minor upstream release 1.0.2h fixing security issues
This commit is contained in:
parent
0a6d0e5ddc
commit
eeb6ac1a65
1
.gitignore
vendored
1
.gitignore
vendored
@ -28,3 +28,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.0.2e-hobbled.tar.xz
|
||||
/openssl-1.0.2f-hobbled.tar.xz
|
||||
/openssl-1.0.2g-hobbled.tar.xz
|
||||
/openssl-1.0.2h-hobbled.tar.xz
|
||||
|
@ -1,12 +0,0 @@
|
||||
diff -up openssl-1.0.2a/ssl/ssl.h.weak-ciphers openssl-1.0.2a/ssl/ssl.h
|
||||
--- openssl-1.0.2a/ssl/ssl.h.weak-ciphers 2015-04-22 15:11:14.026574414 +0200
|
||||
+++ openssl-1.0.2a/ssl/ssl.h 2015-04-22 15:14:51.302744713 +0200
|
||||
@@ -338,7 +338,7 @@ extern "C" {
|
||||
* The following cipher list is used by default. It also is substituted when
|
||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||
*/
|
||||
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
|
||||
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!DES"
|
||||
/*
|
||||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
||||
* starts with a reasonable order, and all we have to do for DEFAULT is
|
@ -1,27 +0,0 @@
|
||||
diff -up openssl-1.0.2g/ssl/ssl.h.remove-ssl2 openssl-1.0.2g/ssl/ssl.h
|
||||
--- openssl-1.0.2g/ssl/ssl.h.remove-ssl2 2016-03-02 09:26:24.000000000 +0100
|
||||
+++ openssl-1.0.2g/ssl/ssl.h 2016-03-29 15:24:01.471422525 +0200
|
||||
@@ -2283,7 +2283,7 @@ const char *SSL_get_version(const SSL *s
|
||||
/* This sets the 'default' SSL version that SSL_new() will create */
|
||||
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
||||
|
||||
-# ifndef OPENSSL_NO_SSL2
|
||||
+# ifndef OPENSSL_NO_SSL2_METHOD
|
||||
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
|
||||
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
|
||||
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
|
||||
diff -up openssl-1.0.2g/ssl/s2_meth.c.remove-ssl2 openssl-1.0.2g/ssl/s2_meth.c
|
||||
--- openssl-1.0.2g/ssl/s2_meth.c.remove-ssl2 2016-01-28 14:38:31.000000000 +0100
|
||||
+++ openssl-1.0.2g/ssl/s2_meth.c 2016-03-29 15:19:49.319654216 +0200
|
||||
@@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method,
|
||||
ssl2_accept, ssl2_connect, ssl2_get_method)
|
||||
#else /* !OPENSSL_NO_SSL2 */
|
||||
|
||||
-# if PEDANTIC
|
||||
-static void *dummy = &dummy;
|
||||
-# endif
|
||||
+const SSL_METHOD *SSLv2_method(void) { return NULL; }
|
||||
+const SSL_METHOD *SSLv2_client_method(void) { return NULL; }
|
||||
+const SSL_METHOD *SSLv2_server_method(void) { return NULL; }
|
||||
|
||||
#endif
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.2c/apps/cms.c.trusted-first openssl-1.0.2c/apps/cms.c
|
||||
--- openssl-1.0.2c/apps/cms.c.trusted-first 2015-06-15 17:45:13.112279761 +0200
|
||||
+++ openssl-1.0.2c/apps/cms.c 2015-06-15 17:46:11.045611575 +0200
|
||||
diff -up openssl-1.0.2h/apps/cms.c.trusted-first openssl-1.0.2h/apps/cms.c
|
||||
--- openssl-1.0.2h/apps/cms.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/apps/cms.c 2016-05-03 18:01:16.729556976 +0200
|
||||
@@ -646,6 +646,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
@ -10,10 +10,10 @@ diff -up openssl-1.0.2c/apps/cms.c.trusted-first openssl-1.0.2c/apps/cms.c
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
diff -up openssl-1.0.2c/apps/ocsp.c.trusted-first openssl-1.0.2c/apps/ocsp.c
|
||||
--- openssl-1.0.2c/apps/ocsp.c.trusted-first 2015-06-15 17:45:13.112279761 +0200
|
||||
+++ openssl-1.0.2c/apps/ocsp.c 2015-06-15 17:46:31.898090948 +0200
|
||||
