This is an automated email from the git hooks/post-receive script. x2go pushed a change to tag 1.15.2.8 in repository vcxsrv. at 719332a (commit) This tag includes the following new commits: new f65ff03 Update openssl: 1.0.1m -> 1.0.1o new 6fd7795 Update version string: 1.15.2.7 new a44675a add releasenote_1.15.2.7.x2go+arctica.txt new 96bc788 Bump date in "About" new ab75afb Update version string: 1.15.2.8 new ca7b8d3 Update openssl: 1.0.1o -> 1.0.1p new 719332a Replace various "VENDOR" strings for X2Go/Arctica The 7 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.15.2.8 in repository vcxsrv. commit ab75afbcc58c927654b75d8b3c179f423e38cfbd Author: Mike DePaulo <mikedep333@gmail.com> Date: Fri Jul 10 08:21:38 2015 -0400 Update version string: 1.15.2.8 --- include/dix-config.h | 2 +- releasenotes/releasenote_1.15.2.8.x2go+arctica.txt | 1218 ++++++++++++++++++++ xorg-server/hw/xwin/XWin.rc | 2 +- xorg-server/installer/vcxsrv-64-debug.nsi | 2 +- xorg-server/installer/vcxsrv-64.nsi | 2 +- xorg-server/installer/vcxsrv-debug.nsi | 2 +- xorg-server/installer/vcxsrv.nsi | 2 +- 7 files changed, 1224 insertions(+), 6 deletions(-) diff --git a/include/dix-config.h b/include/dix-config.h index 1fd5731..2711a95 100644 --- a/include/dix-config.h +++ b/include/dix-config.h @@ -366,7 +366,7 @@ #undef XORG_RELEASE /* Current Xorg version */ -#define XORG_VERSION_CURRENT (((1) * 10000000) + ((15) * 100000) + ((2) * 1000) + 7) +#define XORG_VERSION_CURRENT (((1) * 10000000) + ((15) * 100000) + ((2) * 1000) + 8) /* Xorg release date */ #define XORG_DATE "10 Sept 2009" diff --git a/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt b/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt new file mode 100644 index 0000000..27825ea --- /dev/null +++ b/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt @@ -0,0 +1,1218 @@ +Changes in 1.15.2.8 (X2Go/Arctica Builds) +------------------- + +Changes in 1.15.2.7 (X2Go/Arctica Builds) +------------------- + +Update the following packages: + openssl 1.0.1m -> 1.0.1o + +Changes in 1.15.2.6 (X2Go/Arctica Builds) +------------------- + +- Fix xorg-server CVE-2015-3418 +- Do not make the font files differ each time due to timestamp + differences +- installer: specify Icon, Version, Publisher & URLs + (Shows up in "Add/Remove Programs") +- installer: change name in "Add/Remove Programs" to: + VcXsrv (X2Go/Arctica Builds) + +Changes in 1.15.2.5 (X2Go/Arctica Builds) +------------------- + +- Update the following packages: + openssl 1.0.1k -> 1.0.1m + libXfont 1.4.8 -> 1.4.9 +- Fix plink CVE-2015-2157 +- uninstaller: Remove the entire VcXsrv directory (GitHub Issue #1) + +Changes in 1.15.2.4-xp+vc2013+x2go1 +------------------- + +- Update the following packages: + freetype 2.5.3 -> 2.5.5 + +Changes in 1.15.2.3-xp+vc2013+x2go1 +------------------- + +- Fix xorg-server CVE-2015-0255 +- Compiler update: MSVC 2013 Update 3 -> Update 4 + (Still compiled with XP Targeting) + +Changes in 1.15.2.2-xp+vc2013+x2go1 +------------------- + +- Update the following packages: + openssl 1.0.1j -> 1.0.1k +- Fix xorg-server CVE-2014-8091..8103 + +Changes in 1.15.2.1-xp+vc2013+x2go1 +------------------- + +- Update the following packages: + openssl 1.0.1i -> 1.0.1ij + +Changes in 1.15.2.0-xp+vc2013+x2go1 +------------------- + +- Update the following packages: + openssl 1.0.1h -> 1.0.1i +- Reinstate compatibility with Windows XP by switching from the + regular MSVC 2013 compiler to the MSVC 2013 compiler with + XP targetting. +- Resume maintaining the build instructions and scripts. +- Incorporate the nx-libs compatibility patch winmultiwindow.patch + from Oleksandr Shneyder (phoca GmbH) + + +Changes in 1.15.2.0 +------------------- +- Update the following packages: + git updates until 5/07/2014 of the following packages + mesa + libxcb + xkeyboard-config + xserver + fontconfig + pixman + xwininfo + libX11 + plink + libxcb + xcb-proto + mkfontscale + freetype 2.5.3 + libXfont 1.4.8 + openssl 1.0.1h + +Changes in 1.15.0.2 +------------------- +- Update the following packages: + git updates until 1/05/2014 of the following packages + mesa + libxcb + xkeyboard-config + xserver + libxtrans + fontconfig + xcb-proto + pixman + plink revision 10184 +- Solved problem with notab and noframe styles + +CChanges in 1.15.0.1 +------------------- +- Update the following packages: + git updates until 31/03/2014 of the following packages + mesa + libxtrans + fontconfig + xserver + libXfont-1.4.7 + xproto-7.0.25 + +Changes in 1.15.0 +----------------- +- Update the following packages: + git updates until 25/03/2014 of the following packages + xserver + mesa + libxcb + xcb-proto + xkeyboard-config + randsrproto + fontconfig + libX11 + libXext + xkbcomp + libxtrans +- Solved problem of silent-dup-error not always being checked correctly +- Now taskbar with notab can be specified in system.XWinrc +- Also install a default X0.hosts file + +Changes in 1.14.5 +----------------- +- Update the following packages: + git updates until 22/12/2013 of the following packages + xserver + mesa + pixman + mkfontscale + libxtrans + fontconfig + glproto + libX11 + libxcb + xcbproto + xkeyboard-config + libXinerama + libXmu + +Changes in 1.14.4 +----------------- +- Update the following packages: + git updates until 21/11/2013 of the following packages + xserver + mesa + pixman + fontconfig + libXau + xkeyboard-config + libxcb + libxcb/xcb-proto + libX11 + libXdmcp + libXext + libfontenc + libXinerama + xkbcomp + xextproto + randrproto + glproto + mkfontscale + xwininfo + libXft + libXmu + libxtrans + mkfontscale + libXpm-3.5.11 + libXaw-1.0.12 + libXfont-1.4.6 + libXrender-0.9.8 + xproto-7.0.24 + inputproto-2.3 + xclock-1.0.7 + xhost-1.0.6 + zlib-1.2.8 +- Added expat-2.1.0 +- Added presentproto-1.0 +- Now compiled with Visual Studio 2013 Express Edition +- mesa: Solved freeing of invalid pointer + +Changes in 1.14.3 +----------------- +- Update the following packages: + git updates until 19/09/2013 of the following packages + xserver + mesa + pixman + libXmu + xkeyboard-config + libX11 + xkbcomp + fontconfig + libxcb + libxcb/xcb-proto + libXdmcp + libXext +- Now compiled with Visual Studio 2012 Express Edition + +Changes in 1.14.2.1 +------------------- +- Update the following packages: + git updates until 26/07/2013 of the following packages + xserver + mesa + libxcb + libxcb/xcb-proto + fontconfig + libXext + libX11 + libxtrans + xkbcomp + mkfontscale + libXmu + libxml 2.9.1 +- gen_gl_wrappers: now use the opengl xml specification files as input +- Now also release 64-bit version + +Changes in 1.14.2.0 +------------------- +- Update the following packages: + git updates until 21/06/2013 of the following packages + mesa + xkeyboard-config + xserver + pixman + libX11 + mkfontscale + libXmu + xwininfo + fontconfig + libxcb + libxcb/xcb-proto + libXau + libfontenc + libXext + libXinerama + xkbcomp + libXdmcp + xrdb + freetype-2.5.0.1 +- wgl: do not use transparent windows for the opengl