new upstream release fixing multiple security issues

This commit is contained in:
Tomas Mraz 2015-01-09 10:54:51 +01:00
parent 8c1cdfe3ab
commit 7e7e3f299f
10 changed files with 505 additions and 488 deletions

1
.gitignore vendored
View File

@ -17,3 +17,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1h-hobbled.tar.xz /openssl-1.0.1h-hobbled.tar.xz
/openssl-1.0.1i-hobbled.tar.xz /openssl-1.0.1i-hobbled.tar.xz
/openssl-1.0.1j-hobbled.tar.xz /openssl-1.0.1j-hobbled.tar.xz
/openssl-1.0.1k-hobbled.tar.xz

View File

@ -1,23 +0,0 @@
diff -up openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi openssl-1.0.1-beta2/ssl/dtls1.h
--- openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi 2012-02-06 17:07:34.630336118 +0100
+++ openssl-1.0.1-beta2/ssl/dtls1.h 2012-02-06 17:10:08.956623707 +0100
@@ -222,9 +222,6 @@ typedef struct dtls1_state_st
*/
record_pqueue buffered_app_data;
- /* Is set when listening for new connections with dtls1_listen() */
- unsigned int listen;
-
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@@ -248,6 +245,9 @@ typedef struct dtls1_state_st
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+
#ifndef OPENSSL_NO_SCTP
/* used when SSL_ST_XX_FLUSH is entered */
int next_state;

View File

@ -0,0 +1,26 @@
diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h
--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi 2015-01-09 09:58:59.332596897 +0100
+++ openssl-1.0.1k/ssl/dtls1.h 2015-01-09 10:02:34.908472320 +0100
@@ -231,10 +231,6 @@ typedef struct dtls1_state_st
*/
record_pqueue buffered_app_data;
- /* Is set when listening for new connections with dtls1_listen() */
- unsigned int listen;
-
- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@@ -262,6 +258,11 @@ typedef struct dtls1_state_st
*/
unsigned int change_cipher_spec_ok;
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
+
#ifndef OPENSSL_NO_SCTP
/* used when SSL_ST_XX_FLUSH is entered */
int next_state;