@@ -536,6 +536,8 @@ int MAIN(int argc, char **argv)
|
||||
diff -up openssl-1.0.2h/apps/ocsp.c.trusted-first openssl-1.0.2h/apps/ocsp.c
|
||||
--- openssl-1.0.2h/apps/ocsp.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/apps/ocsp.c 2016-05-03 18:01:16.730556998 +0200
|
||||
@@ -537,6 +537,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -22,9 +22,9 @@ diff -up openssl-1.0.2c/apps/ocsp.c.trusted-first openssl-1.0.2c/apps/ocsp.c
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-VAfile file validator certificates file\n");
|
||||
diff -up openssl-1.0.2c/apps/s_client.c.trusted-first openssl-1.0.2c/apps/s_client.c
|
||||
--- openssl-1.0.2c/apps/s_client.c.trusted-first 2015-06-15 17:45:13.113279784 +0200
|
||||
+++ openssl-1.0.2c/apps/s_client.c 2015-06-15 17:47:05.645866767 +0200
|
||||
diff -up openssl-1.0.2h/apps/s_client.c.trusted-first openssl-1.0.2h/apps/s_client.c
|
||||
--- openssl-1.0.2h/apps/s_client.c.trusted-first 2016-05-03 18:01:16.696556246 +0200
|
||||
+++ openssl-1.0.2h/apps/s_client.c 2016-05-03 18:01:16.730556998 +0200
|
||||
@@ -333,6 +333,8 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
@ -34,9 +34,9 @@ diff -up openssl-1.0.2c/apps/s_client.c.trusted-first openssl-1.0.2c/apps/s_clie
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||
diff -up openssl-1.0.2c/apps/smime.c.trusted-first openssl-1.0.2c/apps/smime.c
|
||||
--- openssl-1.0.2c/apps/smime.c.trusted-first 2015-06-15 17:45:13.113279784 +0200
|
||||
+++ openssl-1.0.2c/apps/smime.c 2015-06-15 17:47:39.090635621 +0200
|
||||
diff -up openssl-1.0.2h/apps/smime.c.trusted-first openssl-1.0.2h/apps/smime.c
|
||||
--- openssl-1.0.2h/apps/smime.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/apps/smime.c 2016-05-03 18:01:16.730556998 +0200
|
||||
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
@ -46,10 +46,10 @@ diff -up openssl-1.0.2c/apps/smime.c.trusted-first openssl-1.0.2c/apps/smime.c
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
diff -up openssl-1.0.2c/apps/s_server.c.trusted-first openssl-1.0.2c/apps/s_server.c
|
||||
--- openssl-1.0.2c/apps/s_server.c.trusted-first 2015-06-15 17:45:13.114279807 +0200
|
||||
+++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:47:24.841308046 +0200
|
||||
@@ -572,6 +572,8 @@ static void sv_usage(void)
|
||||
diff -up openssl-1.0.2h/apps/s_server.c.trusted-first openssl-1.0.2h/apps/s_server.c
|
||||
--- openssl-1.0.2h/apps/s_server.c.trusted-first 2016-05-03 18:01:16.666555583 +0200
|
||||
+++ openssl-1.0.2h/apps/s_server.c 2016-05-03 18:01:16.731557020 +0200
|
||||
@@ -578,6 +578,8 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -58,9 +58,9 @@ diff -up openssl-1.0.2c/apps/s_server.c.trusted-first openssl-1.0.2c/apps/s_serv
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
diff -up openssl-1.0.2c/apps/s_time.c.trusted-first openssl-1.0.2c/apps/s_time.c
|
||||
--- openssl-1.0.2c/apps/s_time.c.trusted-first 2015-06-15 17:45:13.010277416 +0200
|
||||
+++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:45:13.114279807 +0200
|
||||
diff -up openssl-1.0.2h/apps/s_time.c.trusted-first openssl-1.0.2h/apps/s_time.c
|
||||
--- openssl-1.0.2h/apps/s_time.c.trusted-first 2016-05-03 18:01:16.661555472 +0200
|
||||
+++ openssl-1.0.2h/apps/s_time.c 2016-05-03 18:01:16.731557020 +0200
|
||||
@@ -182,6 +182,7 @@ static void s_time_usage(void)
|
||||
file if not specified by this option\n\
|
||||
-CApath arg - PEM format directory of CA's\n\
|
||||
