forked from rpms/openssl
new upstream release fixing multiple security issues
This commit is contained in:
parent
8c1cdfe3ab
commit
7e7e3f299f
1
.gitignore
vendored
1
.gitignore
vendored
@ -17,3 +17,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.0.1h-hobbled.tar.xz
|
||||
/openssl-1.0.1i-hobbled.tar.xz
|
||||
/openssl-1.0.1j-hobbled.tar.xz
|
||||
/openssl-1.0.1k-hobbled.tar.xz
|
||||
|
@ -1,23 +0,0 @@
|
||||
diff -up openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi openssl-1.0.1-beta2/ssl/dtls1.h
|
||||
--- openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi 2012-02-06 17:07:34.630336118 +0100
|
||||
+++ openssl-1.0.1-beta2/ssl/dtls1.h 2012-02-06 17:10:08.956623707 +0100
|
||||
@@ -222,9 +222,6 @@ typedef struct dtls1_state_st
|
||||
*/
|
||||
record_pqueue buffered_app_data;
|
||||
|
||||
- /* Is set when listening for new connections with dtls1_listen() */
|
||||
- unsigned int listen;
|
||||
-
|
||||
unsigned int mtu; /* max DTLS packet size */
|
||||
|
||||
struct hm_header_st w_msg_hdr;
|
||||
@@ -248,6 +245,9 @@ typedef struct dtls1_state_st
|
||||
unsigned int retransmitting;
|
||||
unsigned int change_cipher_spec_ok;
|
||||
|
||||
+ /* Is set when listening for new connections with dtls1_listen() */
|
||||
+ unsigned int listen;
|
||||
+
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
/* used when SSL_ST_XX_FLUSH is entered */
|
||||
int next_state;
|
26
openssl-1.0.1k-dtls1-abi.patch
Normal file
26
openssl-1.0.1k-dtls1-abi.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h
|
||||
--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi 2015-01-09 09:58:59.332596897 +0100
|
||||
+++ openssl-1.0.1k/ssl/dtls1.h 2015-01-09 10:02:34.908472320 +0100
|
||||
@@ -231,10 +231,6 @@ typedef struct dtls1_state_st
|
||||
*/
|
||||
record_pqueue buffered_app_data;
|
||||
|
||||
- /* Is set when listening for new connections with dtls1_listen() */
|
||||
- unsigned int listen;
|
||||
-
|
||||
- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||||
unsigned int mtu; /* max DTLS packet size */
|
||||
|
||||
struct hm_header_st w_msg_hdr;
|
||||
@@ -262,6 +258,11 @@ typedef struct dtls1_state_st
|
||||
*/
|
||||
unsigned int change_cipher_spec_ok;
|
||||
|
||||
+ /* Is set when listening for new connections with dtls1_listen() */
|
||||
+ unsigned int listen;
|
||||
+
|
||||
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||||
+
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
/* used when SSL_ST_XX_FLUSH is entered */
|
||||
int next_state;
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
|
||||
--- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100
|
||||
+++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100
|
||||
diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c
|
||||
--- openssl-1.0.1k/apps/speed.c.suiteb 2015-01-09 10:03:38.406908388 +0100
|
||||
+++ openssl-1.0.1k/apps/speed.c 2015-01-09 10:03:38.602912821 +0100
|
||||
@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
#endif
|
||||
@ -87,38 +87,44 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
|
||||
ecdh_doit[i]=1;
|
||||
#endif
|
||||
}
|
||||
diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
|
||||
--- openssl-1.0.1e/ssl/t1_lib.c.suiteb 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/t1_lib.c 2013-11-08 18:05:27.551617554 +0100
|
||||
@@ -204,31 +204,9 @@ static int nid_list[] =
|
||||
|
||||
static int pref_list[] =
|
||||
{
|
||||
- NID_sect571r1, /* sect571r1 (14) */
|
||||
- NID_sect571k1, /* sect571k1 (13) */
|
||||
NID_secp521r1, /* secp521r1 (25) */
|
||||
- NID_sect409k1, /* sect409k1 (11) */
|
||||
- NID_sect409r1, /* sect409r1 (12) */
|
||||
NID_secp384r1, /* secp384r1 (24) */
|
||||
- NID_sect283k1, /* sect283k1 (9) */
|
||||
- NID_sect283r1, /* sect283r1 (10) */
|
||||
diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c
|
||||
--- openssl-1.0.1k/ssl/t1_lib.c.suiteb 2015-01-09 10:03:38.603912844 +0100
|
||||
+++ openssl-1.0.1k/ssl/t1_lib.c 2015-01-09 10:06:35.470912834 +0100
|
||||
@@ -218,29 +218,21 @@ static int pref_list[] =
|
||||
NID_sect283k1, /* sect283k1 (9) */
|
||||
NID_sect283r1, /* sect283r1 (10) */
|
||||
#endif
|
||||
- NID_secp256k1, /* secp256k1 (22) */
|
||||
NID_X9_62_prime256v1, /* secp256r1 (23) */
|
||||
- NID_sect239k1, /* sect239k1 (8) */
|
||||
- NID_sect233k1, /* sect233k1 (6) */
|
||||
- NID_sect233r1, /* sect233r1 (7) */
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
NID_sect239k1, /* sect239k1 (8) */
|
||||
NID_sect233k1, /* sect233k1 (6) */
|
||||
NID_sect233r1, /* sect233r1 (7) */
|
||||
#endif
|
||||
- NID_secp224k1, /* secp224k1 (20) */
|
||||
- NID_secp224r1, /* secp224r1 (21) */
|
||||
- NID_sect193r1, /* sect193r1 (4) */