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c
--- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100 --- openssl-1.0.1k/apps/speed.c.suiteb 2015-01-09 10:03:38.406908388 +0100
+++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100 +++ openssl-1.0.1k/apps/speed.c 2015-01-09 10:03:38.602912821 +0100
@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv) @@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
else else
#endif #endif
@ -87,38 +87,44 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
ecdh_doit[i]=1; ecdh_doit[i]=1;
#endif #endif
} }
diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c
--- openssl-1.0.1e/ssl/t1_lib.c.suiteb 2013-02-11 16:26:04.000000000 +0100 --- openssl-1.0.1k/ssl/t1_lib.c.suiteb 2015-01-09 10:03:38.603912844 +0100
+++ openssl-1.0.1e/ssl/t1_lib.c 2013-11-08 18:05:27.551617554 +0100 +++ openssl-1.0.1k/ssl/t1_lib.c 2015-01-09 10:06:35.470912834 +0100
@@ -204,31 +204,9 @@ static int nid_list[] = @@ -218,29 +218,21 @@ static int pref_list[] =
NID_sect283k1, /* sect283k1 (9) */
static int pref_list[] = NID_sect283r1, /* sect283r1 (10) */
{ #endif
- NID_sect571r1, /* sect571r1 (14) */
- NID_sect571k1, /* sect571k1 (13) */
NID_secp521r1, /* secp521r1 (25) */
- NID_sect409k1, /* sect409k1 (11) */
- NID_sect409r1, /* sect409r1 (12) */
NID_secp384r1, /* secp384r1 (24) */
- NID_sect283k1, /* sect283k1 (9) */
- NID_sect283r1, /* sect283r1 (10) */
- NID_secp256k1, /* secp256k1 (22) */ - NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */ NID_X9_62_prime256v1, /* secp256r1 (23) */
- NID_sect239k1, /* sect239k1 (8) */ #ifndef OPENSSL_NO_EC2M
- NID_sect233k1, /* sect233k1 (6) */ NID_sect239k1, /* sect239k1 (8) */
- NID_sect233r1, /* sect233r1 (7) */ NID_sect233k1, /* sect233k1 (6) */
NID_sect233r1, /* sect233r1 (7) */
#endif
- NID_secp224k1, /* secp224k1 (20) */ - NID_secp224k1, /* secp224k1 (20) */
- NID_secp224r1, /* secp224r1 (21) */ - NID_secp224r1, /* secp224r1 (21) */
- NID_sect193r1, /* sect193r1 (4) */ #ifndef OPENSSL_NO_EC2M
- NID_sect193r2, /* sect193r2 (5) */ NID_sect193r1, /* sect193r1 (4) */
NID_sect193r2, /* sect193r2 (5) */
#endif
- NID_secp192k1, /* secp192k1 (18) */ - NID_secp192k1, /* secp192k1 (18) */
- NID_X9_62_prime192v1, /* secp192r1 (19) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */
- NID_sect163k1, /* sect163k1 (1) */ #ifndef OPENSSL_NO_EC2M
- NID_sect163r1, /* sect163r1 (2) */ NID_sect163k1, /* sect163k1 (1) */
- NID_sect163r2, /* sect163r2 (3) */ NID_sect163r1, /* sect163r1 (2) */
NID_sect163r2, /* sect163r2 (3) */
#endif
- NID_secp160k1, /* secp160k1 (15) */ - NID_secp160k1, /* secp160k1 (15) */
- NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r1, /* secp160r1 (16) */
- NID_secp160r2, /* secp160r2 (17) */ - NID_secp160r2, /* secp160r2 (17) */
}; };
int tls1_ec_curve_id2nid(int curve_id) int tls1_ec_curve_id2nid(int curve_id)
@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL *
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- /* we support all named elliptic curves in RFC 4492 */
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h
--- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200 --- openssl-1.0.1k/apps/s_apps.h.ephemeral 2015-01-09 10:22:03.289896211 +0100
+++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200 +++ openssl-1.0.1k/apps/s_apps.h 2015-01-09 10:22:03.373898111 +0100
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok, @@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
@ -9,9 +9,9 @@ diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
int init_client(int *sock, char *server, char *port, int type); int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i); int should_retry(int i);
int extract_host_port(char *str,char **host_ptr,char **port_ptr); int extract_host_port(char *str,char **host_ptr,char **port_ptr);
diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c
--- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200 --- openssl-1.0.1k/apps/s_cb.c.ephemeral 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200 +++ openssl-1.0.1k/apps/s_cb.c 2015-01-09 10:22:03.373898111 +0100
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback( @@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
} }
} }
@ -51,10 +51,10 @@ diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
{ {
diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c
--- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200 --- openssl-1.0.1k/apps/s_client.c.ephemeral 2015-01-09 10:22:03.367897975 +0100
+++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200 +++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:22:03.373898111 +0100
@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s @@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s
BIO_write(bio,"\n",1); BIO_write(bio,"\n",1);
} }
@ -63,18 +63,18 @@ diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)), BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s))); BIO_number_written(SSL_get_wbio(s)));
diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h
--- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200 --- openssl-1.0.1k/ssl/ssl.h.ephemeral 2015-01-09 10:22:03.358897772 +0100
+++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200 +++ openssl-1.0.1k/ssl/ssl.h 2015-01-09 10:25:08.644088146 +0100
@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) @@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109 +#define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define SSL_CTRL_CHECK_PROTO_VERSION 119 #define SSL_CTRL_CHECK_PROTO_VERSION 119
#define DTLS_CTRL_SET_LINK_MTU 120
#define DTLSv1_get_timeout(ssl, arg) \ #define DTLS_CTRL_GET_LINK_MIN_MTU 121
@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) @@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTX_clear_extra_chain_certs(ctx) \ #define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
@ -84,9 +84,9 @@ diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
#ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void); BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c
--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200 --- openssl-1.0.1k/ssl/s3_lib.c.ephemeral 2015-01-08 15:00:56.000000000 +0100
+++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200 +++ openssl-1.0.1k/ssl/s3_lib.c 2015-01-09 10:22:03.374898133 +0100
@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar @@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
#endif /* !OPENSSL_NO_TLSEXT */ #endif /* !OPENSSL_NO_TLSEXT */