windows +- Solved problem of logverbosity parameter not taking into account + +Changes in 1.13.2.0 +------------------- +- Update the following packages: + git updates until 13/02/2013 of the following packages + mesa + xkeyboard-config + xserver + pixman + fontconfig + libX11 + libXft + libXau + xkbcomp + mkfontscale + libXdmcp + libXmu + xwininfo + libxtrans + libXinerama + libfontenc + libXext + glproto + libxcb + cvs update until 13/02/2013 of pthreads + inputproto 2.2.99.1 + bdftopcf 1.0.4 + xcalc 1.0.5 + openssl-1.0.1e + freetype-2.4.11 + +- xlaunch: solved problem of prompt not being shown in xp +- Use fonts.conf file in fontconfig +- xlaunch: Use dialog for prompting for password input instead of console + +Changes in 1.13.1.0 +------------------- +- Update the following packages: + git updates until 05/12/2012 of the following packages + mesa + xkeyboard-config + xserver + pixman + xkbcomp + libX11 + libXdmcp + libxcb + xkeyboard-config + fontconfig + +- Solved problem of dxtn.dll not loaded anymore +- xlaunch: Allow specifying a key file in putty format when starting a + remote program. When the private key is password protected a + terminal window will pop up where this password can be entered + (except when a password is specified in the xlaunch config file) +- xlaunch: when no password specified, a password can be entered in + the console window that will popup when the plink asks for a password +- Now plink is a real console application in the release build (no -console + option anymore) +- Added buildscript to compile from cygwin terminal +- plink: when writing to stderr, flush immediately so that the error + output is seen immediately instead of at the end of the program + + +Changes in 1.13.0.0 +------------------- +- Update the following packages: + git updates until 22/10/2012 of the following packages + mesa + xkeyboard-config + xserver + pixman + libX11 + xwininfo + fontconfig + libXau + libXext + libxcb + randrproto +- Reverted xorg commit bafbd99080be49a17be97d2cc758fbe623369945 + Gave problems in vcsrv on multiple monitors +- Removed printing milli-seconds in log file +- Changed fatal error message +- Initialize the log file a little bit earlier in the startup process +- Too long env variables: Instead of giving a fatal error just remove + the env variables that are too long +- Solved problem of finding valid open socket in case ipv6 is not installed + and display number -1 is passed. +- Make sure that version info is print to log file + +Changes in 1.12.99.0 +------------------- +- Update the following packages: + git updates until 22/8/2012 of the following packages + fontconfig + mesa + xkeyboard-config + xserver + pixman + libxcb + randrproto + libX11 + libXext + zlib-1.2.7 +- Compiled the following modules as dlls: + zlib + libX11 + libXau + libxcb + libXmu + libXext +- Installer: Make installing debug version optional +- Solved problem of using wrong name for log file when -displayfd is used +- Fixed problem in Win32TempDir of returning NULL in case TEMP env variable + is not defined and TMP is +- winProcessXEventsTimeout: improved accuracy of timeout +- winUpdateWindowPosition: do not assume WS_EX_APPWINDOW style +- multiwindow: do not ignore the windows key. Now the windows key can + be used as the meta key in emacs +- Solved possible crash in winMultiWindowGetClassHint because second + string is not always null terminated + +Changes in 1.12.2.0 +------------------- +- Update the following packages: + git updates until 15/6/2012 of the following packages + fontconfig + mesa + xkeyboard-config + xserver + pixman + libX11 + libXau + libXext + libxcb + libfontenc + glproto + freetype-2.4.10 + libXaw-1.0.11 + openssl-1.0.1c +- xserver: added support for -displayfd option +- xserver: made sure that the maximum number of clients is back at 1024 + +Changes in 1.12.0.1 +------------------- +- Update the following packages: + git updates until 10/4/2012 of the following packages + fontconfig + mesa + xkeyboard-config + xserver + pixman + openssl-1.0.1 + bigreqsproto-1.1.2 + fontsproto-2.1.2 + recordproto-1.14.2 + scrnsaverproto-1.2.2 + xcmiscproto-1.2.2 + libXt-1.1.3 + xhost-1.0.5 + kbproto-1.0.6 + libXrender-0.9.7 + libxkbfile-1.0.8 + freetype-2.4.9 + libXaw-1.0.10 + libXpm-3.5.10 + xproto-7.0.23 + +- Solved problem when specifying -fullscreen on command line because default + resizing behaviour was changed to resize (which is not allowed in + fullscreen) + +Changes in 1.12.0.0 +------------------- +- Update the following packages: + git updates until 30/3/2012 of the following packages + mesa + xserver + libxcb + libX11 + pixman + xkeyboard-config + fontconfig + mkfontscale + xkbcomp + mesa + libXau + libXdmcp + libXext + libXft + libXinerama + libXmu + font-util-1.3.0 + xclock-1.0.6 + libXfont-1.4.5 + inputproto-2.2 + freetype-2.4.9 + +- Remove unused WindowExposuresProcPtr storage in screen privates +- Return error when bitsperpixel is less then 24 +- Added taskbar grouping for windows 7 +- Solved possible crashes when drawable cannot be created. + + +Changes in 1.11.4.0 +------------------- +- Update the following packages: + git updates until 30/1/2012 of the following packages + mesa + xserver + libxcb + libX11 + pixman + xkeyboard-config + xwininfo + mkfontscale + libxtrans + libXdmcp + plink svn update until 30/1/2012 + inputproto-2.1.99.5 + xf86bigfontproto-1.2.0 + openssl-1.0.0g +- Added xhost-1.0.4 application +- Added xauth-1.0.6 application +- Implemented Implemented prgrbs ungrab clsgrb and prwins keyboard actions +- Enable the keyboard options grab:break_actions by default +- Enabled XFree86 BigFont extension +- Solved possible crash in multiwindow mode +- glx: added safety against the use of a null pointer + +Changes in 1.11.3.0 +------------------- +- Update the following packages: + git updates until 17/12/2011 of the following packages + mesa + xserver + libxtrans + libX11 + pixman + libxcb + glproto + xkeyboard-config + +- Added -parentprocessid command line option + +Changes in 1.11.2.0 +------------------- +- Update the following packages: + git updates until 18/11/2011 of the following packages + mesa + xserver + pixman + libxcb + libX11 + libXext + xkeyboard-config + libXmu + libxtrans + libXdmcp + libXau + libXft + libXinerama + libfontenc + xwininfo + libXmu + mkfontscale + fontconfig + freetype 2.4.8 + openssl-1.0.0e + inputproto-2.1.99.1 + +Changes in 1.11.0.0 +------------------- +- Update the following packages: + git updates until 5/9/2011 of the following packages + mesa + xserver + pixman + libxcb + libX11 + libXext + xkeyboard-config + randrproto + xwininfo + libXmu + libXfont-1.4.4 + freetype 2.4.6 +- Installer: installation of fonts is optional now +- xserver: Use AllocDevicePair for create the mouse and keyboard devices +- xserver: Solved problem of window not taking the default window position when + created. + +Changes in 1.10.3.0 +------------------- +- Update the following packages: + git updates