|
||||
- NID_sect193r2, /* sect193r2 (5) */
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
NID_sect193r1, /* sect193r1 (4) */
|
||||
NID_sect193r2, /* sect193r2 (5) */
|
||||
#endif
|
||||
- NID_secp192k1, /* secp192k1 (18) */
|
||||
- NID_X9_62_prime192v1, /* secp192r1 (19) */
|
||||
- NID_sect163k1, /* sect163k1 (1) */
|
||||
- NID_sect163r1, /* sect163r1 (2) */
|
||||
- NID_sect163r2, /* sect163r2 (3) */
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
NID_sect163k1, /* sect163k1 (1) */
|
||||
NID_sect163r1, /* sect163r1 (2) */
|
||||
NID_sect163r2, /* sect163r2 (3) */
|
||||
#endif
|
||||
- NID_secp160k1, /* secp160k1 (15) */
|
||||
- NID_secp160r1, /* secp160r1 (16) */
|
||||
- NID_secp160r2, /* secp160r2 (17) */
|
||||
};
|
||||
|
||||
int tls1_ec_curve_id2nid(int curve_id)
|
||||
@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL *
|
||||
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
|
||||
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
|
||||
|
||||
- /* we support all named elliptic curves in RFC 4492 */
|
||||
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
|
||||
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
|
||||
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
|
||||
--- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200
|
||||
+++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200
|
||||
diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h
|
||||
--- openssl-1.0.1k/apps/s_apps.h.ephemeral 2015-01-09 10:22:03.289896211 +0100
|
||||
+++ openssl-1.0.1k/apps/s_apps.h 2015-01-09 10:22:03.373898111 +0100
|
||||
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
||||
@ -9,9 +9,9 @@ diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
|
||||
int init_client(int *sock, char *server, char *port, int type);
|
||||
int should_retry(int i);
|
||||
int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
||||
diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
|
||||
--- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200
|
||||
+++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200
|
||||
diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c
|
||||
--- openssl-1.0.1k/apps/s_cb.c.ephemeral 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/apps/s_cb.c 2015-01-09 10:22:03.373898111 +0100
|
||||
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
|
||||
}
|
||||
}
|
||||
@ -51,10 +51,10 @@ diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
|
||||
|
||||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
|
||||
{
|
||||
diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
|
||||
--- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200
|
||||
+++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200
|
||||
@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s
|
||||
diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c
|
||||
--- openssl-1.0.1k/apps/s_client.c.ephemeral 2015-01-09 10:22:03.367897975 +0100
|
||||
+++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:22:03.373898111 +0100
|
||||
@@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s
|
||||
BIO_write(bio,"\n",1);
|
||||
}
|
||||
|
||||
@ -63,18 +63,18 @@ diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
|
||||
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
|
||||
BIO_number_read(SSL_get_rbio(s)),
|
||||
BIO_number_written(SSL_get_wbio(s)));
|
||||
diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
|
||||
--- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200
|
||||
+++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200
|
||||
@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h
|
||||
--- openssl-1.0.1k/ssl/ssl.h.ephemeral 2015-01-09 10:22:03.358897772 +0100
|
||||
+++ openssl-1.0.1k/ssl/ssl.h 2015-01-09 10:25:08.644088146 +0100
|
||||
@@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
|
||||
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
|
||||
|
||||
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109
|
||||
#define SSL_CTRL_CHECK_PROTO_VERSION 119
|
||||
|
||||
#define DTLSv1_get_timeout(ssl, arg) \
|
||||
@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define DTLS_CTRL_SET_LINK_MTU 120
|
||||
#define DTLS_CTRL_GET_LINK_MIN_MTU 121
|
||||
@@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_CTX_clear_extra_chain_certs(ctx) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
|
||||
|
||||
@ -84,9 +84,9 @@ diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
|
||||
#ifndef OPENSSL_NO_BIO
|
||||
BIO_METHOD *BIO_f_ssl(void);
|
||||
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
|
||||
diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c
|
||||