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c
--- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 2011-06-21 18:42:15.000000000 +0200 --- openssl-1.0.1k/engines/e_padlock.c.padlock64 2015-01-08 15:00:56.000000000 +0100
+++ openssl-1.0.1-beta2/engines/e_padlock.c 2012-02-06 20:18:52.039537799 +0100 +++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 10:18:55.579650992 +0100
@@ -101,7 +101,10 @@ @@ -101,7 +101,10 @@
compiler choice is limited to GCC and Microsoft C. */ compiler choice is limited to GCC and Microsoft C. */
#undef COMPILE_HW_PADLOCK #undef COMPILE_HW_PADLOCK
@ -30,11 +30,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
/* /*
* As for excessive "push %ebx"/"pop %ebx" found all over. * As for excessive "push %ebx"/"pop %ebx" found all over.
* When generating position-independent code GCC won't let * When generating position-independent code GCC won't let
@@ -383,21 +387,6 @@ padlock_available(void) @@ -383,23 +387,6 @@ padlock_available(void)
return padlock_use_ace + padlock_use_rng; return padlock_use_ace + padlock_use_rng;
} }
-#ifndef OPENSSL_NO_AES -#ifndef OPENSSL_NO_AES
-#ifndef AES_ASM
-/* Our own htonl()/ntohl() */ -/* Our own htonl()/ntohl() */
-static inline void -static inline void
-padlock_bswapl(AES_KEY *ks) -padlock_bswapl(AES_KEY *ks)
@ -48,11 +49,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
- } - }
-} -}
-#endif -#endif
-#endif
- -
/* Force key reload from memory to the CPU microcode. /* Force key reload from memory to the CPU microcode.
Loading EFLAGS from the stack clears EFLAGS[30] Loading EFLAGS from the stack clears EFLAGS[30]
which does the trick. */ which does the trick. */
@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \ @@ -457,12 +444,129 @@ static inline void *name(size_t cnt, \
: "edx", "cc", "memory"); \ : "edx", "cc", "memory"); \
return iv; \ return iv; \
} }
@ -165,6 +167,7 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
+ +
+#ifndef AES_ASM
+/* Our own htonl()/ntohl() */ +/* Our own htonl()/ntohl() */
+static inline void +static inline void
+padlock_bswapl(AES_KEY *ks) +padlock_bswapl(AES_KEY *ks)
@ -177,10 +180,11 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
+ key++; + key++;
+ } + }
+} +}
+#endif
#endif #endif
/* The RNG call itself */ /* The RNG call itself */
@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int @@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int
static inline unsigned char * static inline unsigned char *
padlock_memcpy(void *dst,const void *src,size_t n) padlock_memcpy(void *dst,const void *src,size_t n)
{ {