@ -69,9 +69,9 @@ diff -up openssl-1.0.2c/apps/s_time.c.trusted-first openssl-1.0.2c/apps/s_time.c
|
||||
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
|
||||
|
||||
printf("usage: s_time <args>\n\n");
|
||||
diff -up openssl-1.0.2c/apps/ts.c.trusted-first openssl-1.0.2c/apps/ts.c
|
||||
--- openssl-1.0.2c/apps/ts.c.trusted-first 2015-06-15 17:45:13.065278681 +0200
|
||||
+++ openssl-1.0.2c/apps/ts.c 2015-06-15 17:45:13.114279807 +0200
|
||||
diff -up openssl-1.0.2h/apps/ts.c.trusted-first openssl-1.0.2h/apps/ts.c
|
||||
--- openssl-1.0.2h/apps/ts.c.trusted-first 2016-05-03 18:01:16.694556202 +0200
|
||||
+++ openssl-1.0.2h/apps/ts.c 2016-05-03 18:01:16.731557020 +0200
|
||||
@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv)
|
||||
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
|
||||
"[-queryfile request.tsq] "
|
||||
@ -81,9 +81,9 @@ diff -up openssl-1.0.2c/apps/ts.c.trusted-first openssl-1.0.2c/apps/ts.c
|
||||
"-untrusted cert_file.pem\n");
|
||||
cleanup:
|
||||
/* Clean up. */
|
||||
diff -up openssl-1.0.2c/apps/verify.c.trusted-first openssl-1.0.2c/apps/verify.c
|
||||
--- openssl-1.0.2c/apps/verify.c.trusted-first 2015-06-15 17:45:13.114279807 +0200
|
||||
+++ openssl-1.0.2c/apps/verify.c 2015-06-15 17:48:03.979207778 +0200
|
||||
diff -up openssl-1.0.2h/apps/verify.c.trusted-first openssl-1.0.2h/apps/verify.c
|
||||
--- openssl-1.0.2h/apps/verify.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/apps/verify.c 2016-05-03 18:01:16.731557020 +0200
|
||||
@@ -231,7 +231,7 @@ int MAIN(int argc, char **argv)
|
||||
end:
|
||||
if (ret == 1) {
|
||||
@ -93,9 +93,9 @@ diff -up openssl-1.0.2c/apps/verify.c.trusted-first openssl-1.0.2c/apps/verify.c
|
||||
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, " [-engine e]");
|
||||
diff -up openssl-1.0.2c/doc/apps/cms.pod.trusted-first openssl-1.0.2c/doc/apps/cms.pod
|
||||
--- openssl-1.0.2c/doc/apps/cms.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/cms.pod 2015-06-15 17:48:43.615118958 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/cms.pod.trusted-first openssl-1.0.2h/doc/apps/cms.pod
|
||||
--- openssl-1.0.2h/doc/apps/cms.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/cms.pod 2016-05-03 18:01:16.731557020 +0200
|
||||
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
||||
[B<-print>]
|
||||
[B<-CAfile file>]
|
||||
@ -117,19 +117,17 @@ diff -up openssl-1.0.2c/doc/apps/cms.pod.trusted-first openssl-1.0.2c/doc/apps/c
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first openssl-1.0.2c/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first 2015-06-15 17:45:13.115279830 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/ocsp.pod 2015-06-15 17:49:06.337641320 +0200
|
||||
@@ -29,7 +29,8 @@ B<openssl> B<ocsp>
|
||||
diff -up openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first openssl-1.0.2h/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first 2016-05-03 18:01:16.695556224 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/ocsp.pod 2016-05-03 18:02:16.021868012 +0200
|
||||
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
-[B<-no_alt_chains>]]
|
||||
+[B<-trusted_first>]
|
||||
+[B<-no_alt_chains>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-VAfile file>]
|
||||
[B<-validity_period n>]
|
||||
[B<-status_age n>]
|
||||
@@ -144,6 +145,13 @@ connection timeout to the OCSP responder
|
||||
file or pathname containing trusted CA certificates. These are used to verify
|
||||
the signature on the OCSP response.
