[Pkg-openssl-changes] r896 - in openssl/branches/1.1.0/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Feb 16 18:06:04 UTC 2017
Author: kroeckx
Date: 2017-02-16 18:06:04 +0000 (Thu, 16 Feb 2017)
New Revision: 896
Removed:
openssl/branches/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch
openssl/branches/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
openssl/branches/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
Modified:
openssl/branches/1.1.0/debian/changelog
openssl/branches/1.1.0/debian/patches/series
Log:
Remove patches that are applied upstream.
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2017-02-16 18:00:18 UTC (rev 895)
+++ openssl/branches/1.1.0/debian/changelog 2017-02-16 18:06:04 UTC (rev 896)
@@ -2,6 +2,7 @@
* New upstream version
- Fixes CVE-2017-3733
+ - Remove patches that are applied upstream.
-- Kurt Roeckx <kurt at roeckx.be> Thu, 16 Feb 2017 18:57:58 +0100
Deleted: openssl/branches/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch 2017-02-16 18:00:18 UTC (rev 895)
+++ openssl/branches/1.1.0/debian/patches/Add-a-couple-of-test-to-check-CRL-fingerprint.patch 2017-02-16 18:06:04 UTC (rev 896)
@@ -1,45 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 18:24:40 +0100
-Subject: [PATCH 3/3] Add a couple of test to check CRL fingerprint
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 929860d0e6112f5c7766d9ea036c3f8bd8d3d719)
----
- test/recipes/25-test_crl.t | 19 ++++++++++++++++++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-
---- a/test/recipes/25-test_crl.t
-+++ b/test/recipes/25-test_crl.t
-@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
-
- setup("test_crl");
-
--plan tests => 3;
-+plan tests => 5;
-
- require_ok(srctop_file('test','recipes','tconversion.pl'));
-
-@@ -24,3 +24,20 @@ subtest 'crl conversions' => sub {
- };
-
- ok(run(test(['crltest'])));
-+
-+ok(compare1stline([qw{openssl crl -noout -fingerprint -in},
-+ srctop_file('test', 'testcrl.pem')],
-+ 'SHA1 Fingerprint=BA:F4:1B:AD:7A:9B:2F:09:16:BC:60:A7:0E:CE:79:2E:36:00:E7:B2'));
-+ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in},
-+ srctop_file('test', 'testcrl.pem')],
-+ 'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B'));
-+
-+sub compare1stline {
-+ my ($cmdarray, $str) = @_;
-+ my @lines = run(app($cmdarray), capture => 1);
-+
-+ return 1 if $lines[0] =~ m|^\Q${str}\E\R$|;
-+ note "Got ", $lines[0];
-+ note "Expected ", $str;
-+ return 0;
-+}
Deleted: openssl/branches/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch 2017-02-16 18:00:18 UTC (rev 895)
+++ openssl/branches/1.1.0/debian/patches/Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch 2017-02-16 18:06:04 UTC (rev 896)
@@ -1,23 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 18:02:12 +0100
-Subject: [PATCH 2/3] Document what EXFLAG_SET is for in x509v3.h
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 2d60c923141e7853c268364f26195343a5e995bf)
----
- include/openssl/x509v3.h | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/include/openssl/x509v3.h
-+++ b/include/openssl/x509v3.h
-@@ -355,6 +355,7 @@ struct ISSUING_DIST_POINT_st {
- # define EXFLAG_SI 0x20
- # define EXFLAG_V1 0x40
- # define EXFLAG_INVALID 0x80
-+/* EXFLAG_SET is set to indicate that some values have been precomputed */
- # define EXFLAG_SET 0x100
- # define EXFLAG_CRITICAL 0x200
- # define EXFLAG_PROXY 0x400
Deleted: openssl/branches/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch 2017-02-16 18:00:18 UTC (rev 895)
+++ openssl/branches/1.1.0/debian/patches/X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch 2017-02-16 18:06:04 UTC (rev 896)
@@ -1,40 +0,0 @@
-From: Richard Levitte <levitte at openssl.org>
-Date: Sat, 28 Jan 2017 17:43:17 +0100
-Subject: [PATCH 1/3] X509_CRL_digest() - ensure precomputed sha1 hash before
- returning it
-
-X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
-present. This also makes sure there's an appropriate flag to check.
-
-BTS: #852920
-
-Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436)
----
- crypto/x509/x_all.c | 2 +-
- crypto/x509/x_crl.c | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
---- a/crypto/x509/x_all.c
-+++ b/crypto/x509/x_all.c
-@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const
- int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len)
- {
-- if (type == EVP_sha1()) {
-+ if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
- /* Asking for SHA1; always computed in CRL d2i. */
- if (len != NULL)
- *len = sizeof(data->sha1_hash);
---- a/crypto/x509/x_crl.c
-+++ b/crypto/x509/x_crl.c
-@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VA
- if (crl->meth->crl_init(crl) == 0)
- return 0;
- }
-+
-+ crl->flags |= EXFLAG_SET;
- break;
-
- case ASN1_OP_FREE_POST:
Modified: openssl/branches/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2017-02-16 18:00:18 UTC (rev 895)
+++ openssl/branches/1.1.0/debian/patches/series 2017-02-16 18:06:04 UTC (rev 896)
@@ -4,6 +4,3 @@
pic.patch
c_rehash-compat.patch
#padlock_conf.patch
-X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
-Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
-Add-a-couple-of-test-to-check-CRL-fingerprint.patch
More information about the Pkg-openssl-changes
mailing list