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c
--- openssl-1.0.1i/apps/apps.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/apps/apps.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/apps/apps.c 2014-08-07 13:54:27.751103405 +0200 +++ openssl-1.0.1k/apps/apps.c 2015-01-09 10:19:45.476779456 +0100
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg @@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
flags |= X509_V_FLAG_NOTIFY_POLICY; flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig")) else if (!strcmp(arg, "-check_ss_sig"))
@ -10,9 +10,9 @@ diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
else else
return 0; return 0;
diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c
--- openssl-1.0.1i/apps/cms.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/apps/cms.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/apps/cms.c 2014-08-07 13:54:27.751103405 +0200 +++ openssl-1.0.1k/apps/cms.c 2015-01-09 10:19:45.476779456 +0100
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv) @@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
@ -21,9 +21,9 @@ diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c
--- openssl-1.0.1i/apps/ocsp.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/apps/ocsp.c.trusted-first 2015-01-09 10:19:45.477779478 +0100
+++ openssl-1.0.1i/apps/ocsp.c 2014-08-07 13:54:27.752103409 +0200 +++ openssl-1.0.1k/apps/ocsp.c 2015-01-09 10:20:57.726413440 +0100
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv) @@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-path path to use in OCSP request\n"); BIO_printf (bio_err, "-path path to use in OCSP request\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
@ -32,9 +32,9 @@ diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c
BIO_printf (bio_err, "-VAfile file validator certificates file\n"); BIO_printf (bio_err, "-VAfile file validator certificates file\n");
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_client.c diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c
--- openssl-1.0.1i/apps/s_client.c.trusted-first 2014-08-07 13:54:27.752103409 +0200 --- openssl-1.0.1k/apps/s_client.c.trusted-first 2015-01-09 10:19:45.438778596 +0100
+++ openssl-1.0.1i/apps/s_client.c 2014-08-07 15:06:28.443918055 +0200 +++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:19:45.477779478 +0100
@@ -299,6 +299,7 @@ static void sc_usage(void) @@ -299,6 +299,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
@ -43,9 +43,9 @@ diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_clie
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c
--- openssl-1.0.1i/apps/smime.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/apps/smime.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/apps/smime.c 2014-08-07 13:54:27.753103414 +0200 +++ openssl-1.0.1k/apps/smime.c 2015-01-09 10:19:45.477779478 +0100
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv) @@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
@ -54,9 +54,9 @@ diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_server.c diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c
--- openssl-1.0.1i/apps/s_server.c.trusted-first 2014-08-07 13:54:27.718103241 +0200 --- openssl-1.0.1k/apps/s_server.c.trusted-first 2015-01-09 10:19:45.445778755 +0100
+++ openssl-1.0.1i/apps/s_server.c 2014-08-07 13:54:27.753103414 +0200 +++ openssl-1.0.1k/apps/s_server.c 2015-01-09 10:19:45.478779501 +0100
@@ -502,6 +502,7 @@ static void sv_usage(void) @@ -502,6 +502,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -state - Print the SSL states\n"); BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
@ -65,9 +65,9 @@ diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_serv
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c
--- openssl-1.0.1i/apps/s_time.c.trusted-first 2014-08-07 13:54:27.432101823 +0200 --- openssl-1.0.1k/apps/s_time.c.trusted-first 2015-01-09 10:19:45.391777534 +0100
+++ openssl-1.0.1i/apps/s_time.c 2014-08-07 13:54:27.753103414 +0200 +++ openssl-1.0.1k/apps/s_time.c 2015-01-09 10:19:45.478779501 +0100
@@ -179,6 +179,7 @@ static void s_time_usage(void) @@ -179,6 +179,7 @@ static void s_time_usage(void)
file if not specified by this option\n\ file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\ -CApath arg - PEM format directory of CA's\n\
@ -76,9 +76,9 @@ diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" ); printf( "usage: s_time <args>\n\n" );
diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c
--- openssl-1.0.1i/apps/ts.c.trusted-first 2014-08-07 13:54:27.707103186 +0200 --- openssl-1.0.1k/apps/ts.c.trusted-first 2015-01-09 10:19:45.435778529 +0100
+++ openssl-1.0.1i/apps/ts.c 2014-08-07 13:54:27.753103414 +0200 +++ openssl-1.0.1k/apps/ts.c 2015-01-09 10:19:45.478779501 +0100
@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv) @@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
"ts -verify [-data file_to_hash] [-digest digest_bytes] " "ts -verify [-data file_to_hash] [-digest digest_bytes] "
"[-queryfile request.tsq] " "[-queryfile request.tsq] "
@ -88,9 +88,9 @@ diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
"-untrusted cert_file.pem\n"); "-untrusted cert_file.pem\n");
cleanup: cleanup:
/* Clean up. */ /* Clean up. */
diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c
--- openssl-1.0.1i/apps/verify.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/apps/verify.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/apps/verify.c 2014-08-07 13:54:27.754103419 +0200 +++ openssl-1.0.1k/apps/verify.c 2015-01-09 10:19:45.478779501 +0100
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv) @@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
end: end:
@ -100,9 +100,9 @@ diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
BIO_printf(bio_err," [-attime timestamp]"); BIO_printf(bio_err," [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," [-engine e]"); BIO_printf(bio_err," [-engine e]");
diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.c diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c
--- openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first 2014-08-07 13:54:27.716103231 +0200 --- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first 2015-01-09 10:19:45.443778710 +0100
+++ openssl-1.0.1i/crypto/x509/x509_vfy.c 2014-08-07 13:54:27.754103419 +0200 +++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-01-09 10:19:45.479779524 +0100
@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx @@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
/* If we are self signed, we break */ /* If we are self signed, we break */
@ -125,9 +125,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/cryp
/* If we were passed a cert chain, use it first */ /* If we were passed a cert chain, use it first */
if (ctx->untrusted != NULL) if (ctx->untrusted != NULL)
diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.h diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h
--- openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first 2014-08-07 13:54:27.360101466 +0200 --- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first 2015-01-09 10:19:45.266774706 +0100