--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200
|
||||
+++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200
|
||||
diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c
|
||||
--- openssl-1.0.1k/ssl/s3_lib.c.ephemeral 2015-01-08 15:00:56.000000000 +0100
|
||||
+++ openssl-1.0.1k/ssl/s3_lib.c 2015-01-09 10:22:03.374898133 +0100
|
||||
@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
|
||||
|
||||
#endif /* !OPENSSL_NO_TLSEXT */
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c
|
||||
--- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 2011-06-21 18:42:15.000000000 +0200
|
||||
+++ openssl-1.0.1-beta2/engines/e_padlock.c 2012-02-06 20:18:52.039537799 +0100
|
||||
diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c
|
||||
--- openssl-1.0.1k/engines/e_padlock.c.padlock64 2015-01-08 15:00:56.000000000 +0100
|
||||
+++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 10:18:55.579650992 +0100
|
||||
@@ -101,7 +101,10 @@
|
||||
compiler choice is limited to GCC and Microsoft C. */
|
||||
#undef COMPILE_HW_PADLOCK
|
||||
@ -30,11 +30,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
||||
/*
|
||||
* As for excessive "push %ebx"/"pop %ebx" found all over.
|
||||
* When generating position-independent code GCC won't let
|
||||
@@ -383,21 +387,6 @@ padlock_available(void)
|
||||
@@ -383,23 +387,6 @@ padlock_available(void)
|
||||
return padlock_use_ace + padlock_use_rng;
|
||||
}
|
||||
|
||||
-#ifndef OPENSSL_NO_AES
|
||||
-#ifndef AES_ASM
|
||||
-/* Our own htonl()/ntohl() */
|
||||
-static inline void
|
||||
-padlock_bswapl(AES_KEY *ks)
|
||||
@ -48,11 +49,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
||||
- }
|
||||
-}
|
||||
-#endif
|
||||
-#endif
|
||||
-
|
||||
/* Force key reload from memory to the CPU microcode.
|
||||
Loading EFLAGS from the stack clears EFLAGS[30]
|
||||
which does the trick. */
|
||||
@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \
|
||||
@@ -457,12 +444,129 @@ static inline void *name(size_t cnt, \
|
||||
: "edx", "cc", "memory"); \
|
||||
return iv; \
|
||||
}
|
||||
@ -165,6 +167,7 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
|
||||
+
|
||||
+#ifndef AES_ASM
|
||||
+/* Our own htonl()/ntohl() */
|
||||
+static inline void
|
||||
+padlock_bswapl(AES_KEY *ks)
|
||||
@ -177,10 +180,11 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
||||
+ key++;
|
||||
+ }
|
||||
+}
|
||||
+#endif
|
||||
#endif
|
||||
|
||||
/* The RNG call itself */
|
||||
@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int
|
||||
@@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int
|
||||
static inline unsigned char *
|
||||
padlock_memcpy(void *dst,const void *src,size_t n)
|
||||
{
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
|
||||
--- openssl-1.0.1i/apps/apps.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/apps/apps.c 2014-08-07 13:54:27.751103405 +0200
|
||||
diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c
|
||||
--- openssl-1.0.1k/apps/apps.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/apps/apps.c 2015-01-09 10:19:45.476779456 +0100
|
||||
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
|
||||
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
||||
else if (!strcmp(arg, "-check_ss_sig"))
|
||||
@ -10,9 +10,9 @@ diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
|
||||
else
|
||||
return 0;
|
||||
|
||||
diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
|
||||
--- openssl-1.0.1i/apps/cms.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/apps/cms.c 2014-08-07 13:54:27.751103405 +0200
|
||||
diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c
|
||||
--- openssl-1.0.1k/apps/cms.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/apps/cms.c 2015-01-09 10:19:45.476779456 +0100
|
||||
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
@ -21,20 +21,20 @@ diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
|
||||
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c
|
||||
--- openssl-1.0.1i/apps/ocsp.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/apps/ocsp.c 2014-08-07 13:54:27.752103409 +0200
|
||||
diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c
|
||||
--- openssl-1.0.1k/apps/ocsp.c.trusted-first 2015-01-09 10:19:45.477779478 +0100
|
||||
+++ openssl-1.0.1k/apps/ocsp.c 2015-01-09 10:20:57.726413440 +0100
|
||||
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-path path to use in OCSP request\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
|
||||
+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
|
||||
BIO_printf (bio_err, "-VAfile file validator certificates file\n");
|
||||
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
|
||||