|
||||
@ -144,9 +142,9 @@ diff -up openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first openssl-1.0.2c/doc/apps/
|
||||
=item B<-no_alt_chains>
|
||||
|
||||
See L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2c/doc/apps/s_client.pod.trusted-first openssl-1.0.2c/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2c/doc/apps/s_client.pod.trusted-first 2015-06-15 17:45:13.115279830 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/s_client.pod 2015-06-15 17:49:23.984046989 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/s_client.pod.trusted-first openssl-1.0.2h/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2h/doc/apps/s_client.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/s_client.pod 2016-05-03 18:01:16.732557042 +0200
|
||||
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
|
||||
[B<-pass arg>]
|
||||
[B<-CApath directory>]
|
||||
@ -164,9 +162,9 @@ diff -up openssl-1.0.2c/doc/apps/s_client.pod.trusted-first openssl-1.0.2c/doc/a
|
||||
|
||||
Set various certificate chain valiadition option. See the
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2c/doc/apps/smime.pod.trusted-first openssl-1.0.2c/doc/apps/smime.pod
|
||||
--- openssl-1.0.2c/doc/apps/smime.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/smime.pod 2015-06-15 17:50:00.856894648 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/smime.pod.trusted-first openssl-1.0.2h/doc/apps/smime.pod
|
||||
--- openssl-1.0.2h/doc/apps/smime.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/smime.pod 2016-05-03 18:01:16.732557042 +0200
|
||||
@@ -15,6 +15,9 @@ B<openssl> B<smime>
|
||||
[B<-pk7out>]
|
||||
[B<-[cipher]>]
|
||||
@ -190,9 +188,9 @@ diff -up openssl-1.0.2c/doc/apps/smime.pod.trusted-first openssl-1.0.2c/doc/apps
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2c/doc/apps/s_server.pod.trusted-first 2015-06-15 17:45:13.116279853 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/s_server.pod 2015-06-15 17:49:37.420355873 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/s_server.pod.trusted-first openssl-1.0.2h/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2h/doc/apps/s_server.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/s_server.pod 2016-05-03 18:01:16.732557042 +0200
|
||||
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
|
||||
[B<-state>]
|
||||
[B<-CApath directory>]
|
||||
@ -201,7 +199,7 @@ diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/a
|
||||
[B<-no_alt_chains>]
|
||||
[B<-nocert>]
|
||||
[B<-cipher cipherlist>]
|
||||
@@ -175,6 +176,12 @@ and to use when attempting to build the
|
||||
@@ -177,6 +178,12 @@ and to use when attempting to build the
|
||||
is also used in the list of acceptable client CAs passed to the client when
|
||||
a certificate is requested.
|
||||
|
||||
@ -214,9 +212,9 @@ diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/a
|
||||
=item B<-no_alt_chains>
|
||||
|
||||
See the L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2c/doc/apps/s_time.pod.trusted-first openssl-1.0.2c/doc/apps/s_time.pod
|
||||
--- openssl-1.0.2c/doc/apps/s_time.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/s_time.pod 2015-06-15 17:45:13.116279853 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/s_time.pod.trusted-first openssl-1.0.2h/doc/apps/s_time.pod
|
||||
--- openssl-1.0.2h/doc/apps/s_time.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/s_time.pod 2016-05-03 18:01:16.732557042 +0200
|
||||
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
|
||||
[B<-key filename>]
|
||||
[B<-CApath directory>]
|
||||
@ -238,9 +236,9 @@ diff -up openssl-1.0.2c/doc/apps/s_time.pod.trusted-first openssl-1.0.2c/doc/app
|
||||
=item B<-new>
|
||||
|
||||
performs the timing test using a new session ID for each connection.