+++ openssl-1.0.1i/crypto/x509/x509_vfy.h 2014-08-07 13:54:27.754103419 +0200 +++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-01-09 10:19:45.479779524 +0100
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE @@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
#define X509_V_FLAG_USE_DELTAS 0x2000 #define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */ /* Check selfsigned CA signature */
@ -137,9 +137,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/cryp
#define X509_VP_FLAG_DEFAULT 0x1 #define X509_VP_FLAG_DEFAULT 0x1
diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/cms.pod diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod
--- openssl-1.0.1i/doc/apps/cms.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/doc/apps/cms.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/doc/apps/cms.pod 2014-08-07 13:54:27.754103419 +0200 +++ openssl-1.0.1k/doc/apps/cms.pod 2015-01-09 10:19:45.479779524 +0100
@@ -35,6 +35,7 @@ B<openssl> B<cms> @@ -35,6 +35,7 @@ B<openssl> B<cms>
[B<-print>] [B<-print>]
[B<-CAfile file>] [B<-CAfile file>]
@ -161,9 +161,9 @@ diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/c
=item B<-md digest> =item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ocsp.pod diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod
--- openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first 2014-08-07 13:54:27.708103191 +0200 --- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first 2015-01-09 10:19:45.436778551 +0100
+++ openssl-1.0.1i/doc/apps/ocsp.pod 2014-08-07 13:54:27.755103424 +0200 +++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-01-09 10:19:45.479779524 +0100
@@ -29,6 +29,7 @@ B<openssl> B<ocsp> @@ -29,6 +29,7 @@ B<openssl> B<ocsp>
[B<-path>] [B<-path>]
[B<-CApath dir>] [B<-CApath dir>]
@ -172,7 +172,7 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
[B<-VAfile file>] [B<-VAfile file>]
[B<-validity_period n>] [B<-validity_period n>]
[B<-status_age n>] [B<-status_age n>]
@@ -138,6 +139,13 @@ or "/" by default. @@ -142,6 +143,13 @@ connection timeout to the OCSP responder
file or pathname containing trusted CA certificates. These are used to verify file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response. the signature on the OCSP response.
@ -186,9 +186,9 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
=item B<-verify_other file> =item B<-verify_other file>
file containing additional certificates to search when attempting to locate file containing additional certificates to search when attempting to locate
diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/apps/s_client.pod diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod
--- openssl-1.0.1i/doc/apps/s_client.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200 --- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
+++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 13:54:27.755103424 +0200 +++ openssl-1.0.1k/doc/apps/s_client.pod 2015-01-09 10:19:45.479779524 +0100
@@ -19,6 +19,7 @@ B<openssl> B<s_client> @@ -19,6 +19,7 @@ B<openssl> B<s_client>
[B<-pass arg>] [B<-pass arg>]
[B<-CApath directory>] [B<-CApath directory>]
@ -206,9 +206,9 @@ diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/a
Set various certificate chain valiadition option. See the Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details. L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps/smime.pod diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod
--- openssl-1.0.1i/doc/apps/smime.pod.trusted-first 2014-07-22 21:43:11.000000000 +0200 --- openssl-1.0.1k/doc/apps/smime.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/doc/apps/smime.pod 2014-08-07 13:54:27.755103424 +0200 +++ openssl-1.0.1k/doc/apps/smime.pod 2015-01-09 10:19:45.479779524 +0100
@@ -15,6 +15,9 @@ B<openssl> B<smime> @@ -15,6 +15,9 @@ B<openssl> B<smime>
[B<-pk7out>] [B<-pk7out>]
[B<-[cipher]>] [B<-[cipher]>]
@ -232,9 +232,9 @@ diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps
=item B<-md digest> =item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/apps/s_server.pod diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod
--- openssl-1.0.1i/doc/apps/s_server.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200 --- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
+++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 15:07:12.315099577 +0200 +++ openssl-1.0.1k/doc/apps/s_server.pod 2015-01-09 10:19:45.479779524 +0100
@@ -33,6 +33,7 @@ B<openssl> B<s_server> @@ -33,6 +33,7 @@ B<openssl> B<s_server>
[B<-state>] [B<-state>]
[B<-CApath directory>] [B<-CApath directory>]
@ -256,9 +256,9 @@ diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/a
=item B<-state> =item B<-state>
prints out the SSL session states. prints out the SSL session states.
diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/apps/s_time.pod diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod
--- openssl-1.0.1i/doc/apps/s_time.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200 --- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/doc/apps/s_time.pod 2014-08-07 13:54:27.755103424 +0200 +++ openssl-1.0.1k/doc/apps/s_time.pod 2015-01-09 10:19:45.480779546 +0100
@@ -14,6 +14,7 @@ B<openssl> B<s_time> @@ -14,6 +14,7 @@ B<openssl> B<s_time>
[B<-key filename>] [B<-key filename>]
[B<-CApath directory>] [B<-CApath directory>]
@ -280,9 +280,9 @@ diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/app
=item B<-new> =item B<-new>
performs the timing test using a new session ID for each connection. performs the timing test using a new session ID for each connection.
diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts.pod diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod
--- openssl-1.0.1i/doc/apps/ts.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200 --- openssl-1.0.1k/doc/apps/ts.pod.trusted-first 2014-10-15 15:49:15.000000000 +0200
+++ openssl-1.0.1i/doc/apps/ts.pod 2014-08-07 13:54:27.756103429 +0200 +++ openssl-1.0.1k/doc/apps/ts.pod 2015-01-09 10:19:45.480779546 +0100
@@ -46,6 +46,7 @@ B<-verify> @@ -46,6 +46,7 @@ B<-verify>
[B<-token_in>] [B<-token_in>]
[B<-CApath> trusted_cert_path] [B<-CApath> trusted_cert_path]
@ -304,9 +304,9 @@ diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts
=item B<-untrusted> cert_file.pem =item B<-untrusted> cert_file.pem
Set of additional untrusted certificates in PEM format which may be Set of additional untrusted certificates in PEM format which may be
diff -up openssl-1.0.1i/doc/apps/verify.pod.trusted-first openssl-1.0.1i/doc/apps/verify.pod diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod
--- openssl-1.0.1i/doc/apps/verify.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200 --- openssl-1.0.1k/doc/apps/verify.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1i/doc/apps/verify.pod 2014-08-07 13:54:27.756103429 +0200 +++ openssl-1.0.1k/doc/apps/verify.pod 2015-01-09 10:19:45.480779546 +0100
@@ -9,6 +9,7 @@ verify - Utility to verify certificates. @@ -9,6 +9,7 @@ verify - Utility to verify certificates.
B<openssl> B<verify> B<openssl> B<verify>
[B<-CApath directory>] [B<-CApath directory>]