until 18/7/2011 of the following packages + mesa + xserver + pixman + libX11 + freetype 2.4.5 + inputproto-2.0.2 + xproto-7.0.22 + resourceproto-1.2.0 + pthreads cvs version until 18/7/2011 + +- Fixed regression in wgl implementation in multi-window mode + +Changes in 1.10.3.0 +------------------- +- Update the following packages: + git updates until 11/7/2011 of the following packages + mesa + xserver + pixman + mkfontscale + xkeyboard-config + libX11 + libXext + libXmu + xkbcomp + libXdmcp + libxtrans + x11proto + fontconfig + xwininfo +- Increased number of clients to 1024 +- Also show the cursor in the main window when the xdmcp host selection dialog is shown + +Changes in 1.10.1.1 +------------------- +- Update the following packages: + glproto git update until 24/5/2011 + libfontenc git update until 24/5/2011 + libxcb git update until 24/5/2011 + pixman git update until 24/5/2011 + xkeyboard-config git update until 24/5/2011 + mesa git update until 24/5/2011 + xserver git update until 24/5/2011 + xcb-proto git update until 24/5/2011 + mkfontscale git update until 24/5/2011 +- xkeyboard-config: Solved problem with Alt Gr key on some keyboards (e.g. belgian) + + +Changes in 1.10.1.0 +------------------- +- Update the following packages: + mesa git update until 5/5/2011 + xserver git update until 5/5/2011 + xkeyboard-config git update until 5/5/2011 + libxcb git update until 5/5/2011 + xkbcomp git update until 5/5/2011 + libXext git update until 5/5/2011 + libXmu git update until 5/5/2011 + libX11 git update until 5/5/2011 + libXdmcp git update until 5/5/2011 + xextproto git update until 5/5/2011 + libxtrans git update until 5/5/2011 + pixman git update until 5/5/2011 + glproto git update until 5/5/2011 + openssl-1.0.0d +- wgl; Solved crash because of pointer usages after memory has been freed. + + +Changes in 1.10.0.1 +------------------- +- Update the following packages: + xserver git update until 29/3/2011 + mesa git update until 29/3/2011 + xkeyboard-config git update until 29/3/2011 + libX11 git update until 29/3/2011 + pixman git update until 29/3/2011 + libxcb git update until 29/3/2011 + fontconfig git update until 29/3/2011 + glproto git update until 29/3/2011 + libXau git update until 29/3/2011 + libXft git update until 29/3/2011 + libXmu git update until 29/3/2011 + libfontenc git update until 29/3/2011 + mkfontscale git update until 29/3/2011 + randrproto git update until 29/3/2011 + xtrans git update until 29/3/2011 + xwininfo git update until 29/3/2011 + xproto-7.0.21 git update until 29/3/2011 + xineramaproto-1.2.1 + libXt-1.1.1 + libxkbfile-1.0.7 + libXpm-3.5.9 + libXfont-1.4.3 + libXaw-1.0.9 + bdftopcf-1.0.3 + encodings-1.0.4 + fixesproto-5.0 + font-adobe-100dpi-1.0.3 + font-adobe-75dpi-1.0.3 + font-adobe-utopia-100dpi-1.0.4 + font-adobe-utopia-75dpi-1.0.4 + font-adobe-utopia-type1-1.0.4 + font-alias-1.0.3 + font-arabic-misc-1.0.3 + font-bh-100dpi-1.0.3 + font-bh-75dpi-1.0.3 + font-bh-lucidatypewriter-100dpi-1.0.3 + font-bh-lucidatypewriter-75dpi-1.0.3 + font-bh-ttf-1.0.3 + font-bh-type1-1.0.3 + font-bitstream-100dpi-1.0.3 + font-bitstream-75dpi-1.0.3 + font-bitstream-speedo-1.0.2 + font-bitstream-type1-1.0.3 + font-cronyx-cyrillic-1.0.3 + font-cursor-misc-1.0.3 + font-daewoo-misc-1.0.3 + font-dec-misc-1.0.3 + font-ibm-type1-1.0.3 + font-isas-misc-1.0.3 + font-jis-misc-1.0.3 + font-micro-misc-1.0.3 + font-misc-cyrillic-1.0.3 + font-misc-ethiopic-1.0.3 + font-misc-meltho-1.0.3 + font-misc-misc-1.1.2 + font-mutt-misc-1.0.3 + font-schumacher-misc-1.1.2 + font-screen-cyrillic-1.0.4 + font-sony-misc-1.0.3 + font-sun-misc-1.0.3 + font-util-1.2.0 + font-winitzki-cyrillic-1.0.3 + font-xfree86-type1-1.0.4 +- Added ipv6 support +- Solved past problem in windows when used with x2goclient (with -clipboard) +- Solved problem of GetKeyState not always returning the correct state in WM_SETFOCUS +- Delay calling winInitializeModeKeyStates until the keyboard device has been started +- Solved possible crash due to NULL pointer access + +Changes in 1.10.0.0 +------------------- +- Update the following packages: + xserver git update until 8/3/2011 + xkeyboard-config git update until 8/3/2011 + pixman git update until 8/3/2011 + libX11 git update until 8/3/2011 + mesa git update until 8/3/2011 + randrproto git update until 8/3/2011 + Xextproto git update until 8/3/2011 + libxcb git update until 8/3/2011 +- Solved errors when used with xmodmap +- xlaunch: + . removed dependency on msxml 4.0 + libxml2 is now used for parsing the xml input file + . added possibility to only map the CLIPBOARD selection to the-RECORD-extension + windows clipboard + . fixed problems when starting a client (local and remote) + . added option to set disable access control + . added option to terminate vcxsrv on server reset (xdmcp) +- xserver: Made winOverrideStyle thread safe +- xserver: Synchronize Xserver glx/rensize.c with mesa src/glx/compsize.c +- native glx: Handle failure to get any fbconfigs more gracefully +- vcxsrv: added -[no]clipboardprimary. Can be used to only map the CLIPBOARD + selection to the windows clipboard + +Changes in 1.9.4.1 +------------------ +- Update the following packages: + xkeyboard-config git update until 16/2/2011 + pixman git update until 16/2/2011 + xkbcomp git update until 16/2/2011 + mesa git update until 16/2/2011 +- Solved problem of wrongly generated error message in vcxsrv_dbg +- Solved problem of a window being created with an Y coordinate of 0x8000000. +- xdmcp: Solved display problem when multiple monitor setup changes +- When XDMCP -from is specified, only register the requested address +- Only call XSupportsLocale in one place. Switch to a known locale when it fails +- Type cast width to short to avoid type cast exception in debug version when width is negative. +- multiwindow; Solved possible crash because the pixmap buffer was not + correct anymore after moving a window + +Changes in 1.9.4.0 +------------------ +- Update the following packages: + xserver git update until 10/2/2011 + libXext + libXau + libX11 + pixman + mesa + libfontenc + libXinerama +- xdmcp: add host connected to in the title of the main window +- Solved a crash in multiwindow mode due to a stack overflow (possible endless recursion) + +Changes in 1.9.3.1 +------------------ +- Update the following packages: + xserver git update until 2/2/2011 + pixman git update until 2/2/2011 + libX11 git update until 2/2/2011 + xkeyboard-config git update until 2/2/2011 + libxcb git update until 2/2/2011 + mesa git update until 2/2/2011 + xkbcomp git update until 2/2/2011 + libfontenc git update until 2/2/2011 + libXau git update until 2/2/2011 + libXinerama git update until 2/2/2011 + libXdmcp git update until 2/2/2011 + plink: updated to putty revision 9080 + freetype 2.4.4 + openssl-1.0.0c + cvs update pthreads +- Added following packages + xbitmaps-1.1.1 + libXft-2.2.0 + fontconfig-2.8.0 + libXrender-0.9.6 + windowswmproto-1.0.4 +- Prevent crash with remote font servers +- Use winUpdateFBPointer() in winshaddd.c rather than duplicating it inline +- VS2008 is not actively supported anymore +- Search for bitmaps in the current directory in stead of the HOME directory on windows +- Search for XtErrorDB in current directory +- added XtErrorDB file +- Added xclock application files +- Do not include dllmain for static library +- Solved possible crash due to not initialised pointer +- Use other default bitmap dir +- Solved problem of app icon not being loaded +- Enabled XRENDER in xclock +- Use .Xdefaults file in current directory +- Also install xclock and xclock-color +- solved problem of -resize not working when window was maximised +- Xlaunch: solved problem of Wgl setting not being saved in configuration file +- Enabled ROOTLESS option in dix +- Solved problem of using an unitialised variable. +- release build: main should also pass the penv argument +- Enabled global optimisation in release build: linker is a lot slower but it should give better performance +- Added host selection menu in case -broadcast is given on the command line + +Changes in 1.9.3.0 +------------------ +- Update the following packages: + xserver git update until 9/1/2011 + pixman git update until 9/1/2011 + libX11 git update until 9/1/2011 + libXext git update until 9/1/2011 + xkeyboard-config git update until 9/1/2011 + libxcb git update until 9/1/2011 + libfontenc update until 9/1/2011 + xextproto git update until 9/1/2011 + libXdmcp git update until 9/1/2011 + randrproto git update until 9/1/2011 + mesa git update until 9/1/2011 + bigreqsproto-1.1.1 + compositeproto-0.4.2 + damageproto-1.2.1 + fixesproto-4.1.2 + fontsproto-2.1.1 + inputproto-2.0.1 + randrproto-1.3.2 + recordproto-1.14.1 + scrnsaverproto-1.2.1 + xcmiscproto-1.2.1 + xproto-7.0.20 + xtrans 1.2.6 + xcalc-1.0.4.1 + +- updated to 9025 of putty +- Added dxtn.dll (compression functions used in mesa) +- mesa: solved opengl problem whan opengl is enabled in java + +Changes in 1.9.2.0 +------------------ +- Update the following packages: + xserver git update until 4/11/2010 + libxcb git update until 4/11/2010 + libfontenc git update until 4/11/2010 + pixman git update until 4/11/2010 + xcb-proto git update until 4/11/2010 + libX11 git update until 4/11/2010 + libXdmcp git update until 4/11/2010 + xkbcomp git update until 4/11/2010 +- Fixed regression in libxcb introduced in 1.9.0.0 +- Give clipboard window a name + +Changes in 1.9.0.902 +-------------------- +- Update the following packages: + xserver git update until 18/10/2010 + xkeyboard-config git update until 18/10/2010 + pixman git update until 18/10/2010 + libX11 git update until 18/10/2010 + libXau git update until 18/10/2010 + libXinerama git update until 18/10/2010 + glproto-1.4.12 + kbproto-1.0.5 + renderproto-0.11.1 + xclock-1.0.5 + xextproto-7.1.2 + xproto-7.0.18 + xwininfo-1.1.0 + font-mutt-misc-1.0.2 + font-sun-misc-1.0.2 +- Cleaned ddraw code and solved problem of screen disappearing when monitor setup changes +- Solved problem when having multiple netword cards +- multiwindow: only make the window visible when it is not inputonly +- Update gl.spec + +Changes in 1.9.0.2 +------------------ +- Update the following packages: + xserver git update until 21/9/2010 + pixman git update until 21/9/2010 + libX11 git update until 21/9/2010 +- Solved a number of problems with native opengl mode (-wgl) +- Native opengl: updated to the latest opengl spec files +- glx: synchronised with version of mesa currently used +- Implemented smart schedule timer +- Solved possible lockup when closing down + +Changes in 1.9.0.1 +------------------ +- Update the following packages: + xserver git update until 11/9/2010 + pixman git update until 11/9/2010 + libX11 git update until 11/9/2010 +- Solved regression swrast_dri.dll not working anymore +- xlaunch: Make sure xdmcp is never selected in multiwindow mode + +Changes in 1.9.0.0 +------------------ +- Update the following packages: + xserver git update until 4/9/2010 + xkeyboard-config + libX11 + pixman + libxcb + xkeyboard-config +- synchronised glx with mesa version +- make sure process exits when clipboard thread or multiwindow thread closes +- added support for some multimedia keys + +Changes in 1.8.99.906 +--------------------- +- Update the following packages: + mesa-7.8.2 + freetype 2.4.2 + libX11 git update until 20/8/2010 + libXdmcp git update until 20/8/2010 + libXext git update until 20/8/2010 + libXau + pixman + libxcb git update until 20/8/2010 + xserver git update until 20/8/2010 + xkeyboard-config git update until 20/8/2010 + libXinerama git update until 20/8/2010 +- Fix a GDI bitmap resource leak of window icons +- Internal WM workaround for Java AWT bug +- Add a keycode mapping for VK_OEM_8 which can be issued by Canadian Multilingual + Standard layout +- Update mapping for Canadian keyboard layouts + 0x00000c0c "Canadian French (legacy)" => layout ca variant fr-legacy + 0x00001009 "Canadian French" => layout ca variant fr + 0x00011009 "Canadian Multilingual Standard" => layout ca variant multix +- Cleanup in rootless code +- xkbcomp: avoid needless recompilation when switching between debug and release +- fixed wrong library name for freetype library + + +Changes in 1.8.99.904 +--------------------- +- Update the following packages: + libXfont-1.4.2 + libX11 git update until 11/7/2010 + libXext git update until 11/7/2010 + libxcb git update until 11/7/2010 + xserver git update until 11/7/2010 + xkeyboard-config git update until 11/7/2010 + libXinerama git update until 11/7/2010 +- Solved possible dead-lock when exiting vcxsrv (when x-selection active) +- Solved possible crash in _XReadEvents function + +Changes in 1.8.99.901 +--------------------- +- Update the following packages: + openssl-1.0.0a + mesa-7.8.1 + xserver git update until 17/6/2010 + libxcb git update until 17/6/2010 + libXext git update until 17/6/2010 + libX11 git update until 17/6/2010 + xkeyboard-config git update until 17/6/2010 + +Changes in 1.8.1 +---------------- +- Update the following packages: + xserver git update until 12/5/2010 (1.8.1) + Updated to xproto-7.0.17 + xkeyboard-config git update until 17/5/2010 + libxcb git update until 17/5/2010 + Made it possible to compile with VS2010 + +Changes in 1.8.0 +---------------- +- Update the following packages: + pixman-0.18.0 + xorg-server-1.8.0 + xkeyboard-config git update till 1/4/2010 + mesa 7.8 + freetype-2.3.12 + openssl 1.0.0 + +Changes in 1.7.99.902 +--------------------- +- Update the following packages: + pixman-0.17.10 + xserver git update till 16/3/2010 + xkeyboard-config git update till 16/3/2010 + mesa 7.7 + libXt-1.0.8 +- Added terminus-font-4.30 +- libwinmain: Make sure that control C only kills the process when a new console is created. +- Solved problem when path environment variable was larger then 1024 bytes +- Solved possible crash of accessing a null pointer +- Enabled XCSECURITY +- Solved 'ceil' undefined warning +- Solved '_XSERVTransWSAStartup' undefined