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
|
||||
diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_client.c
|
||||
--- openssl-1.0.1i/apps/s_client.c.trusted-first 2014-08-07 13:54:27.752103409 +0200
|
||||
+++ openssl-1.0.1i/apps/s_client.c 2014-08-07 15:06:28.443918055 +0200
|
||||
BIO_printf (bio_err, "-path path to use in OCSP request\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
|
||||
+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
|
||||
BIO_printf (bio_err, "-VAfile file validator certificates file\n");
|
||||
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
|
||||
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
|
||||
diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c
|
||||
--- openssl-1.0.1k/apps/s_client.c.trusted-first 2015-01-09 10:19:45.438778596 +0100
|
||||
+++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:19:45.477779478 +0100
|
||||
@@ -299,6 +299,7 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
|
||||
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
||||
@ -43,9 +43,9 @@ diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_clie
|
||||
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
|
||||
BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
|
||||
diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
|
||||
--- openssl-1.0.1i/apps/smime.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/apps/smime.c 2014-08-07 13:54:27.753103414 +0200
|
||||
diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c
|
||||
--- openssl-1.0.1k/apps/smime.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/apps/smime.c 2015-01-09 10:19:45.477779478 +0100
|
||||
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
@ -54,9 +54,9 @@ diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
|
||||
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_server.c
|
||||
--- openssl-1.0.1i/apps/s_server.c.trusted-first 2014-08-07 13:54:27.718103241 +0200
|
||||
+++ openssl-1.0.1i/apps/s_server.c 2014-08-07 13:54:27.753103414 +0200
|
||||
diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c
|
||||
--- openssl-1.0.1k/apps/s_server.c.trusted-first 2015-01-09 10:19:45.445778755 +0100
|
||||
+++ openssl-1.0.1k/apps/s_server.c 2015-01-09 10:19:45.478779501 +0100
|
||||
@@ -502,6 +502,7 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err," -state - Print the SSL states\n");
|
||||
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
||||
@ -65,9 +65,9 @@ diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_serv
|
||||
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
|
||||
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
|
||||
diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
|
||||
--- openssl-1.0.1i/apps/s_time.c.trusted-first 2014-08-07 13:54:27.432101823 +0200
|
||||
+++ openssl-1.0.1i/apps/s_time.c 2014-08-07 13:54:27.753103414 +0200
|
||||
diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c
|
||||
--- openssl-1.0.1k/apps/s_time.c.trusted-first 2015-01-09 10:19:45.391777534 +0100
|
||||
+++ openssl-1.0.1k/apps/s_time.c 2015-01-09 10:19:45.478779501 +0100
|
||||
@@ -179,6 +179,7 @@ static void s_time_usage(void)
|
||||
file if not specified by this option\n\
|
||||
-CApath arg - PEM format directory of CA's\n\
|
||||
@ -76,9 +76,9 @@ diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
|
||||
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
|
||||
|
||||
printf( "usage: s_time <args>\n\n" );
|
||||
diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
|
||||
--- openssl-1.0.1i/apps/ts.c.trusted-first 2014-08-07 13:54:27.707103186 +0200
|
||||
+++ openssl-1.0.1i/apps/ts.c 2014-08-07 13:54:27.753103414 +0200
|
||||
diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c
|
||||
--- openssl-1.0.1k/apps/ts.c.trusted-first 2015-01-09 10:19:45.435778529 +0100
|
||||
+++ openssl-1.0.1k/apps/ts.c 2015-01-09 10:19:45.478779501 +0100
|
||||
@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
|
||||
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
|
||||
"[-queryfile request.tsq] "
|
||||
@ -88,9 +88,9 @@ diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
|
||||
"-untrusted cert_file.pem\n");
|
||||
cleanup:
|
||||
/* Clean up. */
|
||||
diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
|
||||
--- openssl-1.0.1i/apps/verify.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/apps/verify.c 2014-08-07 13:54:27.754103419 +0200
|
||||
diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c
|
||||
--- openssl-1.0.1k/apps/verify.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/apps/verify.c 2015-01-09 10:19:45.478779501 +0100
|
||||
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
end:
|
||||