|
||||
diff -up openssl-1.0.2c/doc/apps/ts.pod.trusted-first openssl-1.0.2c/doc/apps/ts.pod
|
||||
--- openssl-1.0.2c/doc/apps/ts.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/ts.pod 2015-06-15 17:45:13.116279853 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/ts.pod.trusted-first openssl-1.0.2h/doc/apps/ts.pod
|
||||
--- openssl-1.0.2h/doc/apps/ts.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/ts.pod 2016-05-03 18:01:16.732557042 +0200
|
||||
@@ -46,6 +46,7 @@ B<-verify>
|
||||
[B<-token_in>]
|
||||
[B<-CApath> trusted_cert_path]
|
||||
@ -262,9 +260,9 @@ diff -up openssl-1.0.2c/doc/apps/ts.pod.trusted-first openssl-1.0.2c/doc/apps/ts
|
||||
=item B<-untrusted> cert_file.pem
|
||||
|
||||
Set of additional untrusted certificates in PEM format which may be
|
||||
diff -up openssl-1.0.2c/doc/apps/verify.pod.trusted-first openssl-1.0.2c/doc/apps/verify.pod
|
||||
--- openssl-1.0.2c/doc/apps/verify.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/doc/apps/verify.pod 2015-06-15 17:45:13.116279853 +0200
|
||||
diff -up openssl-1.0.2h/doc/apps/verify.pod.trusted-first openssl-1.0.2h/doc/apps/verify.pod
|
||||
--- openssl-1.0.2h/doc/apps/verify.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
|
||||
+++ openssl-1.0.2h/doc/apps/verify.pod 2016-05-03 18:01:16.732557042 +0200
|
||||
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
||||
B<openssl> B<verify>
|
||||
[B<-CApath directory>]
|
||||
@ -273,7 +271,7 @@ diff -up openssl-1.0.2c/doc/apps/verify.pod.trusted-first openssl-1.0.2c/doc/app
|
||||
[B<-purpose purpose>]
|
||||
[B<-policy arg>]
|
||||
[B<-ignore_critical>]
|
||||
@@ -79,6 +80,12 @@ If a valid CRL cannot be found an error
|
||||
@@ -85,6 +86,12 @@ If a valid CRL cannot be found an error
|
||||
A file of untrusted certificates. The file should contain multiple certificates
|
||||
in PEM format concatenated together.
|
||||
|
15
openssl.spec
15
openssl.spec
@ -22,8 +22,8 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.2g
|
||||
Release: 4%{?dist}
|
||||
Version: 1.0.2h
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -56,7 +56,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||
Patch34: openssl-1.0.2a-x509.patch
|
||||
Patch35: openssl-1.0.2a-version-add-engines.patch
|
||||
Patch39: openssl-1.0.2a-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.2g-fips.patch
|
||||
Patch40: openssl-1.0.2h-fips.patch
|
||||
Patch45: openssl-1.0.2a-env-zlib.patch
|
||||
Patch47: openssl-1.0.2a-readme-warning.patch
|
||||
Patch49: openssl-1.0.1i-algo-doc.patch
|
||||
@ -76,7 +76,6 @@ Patch73: openssl-1.0.2c-ecc-suiteb.patch
|
||||
Patch74: openssl-1.0.2a-no-md5-verify.patch
|
||||
Patch75: openssl-1.0.2a-compat-symbols.patch
|
||||
Patch76: openssl-1.0.2f-new-fips-reqs.patch
|
||||
Patch77: openssl-1.0.2a-weak-ciphers.patch
|
||||
Patch78: openssl-1.0.2a-cc-reqs.patch
|
||||
Patch90: openssl-1.0.2a-enc-fail.patch
|
||||
Patch92: openssl-1.0.2a-system-cipherlist.patch
|
||||
@ -87,8 +86,7 @@ Patch96: openssl-1.0.2e-speed-doc.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch80: openssl-1.0.2e-wrap-pad.patch
|
||||
Patch81: openssl-1.0.2a-padlock64.patch
|
||||
Patch82: openssl-1.0.2c-trusted-first-doc.patch
|
||||
Patch83: openssl-1.0.2g-remove-ssl2.patch
|
||||
Patch82: openssl-1.0.2h-trusted-first-doc.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -201,7 +199,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
%patch74 -p1 -b .no-md5-verify
|
||||
%patch75 -p1 -b .compat
|
||||
%patch76 -p1 -b .fips-reqs
|
||||
%patch77 -p1 -b .weak-ciphers
|
||||
%patch78 -p1 -b .cc-reqs
|
||||
%patch90 -p1 -b .enc-fail
|
||||
%patch92 -p1 -b .system
|
||||
@ -213,7 +210,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
%patch80 -p1 -b .wrap
|
||||
%patch81 -p1 -b .padlock64
|
||||
%patch82 -p1 -b .trusted-first
|
||||
%patch83 -p1 -b .remove-ssl2
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
@ -504,6 +500,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue May 3 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2h-1
|
||||
- minor upstream release 1.0.2h fixing security issues
|
||||
|
||||
* Tue Mar 29 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-4
|
||||
- disable SSLv2 support altogether (without ABI break)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user