warning +- Solved problem of some windows not being sizeable in multiwindow mode + +Changes in 1.7.99.901 +--------------------- +- Update the following packages: + pixman-0.17.6 + xorg-server-1.7.99.901 + xserver git update till 15/2/2010 +- Solved .xlaunch file extension registry problem in vista +- Added opengl option in xlaunch +- Added showin of log file in menu +- Removed NATIVEGDI compilation (is currently not working) +- Solved problem of certain windows not being sizeable in multiwindow mode +- Also handle MappingNotify event in clipboard thread + + +Changes in 1.7.99.6 +------------------- +- Update the following packages: + libX11-1.3.3 + pixman-0.17.4 + glproto-1.4.11 + xserver git update till 25/1/2010 +- Added patches for bug http://bugs.freedesktop.org/show_bug.cgi?id=20500 + 0001-dix-EventToCore-needs-to-copy-the-root-window-too.patch + 0001-Re-enable-the-RECORD-extension.patch +- Solved a possible crash in closing down the screen due to use on an uninitialised pointer. +- Solved problem in drawing of wide lines. Occured when plotting in octave. + + +Changes in 1.7.99.5 +------------------- +- Update the following packages: + freetype-2.3.11 + mesa_7_6_1_rc1 + xserver git update till 5/1/2010 +- Fixed problem of clipboard client being shutdown when connecting through xdmcp. +- Always use screen 0 to start windows clients. +- Multiwindow: solved problem of window not having the correct size. + + +Changes in 1.7.99.4 +------------------- +- Update the following packages: + libxcb-1.5 + xcb-proto-1.6 + xserver git update till 17/12/2009 +- Use swrast_dri_dbg.dll when running vcxsrv_dbg.exe +- Added native opengl with the -wgl option + + +Changes in 1.7.99.3 +------------------- +- Update the following packages: + pixman-0.17.2 + +- Switch to the git master branch for xserver +- Added cygwin-aiglx branch of git://anongit.freedesktop.org/~jturney/xserver + to have native opengl rendering. Only working with -multiwindow and + when export LIBGL_ALWAYS_INDIRECT +- vcxsrv.exe: When the first parameter is -console, the output is also written + to the console. +- xinerama: solved endless loop problem when moving the cursor from one screen to there + other. +- vcxsrv.exe: Set the current directory always to the directory where vcxsrv.exe is + installed, so the fonts are always found. + +Changes in 1.7.99.2 +------------------- +- Added the following packages: + xwininfo-1.0.5 + xcalc-1.0.2 + xclock-1.0.4 + libXmu-1.0.5 + libXaw-1.0.7 + libXpm-3.5.8 + libXext-1.1.1 + libXt-1.0.7 +- Solved some building problems in the makefiles when building from cmd.exe +- Do not open command window when running release build +- Solved incorrect behaviour of writev in case the first send succeeded and the second returned with an error. +- Solved crash in dix\colormap.c because wrong map was adjusted when the number of visuals was reallocated. + +Changes in 1.7.99.1 +------------------- +- Updated to the following packages + libX11-1.3.2 + xorg-server-1.7.99.1 + xtrans-1.2.5 + font-util-1.1.1 +- Now complete locale directory is build and packaged. +- solved possible problem in xcb: Make sure the winsock library + and pthread library are initialised. +- Solved problem of local fonts not being registered. This caused certain + application not to start (like xcalc) + +Changes in 1.7.0.1 +------------------ +- Updated to the following packages + encodings-1.0.3 + font-adobe-75dpi-1.0.1 + font-adobe-100dpi-1.0.1 + font-adobe-utopia-75dpi-1.0.2 + font-adobe-utopia-100dpi-1.0.2 + font-adobe-utopia-type1-1.0.2 + font-alias-1.0.2 + font-arabic-misc-1.0.1 + font-bh-75dpi-1.0.1 + font-bh-100dpi-1.0.1 + font-bh-lucidatypewriter-75dpi-1.0.1 + font-bh-lucidatypewriter-100dpi-1.0.1 + font-bh-ttf-1.0.1 + font-bh-type1-1.0.1 + font-bitstream-75dpi-1.0.1 + font-bitstream-100dpi-1.0.1 + font-bitstream-speedo-1.0.1 + font-bitstream-type1-1.0.1 + font-cronyx-cyrillic-1.0.1 + font-cursor-misc-1.0.1 + font-daewoo-misc-1.0.1 + font-dec-misc-1.0.1 + font-ibm-type1-1.0.1 + font-isas-misc-1.0.1 + font-jis-misc-1.0.1 + font-micro-misc-1.0.1 + font-misc-cyrillic-1.0.1 + font-misc-ethiopic-1.0.1 + font-misc-meltho-1.0.1 + font-misc-misc-1.1.0 + font-mutt-misc-1.0.1 + font-schumacher-misc-1.1.0 + font-screen-cyrillic-1.0.2 + font-sony-misc-1.0.1 + font-sun-misc-1.0.1 + font-util-1.1.0 + font-winitzki-cyrillic-1.0.1 + font-xfree86-type1-1.0.2 + libXfont-1.4.1 + mkfontscale-1.0.7 +- Added mesa 7.6. Opengl is working now. +- Bug fix in miClipPictureSrc function. + +Changes in 1.7.0 +---------------- +- Updated to the following packages: + fixesproto-4.1.1 + randrproto-1.3.1 + libxkbfile-1.0.6 + xkeyboard-config-1.7 + pixman-0.16.2 + libX11-1.3 + libXinerama-1.1 + xkbcomp-1.1.1 + recordproto-1.14 + xineramaproto-1.2 + inputproto-2.0 + compositeproto-0.4.1 + xorg-server-1.7.0 +- Removed most tracing in release version. Use vcxsrv_dbg when you want a log of tracing. +- Also install xerrordb file. +- Make sure the temporary file gets deleted after keyboard compilation. +- Take for the log file the same verbosity as for the screen. +- Change trace buffer from static to local to avoid problems in multithreaded tracing. +- Print some more information in X error handler. +- Solved run-time downcast errors in debug version. +- Solved error: XSetWindowBorderWidth can only be called if the window class is different from InputOnly +- Make it possible to overrule XSERVER_DTRACE in the makefiles +- Call XSelectInput when a window is mapped and not when it is created. + (There seems to be windows which created and destroyed soon without being + mapped to real windows. This was causing some errors.) + + +Changes in 1.1.2 +---------------- +- Updated to the following packages: + xorg-server-1.6.99.902 + xproto-7.0.16 + libXdmcp-1.0.3 + bdftopcf-1.0.2 +- Solved endless looping when clipboardthread is restarted due to winioerrhandler. + Caused an unexpected exit of the server when the -clipboard option was specified. +- Solved possible crash upon server restart because some global pointers + were not initialised back to 0 + +Changes in 1.1.1 +---------------- +- Updated to the following packages: + xorg-server-1.6.99.901 + xkeyboard-config-1.6.99 +- Enabled support for xinerama +- Rewritten part of the clipboard code (sometimes clipboard was + not working as expected) + One problem remains (clipboard thread exiting at startup.). This + one is hard to solve since no known recipy to reproduce. +- Now also install the debug version of the executable (vcxsrv_dbg). + This version has some more logging and error checking. +- Solved stack corruption in QueryMonitor. Now use multimon.h +- Bug solved in xcb_conn.c: use closesocket instead of close. +- Also display the number of active clients in the tray icon tooltip text. + +Changes in 1.1.0 +---------------- +- Updated to the following packages: + libX11-1.2.99.901.tar.gz + xtrans-1.2.4.tar.gz + fontsproto-2.1.0.tar.gz + damageproto-1.2.0.tar.gz + xcmiscproto-1.2.0.tar.gz + bigreqsproto-1.1.0.tar.gz + scrnsaverproto-1.2.0.tar.gz + resourceproto-1.1.0.tar.gz + xextproto-7.1.1.tar.gz + recordproto-1.13.99.1.tar.gz + inputproto-1.9.99.902.tar.gz + font-util-1.0.2.tar.gz + xorg-server-1.6.99.900.tar.gz +- Make sure clipboard thread is cleaned up correctly on error. + Solved clipboard thread exits causing the clipboard not to be working. +- Solved some errors in the fonts directory due to makefile problems + +Changes in 1.0.2 +---------------- + +- installer: Do not show details by default +- xlaunch: show message box when display number is nto filled in. +- BUG: Solved right mouse button not working in multi window mode. +- Added plink tool in installation. +- Xlaunch is now a windows application in stead of a console application + +Changes in 1.0.1 +---------------- + +- installer: make sure the latest version of the installed MSVC run-time is used. +- BUG: Solved mouse wheel not behaving correctly (especially when there are multiple monitors) +- locale: swith to the version of libX11/nls/C/makefile +- clipboard: solved paste problem from X to windows (in Vista) +- xkbcomp/listing.c: Solved uninitialised variable error in WIN32 +- xkbdata.src/symbols/level3: Removed warning when compiling for be keyboard. diff --git a/xorg-server/hw/xwin/XWin.rc b/xorg-server/hw/xwin/XWin.rc index 86438ec..e7c2f37 100644 --- a/xorg-server/hw/xwin/XWin.rc +++ b/xorg-server/hw/xwin/XWin.rc @@ -47,7 +47,7 @@ BEGIN LTEXT "VcXsrv X Server (X2Go/Arctica Builds) ", IDC_STATIC, 36, 8, 220, 8 LTEXT "https://github.com/ArcticaProject/vcxsrv", IDC_STATIC, 36, 18, 220, 8 LTEXT "http://code.x2go.org/gitweb?p=vcxsrv.git", IDC_STATIC, 36, 28, 220, 8 - LTEXT "Version 1.15.2.7 (09 Jul 2015)", IDC_STATIC, 36, 38, 220, 8 + LTEXT "Version 1.15.2.8 (10 Jul 2015)", IDC_STATIC, 36, 38, 220, 8 DEFPUSHBUTTON "OK", IDOK, 105, 75, 50, 15 END diff --git a/xorg-server/installer/vcxsrv-64-debug.nsi b/xorg-server/installer/vcxsrv-64-debug.nsi index 71ccf6d..349f2b1 100644 --- a/xorg-server/installer/vcxsrv-64-debug.nsi +++ b/xorg-server/installer/vcxsrv-64-debug.nsi @@ -18,7 +18,7 @@ ;-------------------------------- !define NAME_STRING "VcXsrv (X2Go/Arctica Builds)" -!define VERSION "1.15.2.7" +!define VERSION "1.15.2.8" ; The name of the installer Name "${NAME_STRING}" diff --git a/xorg-server/installer/vcxsrv-64.nsi b/xorg-server/installer/vcxsrv-64.nsi index 2171f7f..b138ca4 100644 --- a/xorg-server/installer/vcxsrv-64.nsi +++ b/xorg-server/installer/vcxsrv-64.nsi @@ -18,7 +18,7 @@ ;-------------------------------- !define NAME_STRING "VcXsrv (X2Go/Arctica Builds)" -!define VERSION "1.15.2.7" +!define VERSION "1.15.2.8" !define UNINSTALL_PUBLISHER "X2Go & Arctica Projects" !define UNINSTALL_URL "https://github.com/ArcticaProject/vcxsrv" diff --git a/xorg-server/installer/vcxsrv-debug.nsi b/xorg-server/installer/vcxsrv-debug.nsi index f6cd35d..2feeb2f 100644 --- a/xorg-server/installer/vcxsrv-debug.nsi +++ b/xorg-server/installer/vcxsrv-debug.nsi @@ -18,7 +18,7 @@ ;-------------------------------- !define NAME_STRING "VcXsrv (X2Go/Arctica Builds)" -!define VERSION "1.15.2.7" +!define VERSION "1.15.2.8" ; The name of the installer Name "${NAME_STRING}" diff --git a/xorg-server/installer/vcxsrv.nsi b/xorg-server/installer/vcxsrv.nsi index 66a58a3..cfc80d9 100644 --- a/xorg-server/installer/vcxsrv.nsi +++ b/xorg-server/installer/vcxsrv.nsi @@ -18,7 +18,7 @@ ;-------------------------------- !define NAME_STRING "VcXsrv (X2Go/Arctica Builds)" -!define VERSION "1.15.2.7" +!define VERSION "1.15.2.8" !define UNINSTALL_PUBLISHER "X2Go & Arctica Projects" !define UNINSTALL_URL "https://github.com/ArcticaProject/vcxsrv" -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.15.2.8 in repository vcxsrv. commit ca7b8d357638d3f7d22b5df91e325022f3517368 Author: Mike DePaulo <mikedep333@gmail.com> Date: Fri Jul 10 08:13:00 2015 -0400 Update openssl: 1.0.1o -> 1.0.1p --- openssl/CHANGES | 15 + openssl/Makefile.org | 11 +- openssl/NEWS | 4 + openssl/README | 2 +- openssl/crypto/bio/bio.h | 2 +- openssl/crypto/evp/e_aes.c | 2 +- openssl/crypto/opensslconf.h.in | 2 +- openssl/crypto/opensslv.h | 6 +- openssl/crypto/pkcs12/p12_kiss.c | 2 + openssl/crypto/threads/mttest.c | 365 ++++++++++---------- openssl/crypto/threads/pthread2.sh | 3 +- openssl/crypto/x509/Makefile | 2 +- openssl/crypto/x509/verify_extra_test.c | 209 +++++++++++ openssl/crypto/x509/x509_vfy.c | 26 +- openssl/doc/crypto/X509_NAME_get_index_by_NID.pod | 7 + openssl/doc/crypto/X509_STORE_CTX_new.pod | 13 +- openssl/doc/crypto/X509_verify_cert.pod | 3 +- openssl/openssl.spec | 2 +- openssl/ssl/s3_clnt.c | 17 +- openssl/ssl/s3_srvr.c | 2 +- openssl/test/Makefile | 31 +- openssl/test/certs/bad.key | 27 ++ openssl/test/certs/bad.pem | 21 ++ openssl/test/certs/interCA.key | 27 ++ openssl/test/certs/interCA.pem | 21 ++ openssl/test/certs/leaf.key | 27 ++ openssl/test/certs/leaf.pem | 21 ++ openssl/test/certs/rootCA.key | 27 ++ openssl/test/certs/rootCA.pem | 21 ++ openssl/test/certs/roots.pem | 42 +++ openssl/test/certs/subinterCA-ss.pem | 21 ++ openssl/test/certs/subinterCA.key | 27 ++ openssl/test/certs/subinterCA.pem | 21 ++ openssl/test/certs/untrusted.pem | 42 +++ openssl/test/testssl | 19 +- openssl/test/verify_extra_test.c | 1 + packages.txt | 2 +- releasenotes/releasenote_1.15.2.8.x2go+arctica.txt | 2 + 38 files changed, 853 insertions(+), 242 deletions(-) diff --git a/openssl/CHANGES b/openssl/CHANGES index 759b2a7..2e888f7 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,21 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1o and 1.0.1p [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI diff --git a/openssl/Makefile.org b/openssl/Makefile.org index cf82487..55a3700 100644 --- a/openssl/Makefile.org +++ b/openssl/Makefile.org @@ -268,6 +268,7 @@ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) sub_all: build_all + build_all: build_libs build_apps build_tests build_tools build_libs: build_libcrypto build_libssl openssl.pc @@ -277,15 +278,15 @@ build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) -build_ssl: +build_ssl: build_crypto @dir=ssl; target=all; $(BUILD_ONE_CMD) -build_engines: +build_engines: build_crypto @dir=engines; target=all; $(BUILD_ONE_CMD) -build_apps: +build_apps: build_libs @dir=apps; target=all; $(BUILD_ONE_CMD) -build_tests: +build_tests: build_libs @dir=test; target=all; $(BUILD_ONE_CMD) -build_tools: +build_tools: build_libs @dir=tools; target=all; $(BUILD_ONE_CMD) all_testapps: build_libs build_testapps diff --git a/openssl/NEWS b/openssl/NEWS index fb69ad3..5e76d3f 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] + + o Alternate chains certificate forgery (CVE-2015-1793) + Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] o Fix HMAC ABI incompatibility diff --git a/openssl/README b/openssl/README index bf3b715..bf03f30 100644 --- a/openssl/README +++ b/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1o 12 Jun 2015 + OpenSSL 1.0.1p 9 Jul 