@ -100,9 +100,9 @@ diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
|
||||
BIO_printf(bio_err," [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," [-engine e]");
|
||||
diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first 2014-08-07 13:54:27.716103231 +0200
|
||||
+++ openssl-1.0.1i/crypto/x509/x509_vfy.c 2014-08-07 13:54:27.754103419 +0200
|
||||
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first 2015-01-09 10:19:45.443778710 +0100
|
||||
+++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||
|
||||
/* If we are self signed, we break */
|
||||
@ -125,9 +125,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/cryp
|
||||
|
||||
/* If we were passed a cert chain, use it first */
|
||||
if (ctx->untrusted != NULL)
|
||||
diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.h
|
||||
--- openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first 2014-08-07 13:54:27.360101466 +0200
|
||||
+++ openssl-1.0.1i/crypto/x509/x509_vfy.h 2014-08-07 13:54:27.754103419 +0200
|
||||
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h
|
||||
--- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first 2015-01-09 10:19:45.266774706 +0100
|
||||
+++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
|
||||
#define X509_V_FLAG_USE_DELTAS 0x2000
|
||||
/* Check selfsigned CA signature */
|
||||
@ -137,9 +137,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/cryp
|
||||
|
||||
|
||||
#define X509_VP_FLAG_DEFAULT 0x1
|
||||
diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/cms.pod
|
||||
--- openssl-1.0.1i/doc/apps/cms.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/cms.pod 2014-08-07 13:54:27.754103419 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod
|
||||
--- openssl-1.0.1k/doc/apps/cms.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/cms.pod 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
||||
[B<-print>]
|
||||
[B<-CAfile file>]
|
||||
@ -161,9 +161,9 @@ diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/c
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first 2014-08-07 13:54:27.708103191 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/ocsp.pod 2014-08-07 13:54:27.755103424 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first 2015-01-09 10:19:45.436778551 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
@ -172,7 +172,7 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
|
||||
[B<-VAfile file>]
|
||||
[B<-validity_period n>]
|
||||
[B<-status_age n>]
|
||||
@@ -138,6 +139,13 @@ or "/" by default.
|
||||
@@ -142,6 +143,13 @@ connection timeout to the OCSP responder
|
||||
file or pathname containing trusted CA certificates. These are used to verify
|
||||
the signature on the OCSP response.
|
||||
|
||||
@ -186,9 +186,9 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
|
||||
=item B<-verify_other file>
|
||||
|
||||
file containing additional certificates to search when attempting to locate
|
||||
diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/apps/s_client.pod
|
||||
--- openssl-1.0.1i/doc/apps/s_client.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 13:54:27.755103424 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod
|
||||
--- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/s_client.pod 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
|
||||
[B<-pass arg>]
|
||||
[B<-CApath directory>]
|
||||
@ -206,9 +206,9 @@ diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/a
|
||||
|
||||
Set various certificate chain valiadition option. See the
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps/smime.pod
|
||||
--- openssl-1.0.1i/doc/apps/smime.pod.trusted-first 2014-07-22 21:43:11.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/smime.pod 2014-08-07 13:54:27.755103424 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod
|
||||
--- openssl-1.0.1k/doc/apps/smime.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/smime.pod 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -15,6 +15,9 @@ B<openssl> B<smime>
|
||||
[B<-pk7out>]
|
||||
[B<-[cipher]>]
|
||||
@ -232,9 +232,9 @@ diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/apps/s_server.pod
|
||||
--- openssl-1.0.1i/doc/apps/s_server.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 15:07:12.315099577 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod
|
||||
--- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/s_server.pod 2015-01-09 10:19:45.479779524 +0100
|
||||
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
|
||||
[B<-state>]
|
||||
[B<-CApath directory>]
|
||||
@ -256,9 +256,9 @@ diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/a
|
||||
=item B<-state>
|
||||
|
||||
prints out the SSL session states.
