_finish();
-Index: openssl/crypto/aes/asm/vpaes-x86_64.pl
-RCS File: /v/openssl/cvs/openssl/crypto/aes/asm/vpaes-x86_64.pl,v
-rcsdiff -q -kk '-r1.4.4.2' '-r1.4.4.3' -u '/v/openssl/cvs/openssl/crypto/aes/asm/vpaes-x86_64.pl,v' 2>/dev/null
---- a/crypto/aes/asm/vpaes-x86_64.pl	2011/11/14 21:01:17	1.4.4.2
-+++ a/crypto/aes/asm/vpaes-x86_64.pl	2012/03/31 16:55:18	1.4.4.3
-@@ -263,7 +263,7 @@
- 	pshufb  %xmm2,  %xmm4	# 4 = sbou
- 	pxor	%xmm0,  %xmm4	# 4 = sb1u + k
- 	movdqa	0x70(%r10), %xmm0	# 0 : sbot
--	movdqa	.Lk_sr-.Lk_dsbd(%r11), %xmm2
-+	movdqa	-0x160(%r11), %xmm2	# .Lk_sr-.Lk_dsbd=-0x160
- 	pshufb  %xmm3,	%xmm0	# 0 = sb1t
- 	pxor	%xmm4,	%xmm0	# 0 = A
- 	pshufb	%xmm2,	%xmm0
-@@ -869,6 +869,8 @@
- ___
- ($len,$key)=($key,$len);
- $code.=<<___;
-+	sub	\$16,$len
-+	jc	.Lcbc_abort
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -887,7 +889,6 @@
- $code.=<<___;
- 	movdqu	($ivp),%xmm6		# load IV
- 	sub	$inp,$out
--	sub	\$16,$len
- 	call	_vpaes_preheat
- 	cmp	\$0,${enc}d
- 	je	.Lcbc_dec_loop
-@@ -932,6 +933,7 @@
- .Lcbc_epilogue:
- ___
- $code.=<<___;
-+.Lcbc_abort:
- 	ret
- .size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
- ___