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/openssl/crypto/bio/bio.h b/openssl/crypto/bio/bio.h index be9cd0e..d583cc1 100644 --- a/openssl/crypto/bio/bio.h +++ b/openssl/crypto/bio/bio.h @@ -290,7 +290,7 @@ void BIO_clear_flags(BIO *b, int flags); * BIO_CB_RETURN flag indicates if it is after the call */ # define BIO_CB_RETURN 0x80 -# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) diff --git a/openssl/crypto/evp/e_aes.c b/openssl/crypto/evp/e_aes.c index 1ede7bd..a4327fc 100644 --- a/openssl/crypto/evp/e_aes.c +++ b/openssl/crypto/evp/e_aes.c @@ -1146,7 +1146,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_CCM_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) + if (c->encrypt && ptr) return 0; if (ptr) { cctx->tag_set = 1; diff --git a/openssl/crypto/opensslconf.h.in b/openssl/crypto/opensslconf.h.in index 97e3745..814309b 100644 --- a/openssl/crypto/opensslconf.h.in +++ b/openssl/crypto/opensslconf.h.in @@ -101,7 +101,7 @@ #endif #if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* Unroll the inner loop, this sometimes helps, sometimes hinders. diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index 84d0bf9..bd66999 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100010ffL +# define OPENSSL_VERSION_NUMBER 0x1000110fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-fips 12 Jun 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-fips 9 Jul 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o 12 Jun 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p 9 Jul 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/pkcs12/p12_kiss.c b/openssl/crypto/pkcs12/p12_kiss.c index ee476c3..9aa3c90 100644 --- a/openssl/crypto/pkcs12/p12_kiss.c +++ b/openssl/crypto/pkcs12/p12_kiss.c @@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, while ((x = sk_X509_pop(ocerts))) { if (pkey && *pkey && cert && !*cert) { + ERR_set_mark(); if (X509_check_private_key(x, *pkey)) { *cert = x; x = NULL; } + ERR_pop_to_mark(); } if (ca && x) { diff --git a/openssl/crypto/threads/mttest.c b/openssl/crypto/threads/mttest.c index 8f67db6..dbff4a6 100644 --- a/openssl/crypto/threads/mttest.c +++ b/openssl/crypto/threads/mttest.c @@ -56,7 +56,6 @@ * [including the GNU Public Licence.] */ -#include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> @@ -86,17 +85,11 @@ #include <openssl/lhash.h> #include <openssl/crypto.h> #include <openssl/buffer.h> -#include "../../e_os.h" #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/rand.h> -#ifdef OPENSSL_NO_FP_API -# define APPS_WIN16 -# include "../buffer/bss_file.c" -#endif - #ifdef OPENSSL_SYS_NETWARE # define TEST_SERVER_CERT "/openssl/apps/server.pem" # define TEST_CLIENT_CERT "/openssl/apps/client.pem" @@ -107,23 +100,23 @@ #define MAX_THREAD_NUMBER 100 -int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs); +int verify_callback(int ok, X509_STORE_CTX *xs); void thread_setup(void); void thread_cleanup(void); void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx); -void irix_locking_callback(int mode, int type, char *file, int line); -void solaris_locking_callback(int mode, int type, char *file, int line); -void win32_locking_callback(int mode, int type, char *file, int line); -void pthreads_locking_callback(int mode, int type, char *file, int line); -void netware_locking_callback(int mode, int type, char *file, int line); +void irix_locking_callback(int mode, int type, const char *file, int line); +void solaris_locking_callback(int mode, int type, const char *file, int line); +void win32_locking_callback(int mode, int type, const char *file, int line); +void pthreads_locking_callback(int mode, int type, const char *file, int line); +void netware_locking_callback(int mode, int type, const char *file, int line); void beos_locking_callback(int mode, int type, const char *file, int line); -unsigned long irix_thread_id(void); -unsigned long solaris_thread_id(void); -unsigned long pthreads_thread_id(void); -unsigned long netware_thread_id(void); -unsigned long beos_thread_id(void); +void irix_thread_id(CRYPTO_THREADID *tid); +void solaris_thread_id(CRYPTO_THREADID *tid); +void pthreads_thread_id(CRYPTO_THREADID *tid); +void netware_thread_id(CRYPTO_THREADID *tid); +void beos_thread_id(CRYPTO_THREADID *tid); #if defined(OPENSSL_SYS_NETWARE) static MPKMutex *lock_cs; @@ -149,39 +142,39 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int doit(char *ctx[4]); -static void print_stats(FILE *fp, SSL_CTX *ctx) +static void print_stats(BIO *bio, SSL_CTX *ctx) { - fprintf(fp, "%4ld items in the session cache\n", - SSL_CTX_sess_number(ctx)); - fprintf(fp, "%4d client connects (SSL_connect())\n", - SSL_CTX_sess_connect(ctx)); - fprintf(fp, "%4d client connects that finished\n", - SSL_CTX_sess_connect_good(ctx)); - fprintf(fp, "%4d server connects (SSL_accept())\n", - SSL_CTX_sess_accept(ctx)); - fprintf(fp, "%4d server connects that finished\n", - SSL_CTX_sess_accept_good(ctx)); - fprintf(fp, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx)); - fprintf(fp, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx)); - fprintf(fp, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx)); + BIO_printf(bio, "%4ld items in the session cache\n", + SSL_CTX_sess_number(ctx)); + BIO_printf(bio, "%4d client connects (SSL_connect())\n", + SSL_CTX_sess_connect(ctx)); + BIO_printf(bio, "%4d client connects that finished\n", + SSL_CTX_sess_connect_good(ctx)); + BIO_printf(bio, "%4d server connects (SSL_accept())\n", + SSL_CTX_sess_accept(ctx)); + BIO_printf(bio, "%4d server connects that finished\n", + SSL_CTX_sess_accept_good(ctx)); + BIO_printf(bio, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx)); + BIO_printf(bio, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx)); + BIO_printf(bio, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx)); } static void sv_usage(void) { - fprintf(stderr, "usage: ssltest [args ...]\n"); - fprintf(stderr, "\n"); - fprintf(stderr, " -server_auth - check server certificate\n"); - fprintf(stderr, " -client_auth - do client authentication\n"); - fprintf(stderr, " -v - more output\n"); - fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); - fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); - fprintf(stderr, " -threads arg - number of threads\n"); - fprintf(stderr, " -loops arg - number of 'connections', per thread\n"); - fprintf(stderr, " -reconnect - reuse session-id's\n"); - fprintf(stderr, " -stats - server session-id cache stats\n"); - fprintf(stderr, " -cert arg - server certificate/key\n"); - fprintf(stderr, " -ccert arg - client certificate/key\n"); - fprintf(stderr, " -ssl3 - just SSLv3n\n"); + BIO_printf(bio_err, "usage: ssltest [args ...]