View File

@ -22,8 +22,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1j Version: 1.0.1k
Release: 3%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -58,11 +58,11 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch Patch35: openssl-0.9.8j-version-add-engines.patch
Patch39: openssl-1.0.1h-ipv6-apps.patch Patch39: openssl-1.0.1h-ipv6-apps.patch
Patch40: openssl-1.0.1j-fips.patch Patch40: openssl-1.0.1k-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch Patch49: openssl-1.0.1i-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch Patch50: openssl-1.0.1k-dtls1-abi.patch
Patch51: openssl-1.0.1e-version.patch Patch51: openssl-1.0.1e-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch Patch56: openssl-1.0.0c-rsa-x931.patch
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
@ -75,7 +75,7 @@ Patch69: openssl-1.0.1c-dh-1024.patch
Patch70: openssl-1.0.1j-fips-ec.patch Patch70: openssl-1.0.1j-fips-ec.patch
Patch71: openssl-1.0.1i-manfix.patch Patch71: openssl-1.0.1i-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch Patch73: openssl-1.0.1k-ecc-suiteb.patch
Patch74: openssl-1.0.1e-no-md5-verify.patch Patch74: openssl-1.0.1e-no-md5-verify.patch
Patch75: openssl-1.0.1e-compat-symbols.patch Patch75: openssl-1.0.1e-compat-symbols.patch
Patch76: openssl-1.0.1i-new-fips-reqs.patch Patch76: openssl-1.0.1i-new-fips-reqs.patch
@ -85,10 +85,10 @@ Patch92: openssl-1.0.1h-system-cipherlist.patch
Patch93: openssl-1.0.1h-disable-sslv2v3.patch Patch93: openssl-1.0.1h-disable-sslv2v3.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch80: openssl-1.0.1j-evp-wrap.patch Patch80: openssl-1.0.1j-evp-wrap.patch
Patch81: openssl-1.0.1-beta2-padlock64.patch Patch81: openssl-1.0.1k-padlock64.patch
Patch84: openssl-1.0.1i-trusted-first.patch Patch84: openssl-1.0.1k-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
Patch89: openssl-1.0.1j-ephemeral-key-size.patch Patch89: openssl-1.0.1k-ephemeral-key-size.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -478,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Fri Jan 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-1
- new upstream release fixing multiple security issues
* Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3 * Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
- disable SSLv3 by default again (mail servers and possibly - disable SSLv3 by default again (mail servers and possibly
LDAP servers should probably allow it explicitly for legacy LDAP servers should probably allow it explicitly for legacy

View File

@ -1 +1 @@
d6eba044f614596f94ba27a90be2b5de openssl-1.0.1j-hobbled.tar.xz c272aff85ade496e3eca96a41a49a06f openssl-1.0.1k-hobbled.tar.xz