[Pkg-openssl-changes] r707 - in openssl/branches/1.0.1/debian: . patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Thu Jan 8 19:56:24 UTC 2015 

Author: kroeckx
Date: 2015-01-08 19:56:24 +0000 (Thu, 08 Jan 2015)
New Revision: 707

Removed:
   openssl/branches/1.0.1/debian/patches/dgst_hmac.patch
   openssl/branches/1.0.1/debian/patches/gnu_source.patch
Modified:
   openssl/branches/1.0.1/debian/changelog
   openssl/branches/1.0.1/debian/patches/series
Log:
New upstream version.


Modified: openssl/branches/1.0.1/debian/changelog
===================================================================
--- openssl/branches/1.0.1/debian/changelog	2014-12-31 12:46:33 UTC (rev 706)
+++ openssl/branches/1.0.1/debian/changelog	2015-01-08 19:56:24 UTC (rev 707)
@@ -1,3 +1,18 @@
+openssl (1.0.1k-1) unstable; urgency=medium
+
+  * New upstream version
+    - Fixes CVE-2014-3571
+    - Fixes CVE-2015-0206
+    - Fixes CVE-2014-3569
+    - Fixes CVE-2014-3572
+    - Fixes CVE-2015-0204
+    - Fixes CVE-2015-0205
+    - Fixes CVE-2014-8275
+    - Fixes CVE-2014-3570
+  * Drop gnu_source.patch, dgst_hmac.patch: applied upstream
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 08 Jan 2015 20:55:26 +0100
+
 openssl (1.0.1j-1) unstable; urgency=high
 
   * New upstream release

Deleted: openssl/branches/1.0.1/debian/patches/dgst_hmac.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/dgst_hmac.patch	2014-12-31 12:46:33 UTC (rev 706)
+++ openssl/branches/1.0.1/debian/patches/dgst_hmac.patch	2015-01-08 19:56:24 UTC (rev 707)
@@ -1,51 +0,0 @@
-From: Thorsten Glaser <tg at mirbsd.de>
-Date: Fri, 22 May 2009 16:28:05 +0000 (UTC)
-Subject: Document openssl dgst -hmac option
-
-I've committed the thing below in MirBSD; since the apps code
-changes very little between OpenSSL versions, it will probably
-apply to the Debian package as well. I'm open for better wor-
-ding though, especially considering the FIPS option, which I
-found as undocumented too.
-
-Index: openssl-1.0.1j/doc/apps/dgst.pod
-===================================================================
---- openssl-1.0.1j.orig/doc/apps/dgst.pod
-+++ openssl-1.0.1j/doc/apps/dgst.pod
-@@ -12,6 +12,8 @@ B<openssl> B<dgst>
- [B<-d>]
- [B<-hex>]
- [B<-binary>]
-+[B<-hmac arg>]
-+[B<-non-fips-allow>]
- [B<-r>]
- [B<-out filename>]
- [B<-sign filename>]
-@@ -62,6 +64,14 @@ output the digest or signature in binary
- 
- output the digest in the "coreutils" format used by programs like B<sha1sum>.
- 
-+=item B<-hmac arg>
-+
-+set the HMAC key to "arg".
-+
-+=item B<-non-fips-allow>
-+
-+allow use of non FIPS digest.
-+
- =item B<-out filename>
- 
- filename to output to, or standard output by default.
-Index: openssl-1.0.1j/apps/dgst.c
-===================================================================
---- openssl-1.0.1j.orig/apps/dgst.c
-+++ openssl-1.0.1j/apps/dgst.c
-@@ -273,6 +273,8 @@ int MAIN(int argc, char **argv)
- 		BIO_printf(bio_err,"-d              to output debug info\n");
- 		BIO_printf(bio_err,"-hex            output as hex dump\n");
- 		BIO_printf(bio_err,"-binary         output in binary form\n");
-+		BIO_printf(bio_err,"-hmac arg       set the HMAC key to arg\n");
-+		BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
- 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
- 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
- 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");

Deleted: openssl/branches/1.0.1/debian/patches/gnu_source.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/gnu_source.patch	2014-12-31 12:46:33 UTC (rev 706)
+++ openssl/branches/1.0.1/debian/patches/gnu_source.patch	2015-01-08 19:56:24 UTC (rev 707)
@@ -1,24 +0,0 @@
-From: Kurt Roeckx <kurt at roeckx.be>
-Subject: Always define _GNU_SOURCE
-
-We need this atleast for kfreebsd because they also use glibc.
-There shouldn't be a problem defining this on systems not using
-glibc.
-
-Index: openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c
-===================================================================
---- openssl-1.0.0c.obsolete.0.297891860202984.orig/crypto/dso/dso_dlfcn.c	2010-12-19 16:18:36.000000000 +0100
-+++ openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c	2010-12-19 16:19:01.000000000 +0100
-@@ -60,10 +60,8 @@
-    that handle _GNU_SOURCE and other similar macros.  Defining it later
-    is simply too late, because those headers are protected from re-
-    inclusion.  */
--#ifdef __linux
--# ifndef _GNU_SOURCE
--#  define _GNU_SOURCE	/* make sure dladdr is declared */
--# endif
-+#ifndef _GNU_SOURCE
-+# define _GNU_SOURCE	/* make sure dladdr is declared */
- #endif
- 
- #include <stdio.h>

Modified: openssl/branches/1.0.1/debian/patches/series
===================================================================
--- openssl/branches/1.0.1/debian/patches/series	2014-12-31 12:46:33 UTC (rev 706)
+++ openssl/branches/1.0.1/debian/patches/series	2015-01-08 19:56:24 UTC (rev 707)
@@ -12,9 +12,7 @@
 shared-lib-ext.patch
 stddef.patch
 version-script.patch
-gnu_source.patch
 c_rehash-compat.patch
-dgst_hmac.patch
 block_diginotar.patch
 block_digicert_malaysia.patch
 #padlock_conf.patch

More information about the Pkg-openssl-changes mailing list