From d2c0c4229ae3f38716b7f434f66d3d04daa742ee Mon Sep 17 00:00:00 2001 From: Jinkun Jang Date: Fri, 15 Mar 2013 01:26:55 +0900 Subject: [PATCH] sync with master branch --- debian/changelog | 80 +++++++++++++++++++++++++++++++++++++++++++++++++- packaging/openssl.spec | 15 +++++----- ssl/s3_srvr.c | 8 +++++ 3 files changed, 94 insertions(+), 9 deletions(-) mode change 100644 => 100755 packaging/openssl.spec mode change 100644 => 100755 ssl/s3_srvr.c diff --git a/debian/changelog b/debian/changelog index 0746374..6021db9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,85 @@ openssl (1.0.0f-1) unstable; urgency=low * update version - fix some security vulnerabilities - * Git: framework/securityopenssl + * Git: slp/unmodified/openssl * Tag: openssl_1.0.0f-1 -- Kidong Kim Tue, 10 Jan 2012 15:15:59 +0900 + +openssl (1.0.0e-6) unstable; urgency=low + + * 11/12/21 + * - remove unnecessary file - debian/copyright + * Git: slp/unmodified/openssl + * Tag: openssl_1.0.0e-6 + + -- Kidong Kim Wed, 21 Dec 2011 11:32:37 +0900 + +openssl (1.0.0e-5) unstable; urgency=low + + * changelog update + * Git: 165.213.180.234:slp/unmodified/openssl + * Tag: openssl_1.0.0e-5 + + -- Howon Jung Tue, 22 Nov 2011 19:12:35 +0900 + +openssl (1.0.0e-4) unstable; urgency=low + + * changelog update + * Git: 165.213.180.234:slp/unmodified/openssl + * Tag: openssl_1.0.0e-4 + + -- Howon Jung Tue, 22 Nov 2011 16:28:06 +0900 + +openssl (1.0.0e-3) unstable; urgency=low + + * changelog update + * Git: 165.213.180.234:slp/unmodified/openssl + * Tag: openssl_1.0.0e-3 + + -- Howon Jung Tue, 22 Nov 2011 16:09:53 +0900 + +openssl (1.0.0e-2) unstable; urgency=low + + * Enable the md2 cipher + + -- Mike McCormack Fri, 16 Sep 2011 11:45:19 +0900 + +openssl (1.0.0e-1) unstable; urgency=low + + * Upgrade to 1.0.0e + + -- Mike McCormack Wed, 14 Sep 2011 12:06:40 +0900 + +openssl (0.9.8s-5) unstable; urgency=low + + * upgrade + * tweak build and packaging + * Git: 165.213.180.234:slp/unmodified/openssl + * Tag: openssl_0.9.8s-5 + + -- Mike McCormack Fri, 03 Dec 2010 11:26:01 +0900 + +openssl (0.9.8i-4) unstable; urgency=low + + * remove .git directory + + -- Semun Lee Fri, 20 Nov 2009 16:03:43 +0900 + +openssl (0.9.8i-3) unstable; urgency=low + + * add shlibs + + -- Semun Lee Mon, 16 Nov 2009 11:30:22 +0900 + +openssl (0.9.8i-2) unstable; urgency=low + + * fix dev package not to install *.so files + + -- Semun Lee Fri, 13 Nov 2009 09:28:22 +0900 + +openssl (0.9.8i) unstable; urgency=low + + * Initial Release. + + -- unknown Thu, 12 Nov 2009 11:02:22 +0900 diff --git a/packaging/openssl.spec b/packaging/openssl.spec old mode 100644 new mode 100755 index 0b892e5..c2bc92b --- a/packaging/openssl.spec +++ b/packaging/openssl.spec @@ -40,20 +40,19 @@ cp %{SOURCE1001} . # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure shared \ - --prefix=%{_prefix} --install-prefix=%{buildroot} linux-generic32 -ldl no-asm no-idea no-camellia enable-md2 + --prefix=%{_prefix} --install-prefix=$RPM_BUILD_ROOT linux-generic32 -ldl -no-asm enable-md2 no-idea no-camellia no-rc5 make depend make all %install - +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT # Install OpenSSL. -make INSTALL_PREFIX=%{buildroot} install +make INSTALL_PREFIX=$RPM_BUILD_ROOT install +rm -rf %{buildroot}/usr/ssl/man -rm -rf %{buildroot}%{_prefix}/ssl/man -rm -rf %{buildroot}%{_prefix}/ssl/misc/*.pl -rm -rf %{buildroot}%{_prefix}/ssl/misc/tsget -rm -rf %{buildroot}%{_bindir}/c_rehash +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT %post -p /sbin/ldconfig @@ -62,7 +61,7 @@ rm -rf %{buildroot}%{_bindir}/c_rehash %files %manifest openssl.manifest %defattr(-,root,root,-) -%{_bindir}/* +%{_prefix}/bin/openssl %{_prefix}/ssl %{_libdir}/engines/*.so %{_libdir}/libcrypto.so.%{soversion} diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c old mode 100644 new mode 100755 index 118939f..f235f2c --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -870,6 +870,14 @@ int ssl3_check_client_hello(SSL *s) int ok; long n; + /* We only allow the client to restart the handshake once per + * negotiation. */ + if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) + { + SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); + return -1; + } + /* this function is called when we really expect a Certificate message, * so permit appropriate message length */ n=s->method->ssl_get_message(s, -- 2.7.4