|
||||
diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/apps/s_time.pod
|
||||
--- openssl-1.0.1i/doc/apps/s_time.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/s_time.pod 2014-08-07 13:54:27.755103424 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod
|
||||
--- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/s_time.pod 2015-01-09 10:19:45.480779546 +0100
|
||||
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
|
||||
[B<-key filename>]
|
||||
[B<-CApath directory>]
|
||||
@ -280,9 +280,9 @@ diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/app
|
||||
=item B<-new>
|
||||
|
||||
performs the timing test using a new session ID for each connection.
|
||||
diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts.pod
|
||||
--- openssl-1.0.1i/doc/apps/ts.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/ts.pod 2014-08-07 13:54:27.756103429 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod
|
||||
--- openssl-1.0.1k/doc/apps/ts.pod.trusted-first 2014-10-15 15:49:15.000000000 +0200
|
||||
+++ openssl-1.0.1k/doc/apps/ts.pod 2015-01-09 10:19:45.480779546 +0100
|
||||
@@ -46,6 +46,7 @@ B<-verify>
|
||||
[B<-token_in>]
|
||||
[B<-CApath> trusted_cert_path]
|
||||
@ -304,9 +304,9 @@ diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts
|
||||
=item B<-untrusted> cert_file.pem
|
||||
|
||||
Set of additional untrusted certificates in PEM format which may be
|
||||
diff -up openssl-1.0.1i/doc/apps/verify.pod.trusted-first openssl-1.0.1i/doc/apps/verify.pod
|
||||
--- openssl-1.0.1i/doc/apps/verify.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/apps/verify.pod 2014-08-07 13:54:27.756103429 +0200
|
||||
diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod
|
||||
--- openssl-1.0.1k/doc/apps/verify.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||
+++ openssl-1.0.1k/doc/apps/verify.pod 2015-01-09 10:19:45.480779546 +0100
|
||||
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
||||
B<openssl> B<verify>
|
||||
[B<-CApath directory>]
|
19
openssl.spec
19
openssl.spec
@ -22,8 +22,8 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.1j
|
||||
Release: 3%{?dist}
|
||||
Version: 1.0.1k
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -58,11 +58,11 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||
Patch34: openssl-0.9.6-x509.patch
|
||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||
Patch39: openssl-1.0.1h-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.1j-fips.patch
|
||||
Patch40: openssl-1.0.1k-fips.patch
|
||||
Patch45: openssl-1.0.1e-env-zlib.patch
|
||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||
Patch49: openssl-1.0.1i-algo-doc.patch
|
||||
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
|
||||
Patch50: openssl-1.0.1k-dtls1-abi.patch
|
||||
Patch51: openssl-1.0.1e-version.patch
|
||||
Patch56: openssl-1.0.0c-rsa-x931.patch
|
||||
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
|
||||
@ -75,7 +75,7 @@ Patch69: openssl-1.0.1c-dh-1024.patch
|
||||
Patch70: openssl-1.0.1j-fips-ec.patch
|
||||
Patch71: openssl-1.0.1i-manfix.patch
|
||||
Patch72: openssl-1.0.1e-fips-ctor.patch
|
||||
Patch73: openssl-1.0.1e-ecc-suiteb.patch
|
||||
Patch73: openssl-1.0.1k-ecc-suiteb.patch
|
||||
Patch74: openssl-1.0.1e-no-md5-verify.patch
|
||||
Patch75: openssl-1.0.1e-compat-symbols.patch
|
||||
Patch76: openssl-1.0.1i-new-fips-reqs.patch
|
||||
@ -85,10 +85,10 @@ Patch92: openssl-1.0.1h-system-cipherlist.patch
|
||||
Patch93: openssl-1.0.1h-disable-sslv2v3.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch80: openssl-1.0.1j-evp-wrap.patch
|
||||
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
||||
Patch84: openssl-1.0.1i-trusted-first.patch
|
||||
Patch81: openssl-1.0.1k-padlock64.patch
|
||||
Patch84: openssl-1.0.1k-trusted-first.patch
|
||||
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
||||
Patch89: openssl-1.0.1j-ephemeral-key-size.patch
|
||||
Patch89: openssl-1.0.1k-ephemeral-key-size.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -478,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Fri Jan 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-1
|
||||
- new upstream release fixing multiple security issues
|
||||
|
||||
* Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
|
||||
- disable SSLv3 by default again (mail servers and possibly
|
||||
LDAP servers should probably allow it explicitly for legacy
|
||||
|
Loading…
Reference in New Issue
Block a user