« back to all changes in this revision
Viewing changes to test/tpkcs7.com
- Committer: Steve Beattie
- Date: 2011-09-14 05:49:22 UTC
- mfrom: (11.1.23 sid)
- Revision ID: sbeattie@ubuntu.com-20110914054922-b2hw888xf4an14by
* Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
CVE-2011-3210. Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification bubble on libssl1.0.0
upgrade.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/aesni.patch: Backport Intel AES-NI support, now from
http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
0.9.8 variant.
- debian/patches/Bsymbolic-functions.patch: Link using
-Bsymbolic-functions.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i486, i586 (on
i386), v8 (on sparc).
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
* Add a missing $(DEB_HOST_MULTIARCH)
* New upstream version
- Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH. (CVE-2011-3210)
- Add protection against ECDSA timing attacks (CVE-2011-1945)
* Block DigiNotar certifiates. Patch from
Raphael Geissert <geissert@debian.org>
* Generate hashes for all certs in a file (Closes: #628780, #594524)
Patch from Klaus Ethgen <Klaus@Ethgen.de>
* Add multiarch support (Closs: #638137)
Patch from Steve Langasek / Ubuntu
* Symbols from the gost engine were removed because it didn't have
a linker file. Thanks to Roman I Khimov <khimov@altell.ru>
(Closes: #631503)
* Add support for s390x. Patch from Aurelien Jarno <aurel32@debian.org>
(Closes: #641100)
* Add build-arch and build-indep targets to the rules file.
* Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
* Apply patches from Scott Schaefer <saschaefer@neurodiverse.org> to
fix various pod and spelling errors. (Closes: #622820, #605561)
* Add missing symbols for the engines (Closes: #623038)
* More spelling fixes from Scott Schaefer (Closes: #395424)
* Patch from Scott Schaefer to better document pkcs12 password options
(Closes: #462489)
* Document dgst -hmac option. Patch by Thorsten Glaser <tg@mirbsd.de>
(Closes: #529586)
CVE-2011-3210. Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification bubble on libssl1.0.0
upgrade.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/aesni.patch: Backport Intel AES-NI support, now from
http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
0.9.8 variant.
- debian/patches/Bsymbolic-functions.patch: Link using
-Bsymbolic-functions.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i486, i586 (on
i386), v8 (on sparc).
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
* Add a missing $(DEB_HOST_MULTIARCH)
* New upstream version
- Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
- Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH. (CVE-2011-3210)
- Add protection against ECDSA timing attacks (CVE-2011-1945)
* Block DigiNotar certifiates. Patch from
Raphael Geissert <geissert@debian.org>
* Generate hashes for all certs in a file (Closes: #628780, #594524)
Patch from Klaus Ethgen <Klaus@Ethgen.de>
* Add multiarch support (Closs: #638137)
Patch from Steve Langasek / Ubuntu
* Symbols from the gost engine were removed because it didn't have
a linker file. Thanks to Roman I Khimov <khimov@altell.ru>
(Closes: #631503)
* Add support for s390x. Patch from Aurelien Jarno <aurel32@debian.org>
(Closes: #641100)
* Add build-arch and build-indep targets to the rules file.
* Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060)
* Apply patches from Scott Schaefer <saschaefer@neurodiverse.org> to
fix various pod and spelling errors. (Closes: #622820, #605561)
* Add missing symbols for the engines (Closes: #623038)
* More spelling fixes from Scott Schaefer (Closes: #395424)
* Patch from Scott Schaefer to better document pkcs12 password options
(Closes: #462489)
* Document dgst -hmac option. Patch by Thorsten Glaser <tg@mirbsd.de>
(Closes: #529586)
- files added:
- .pc/block_diginotar.patch
- .pc/block_diginotar.patch/crypto
- .pc/block_diginotar.patch/crypto/x509
- .pc/c_rehash-multi.patch
- .pc/c_rehash-multi.patch/tools
- .pc/dgst_hmac.patch
- .pc/dgst_hmac.patch/apps
- .pc/dgst_hmac.patch/doc
- .pc/dgst_hmac.patch/doc/apps
- .pc/libdoc-manpgs-pod-spell.patch
- .pc/libdoc-manpgs-pod-spell.patch/doc
- .pc/libdoc-manpgs-pod-spell.patch/doc/crypto
- .pc/libdoc-manpgs-pod-spell.patch/doc/ssl
- .pc/libssl-misspell.patch
- .pc/libssl-misspell.patch/crypto
- .pc/libssl-misspell.patch/crypto/asn1
- .pc/openssl-pod-misspell.patch
- .pc/openssl-pod-misspell.patch/apps
- .pc/openssl-pod-misspell.patch/crypto
- .pc/openssl-pod-misspell.patch/crypto/evp
- .pc/openssl-pod-misspell.patch/doc
- .pc/openssl-pod-misspell.patch/doc/apps
- .pc/pkcs12-doc.patch
- .pc/pkcs12-doc.patch/doc
- .pc/pkcs12-doc.patch/doc/apps
- .pc/pod_ec.misspell.patch
- .pc/pod_ec.misspell.patch/doc
- .pc/pod_ec.misspell.patch/doc/apps
- .pc/pod_pksc12.misspell.patch
- .pc/pod_pksc12.misspell.patch/doc
- .pc/pod_pksc12.misspell.patch/doc/apps
- .pc/pod_req_misspell2.patch
- .pc/pod_req_misspell2.patch/doc
- .pc/pod_req_misspell2.patch/doc/apps
- .pc/pod_s_server.misspell.patch
- .pc/pod_s_server.misspell.patch/doc
- .pc/pod_s_server.misspell.patch/doc/apps
- .pc/pod_x509setflags.misspell.patch
- .pc/pod_x509setflags.misspell.patch/doc
- .pc/pod_x509setflags.misspell.patch/doc/crypto
- .pc/version-script.patch/engines/ccgost
- files removed:
- VMS/install.com
- files modified:
- .pc/Bsymbolic-functions.patch/Configure
added
removed
test/tpkcs7.com
