[Pkg-openssl-changes] r586 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Mon Feb 11 18:45:29 UTC 2013
Author: kroeckx
Date: 2013-02-11 18:45:29 +0000 (Mon, 11 Feb 2013)
New Revision: 586
Added:
openssl/trunk/debian/patches/ssltest_no_sslv2.patch
Removed:
openssl/trunk/debian/patches/renegiotate_tls.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/libssl1.0.0.symbols
openssl/trunk/debian/patches/series
openssl/trunk/debian/patches/version-script.patch
Log:
* New upstream version (Closes: #699889)
- Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
- Drop renegiotate_tls.patch, applied upstream
- Export new CRYPTO_memcmp symbol, update symbol file
* Add ssltest_no_sslv2.patch so that "make test" works.
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/changelog 2013-02-11 18:45:29 UTC (rev 586)
@@ -1,3 +1,13 @@
+openssl (1.0.1e-1) unstable; urgency=high
+
+ * New upstream version (Closes: #699889)
+ - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
+ - Drop renegiotate_tls.patch, applied upstream
+ - Export new CRYPTO_memcmp symbol, update symbol file
+ * Add ssltest_no_sslv2.patch so that "make test" works.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
+
openssl (1.0.1c-5) unstable; urgency=low
* Re-enable assembler versions on sparc. They shouldn't have
Modified: openssl/trunk/debian/libssl1.0.0.symbols
===================================================================
--- openssl/trunk/debian/libssl1.0.0.symbols 2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/libssl1.0.0.symbols 2013-02-11 18:45:29 UTC (rev 586)
@@ -1,6 +1,8 @@
libcrypto.so.1.0.0 libssl1.0.0 #MINVER#
*@OPENSSL_1.0.0 1.0.0
*@OPENSSL_1.0.1 1.0.1
+ *@OPENSSL_1.0.1d 1.0.1d
libssl.so.1.0.0 libssl1.0.0 #MINVER#
*@OPENSSL_1.0.0 1.0.0
*@OPENSSL_1.0.1 1.0.1
+ *@OPENSSL_1.0.1d 1.0.1d
Deleted: openssl/trunk/debian/patches/renegiotate_tls.patch
===================================================================
--- openssl/trunk/debian/patches/renegiotate_tls.patch 2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/patches/renegiotate_tls.patch 2013-02-11 18:45:29 UTC (rev 586)
@@ -1,10 +0,0 @@
---- openssl/ssl/s3_pkt.c 2012/04/17 13:21:19 1.95
-+++ openssl/ssl/s3_pkt.c 2012/05/11 13:34:29 1.96
-@@ -744,6 +744,7 @@
- * bytes and record version number > TLS 1.0
- */
- if (s->state == SSL3_ST_CW_CLNT_HELLO_B
-+ && !s->renegotiate
- && TLS1_get_version(s) > TLS1_VERSION)
- *(p++) = 0x1;
- else
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/patches/series 2013-02-11 18:45:29 UTC (rev 586)
@@ -29,6 +29,6 @@
block_diginotar.patch
block_digicert_malaysia.patch
c_rehash-multi.patch
-renegiotate_tls.patch
#padlock_conf.patch
default_bits.patch
+ssltest_no_sslv2.patch
Added: openssl/trunk/debian/patches/ssltest_no_sslv2.patch
===================================================================
--- openssl/trunk/debian/patches/ssltest_no_sslv2.patch (rev 0)
+++ openssl/trunk/debian/patches/ssltest_no_sslv2.patch 2013-02-11 18:45:29 UTC (rev 586)
@@ -0,0 +1,24 @@
+From: Dr. Stephen Henson <steve at openssl.org>
+Date: Mon Feb 11 18:17:50 2013 +0000
+Origin: upstream, commit:cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4
+Subject: Fix in ssltest is no-ssl2 configured
+
+diff --git a/ssl/ssltest.c b/ssl/ssltest.c
+index 316bbb0..4f80be8 100644
+--- a/ssl/ssltest.c
++++ b/ssl/ssltest.c
+@@ -881,7 +881,13 @@ bad:
+ meth=SSLv23_method();
+ #else
+ #ifdef OPENSSL_NO_SSL2
+- meth=SSLv3_method();
++ if (tls1)
++ meth=TLSv1_method();
++ else
++ if (ssl3)
++ meth=SSLv3_method();
++ else
++ meth=SSLv23_method();
+ #else
+ meth=SSLv2_method();
+ #endif
Modified: openssl/trunk/debian/patches/version-script.patch
===================================================================
--- openssl/trunk/debian/patches/version-script.patch 2012-09-09 06:46:25 UTC (rev 585)
+++ openssl/trunk/debian/patches/version-script.patch 2013-02-11 18:45:29 UTC (rev 586)
@@ -1,8 +1,8 @@
-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.1d/Configure
===================================================================
---- openssl-1.0.1.orig/Configure 2012-03-17 11:25:15.000000000 +0000
-+++ openssl-1.0.1/Configure 2012-03-17 11:48:15.000000000 +0000
-@@ -1616,6 +1616,8 @@
+--- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
+@@ -1621,6 +1621,8 @@
}
}
@@ -11,11 +11,11 @@
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1/openssl.ld
+Index: openssl-1.0.1d/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1/openssl.ld 2012-03-17 11:46:37.000000000 +0000
-@@ -0,0 +1,4615 @@
++++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
+@@ -0,0 +1,4620 @@
+OPENSSL_1.0.0 {
+ global:
+ BIO_f_ssl;
@@ -4631,10 +4631,15 @@
+ BIO_dgram_sctp_notification_cb;
+} OPENSSL_1.0.0;
+
-Index: openssl-1.0.1/engines/openssl.ld
++OPENSSL_1.0.1d {
++ global:
++ CRYPTO_memcmp;
++} OPENSSL_1.0.1;
++
+Index: openssl-1.0.1d/engines/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1/engines/openssl.ld 2012-03-17 11:25:15.000000000 +0000
++++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
@@ -4646,10 +4651,10 @@
+ *;
+};
+
-Index: openssl-1.0.1/engines/ccgost/openssl.ld
+Index: openssl-1.0.1d/engines/ccgost/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1/engines/ccgost/openssl.ld 2012-03-17 11:25:15.000000000 +0000
++++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
More information about the Pkg-openssl-changes
mailing list