\n"); + BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, " -server_auth - check server certificate\n"); + BIO_printf(bio_err, " -client_auth - do client authentication\n"); + BIO_printf(bio_err, " -v - more output\n"); + BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, " -threads arg - number of threads\n"); + BIO_printf(bio_err, " -loops arg - number of 'connections', per thread\n"); + BIO_printf(bio_err, " -reconnect - reuse session-id's\n"); + BIO_printf(bio_err, " -stats - server session-id cache stats\n"); + BIO_printf(bio_err, " -cert arg - server certificate/key\n"); + BIO_printf(bio_err, " -ccert arg - client certificate/key\n"); + BIO_printf(bio_err, " -ssl3 - just SSLv3n\n"); } int main(int argc, char *argv[]) @@ -195,14 +188,14 @@ int main(int argc, char *argv[]) SSL_CTX *c_ctx = NULL; char *scert = TEST_SERVER_CERT; char *ccert = TEST_CLIENT_CERT; - SSL_METHOD *ssl_method = SSLv23_method(); + const SSL_METHOD *ssl_method = SSLv23_method(); RAND_seed(rnd_seed, sizeof rnd_seed); if (bio_err == NULL) - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + bio_err = BIO_new_fd(2, BIO_NOCLOSE); if (bio_stdout == NULL) - bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE); + bio_stdout = BIO_new_fd(1, BIO_NOCLOSE); argc--; argv++; @@ -250,7 +243,7 @@ int main(int argc, char *argv[]) if (number_of_loops == 0) number_of_loops = 1; } else { - fprintf(stderr, "unknown option %s\n", *argv); + BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; break; } @@ -284,9 +277,12 @@ int main(int argc, char *argv[]) SSL_SESS_CACHE_SERVER); if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) { + BIO_printf(bio_err, "SSL_CTX_use_certificate_file (%s)\n", scert); ERR_print_errors(bio_err); + goto end; } else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) { + BIO_printf(bio_err, "SSL_CTX_use_RSAPrivateKey_file (%s)\n", scert); ERR_print_errors(bio_err); goto end; } @@ -300,19 +296,19 @@ int main(int argc, char *argv[]) (!SSL_CTX_set_default_verify_paths(s_ctx)) || (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(c_ctx))) { - fprintf(stderr, "SSL_load_verify_locations\n"); + BIO_printf(bio_err, "SSL_load_verify_locations\n"); ERR_print_errors(bio_err); goto end; } if (client_auth) { - fprintf(stderr, "client authentication\n"); + BIO_printf(bio_err, "client authentication\n"); SSL_CTX_set_verify(s_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); } if (server_auth) { - fprintf(stderr, "server authentication\n"); + BIO_printf(bio_err, "server authentication\n"); SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback); } @@ -322,24 +318,24 @@ int main(int argc, char *argv[]) end: if (c_ctx != NULL) { - fprintf(stderr, "Client SSL_CTX stats then free it\n"); - print_stats(stderr, c_ctx); + BIO_printf(bio_err, "Client SSL_CTX stats then free it\n"); + print_stats(bio_err, c_ctx); SSL_CTX_free(c_ctx); } if (s_ctx != NULL) { - fprintf(stderr, "Server SSL_CTX stats then free it\n"); - print_stats(stderr, s_ctx); + BIO_printf(bio_err, "Server SSL_CTX stats then free it\n"); + print_stats(bio_err, s_ctx); if (cache_stats) { - fprintf(stderr, "-----\n"); - lh_stats(SSL_CTX_sessions(s_ctx), stderr); - fprintf(stderr, "-----\n"); - /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); - fprintf(stderr,"-----\n"); */ - lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr); - fprintf(stderr, "-----\n"); + BIO_printf(bio_err, "-----\n"); + lh_SSL_SESSION_stats_bio(SSL_CTX_sessions(s_ctx), bio_err); + BIO_printf(bio_err, "-----\n"); + /*- lh_SSL_SESSION_node_stats_bio(SSL_CTX_sessions(s_ctx),bio_err); + BIO_printf(bio_err,"-----\n"); */ + lh_SSL_SESSION_node_usage_stats_bio(SSL_CTX_sessions(s_ctx), bio_err); + BIO_printf(bio_err, "-----\n"); } SSL_CTX_free(s_ctx); - fprintf(stderr, "done free\n"); + BIO_printf(bio_err, "done free\n"); } exit(ret); return (0); @@ -355,6 +351,7 @@ int ndoit(SSL_CTX *ssl_ctx[2]) int i; int ret; char *ctx[4]; + CRYPTO_THREADID thread_id; ctx[0] = (char *)ssl_ctx[0]; ctx[1] = (char *)ssl_ctx[1]; @@ -367,22 +364,24 @@ int ndoit(SSL_CTX *ssl_ctx[2]) ctx[3] = NULL; } - fprintf(stdout, "started thread %lu\n", CRYPTO_thread_id()); + CRYPTO_THREADID_current(&thread_id); + BIO_printf(bio_stdout, "started thread %lu\n", + CRYPTO_THREADID_hash(&thread_id)); for (i = 0; i < number_of_loops; i++) { -/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n", - CRYPTO_thread_id(),i, - ssl_ctx[0]->references, - ssl_ctx[1]->references); */ +/*- BIO_printf(bio_err,"%4d %2d ctx->ref (%3d,%3d)\n", + CRYPTO_THREADID_hash(&thread_id),i, + ssl_ctx[0]->references, + ssl_ctx[1]->references); */ /* pthread_delay_np(&tm); */ ret = doit(ctx); if (ret != 0) { - fprintf(stdout, "error[%d] %lu - %d\n", - i, CRYPTO_thread_id(), ret); + BIO_printf(bio_stdout, "error[%d] %lu - %d\n", + i, CRYPTO_THREADID_hash(&thread_id), ret); return (ret); } } - fprintf(stdout, "DONE %lu\n", CRYPTO_thread_id()); + BIO_printf(bio_stdout, "DONE %lu\n", CRYPTO_THREADID_hash(&thread_id)); if (reconnect) { SSL_free((SSL *)ctx[2]); SSL_free((SSL *)ctx[3]); @@ -467,26 +466,26 @@ int doit(char *ctx[4]) if (do_server && verbose) { if (SSL_in_init(s_ssl)) - printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); + BIO_printf(bio_stdout, "server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); else if (s_write) - printf("server:SSL_write()\n"); + BIO_printf(bio_stdout, "server:SSL_write()\n"); else - printf("server:SSL_read()\n"); + BIO_printf(bio_stdout, "server:SSL_read()\n"); } if (do_client && verbose) { if (SSL_in_init(c_ssl)) - printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); + BIO_printf(bio_stdout, "client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); else if (c_write) - printf("client:SSL_write()\n"); + BIO_printf(bio_stdout, "client:SSL_write()\n"); else - printf("client:SSL_read()\n"); + BIO_printf(bio_stdout, "client:SSL_read()\n"); } if (!do_client && !do_server) { - fprintf(stdout, "ERROR IN STARTUP\n"); + BIO_printf(bio_stdout, "ERROR IN STARTUP\n"); break; } if (do_client && !(done & C_DONE)) { @@ -501,12 +500,12 @@ int doit(char *ctx[4]) if (BIO_should_write(c_bio)) c_w = 1; } else { - fprintf(stderr, "ERROR in CLIENT\n"); + BIO_printf(bio_err, "ERROR in CLIENT\n"); ERR_print_errors_fp(stderr); return (1); } } else if (i == 0) { - fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n"); return (1); } else { /* ok */ @@ -523,19 +522,19 @@ int doit(char *ctx[4]) if (BIO_should_write(c_bio)) c_w = 1; } else { - fprintf(stderr, "ERROR in CLIENT\n"); + BIO_printf(bio_err, "ERROR in CLIENT\n"); ERR_print_errors_fp(stderr); return (1); } } else if (i == 0) { - fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n"); return (1); } else { done |= C_DONE; #ifdef undef - fprintf(stdout, "CLIENT:from server:"); - fwrite(cbuf, 1, i, stdout); - fflush(stdout); + BIO_printf(bio_stdout, "CLIENT:from server:"); + BIO_write(bio_stdout, cbuf, i); + BIO_flush(bio_stdout); #endif } } @@ -553,20 +552,20 @@ int doit(char *ctx[4]) if (BIO_should_write(s_bio)) s_w = 1; } else { - fprintf(stderr, "ERROR in SERVER\n"); + BIO_printf(bio_err, "ERROR in SERVER\n"); ERR_print_errors_fp(stderr); return (1); } } else if (i == 0) { - fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n"); return (1); } else { s_write = 1; s_w = 1; #ifdef undef - fprintf(stdout, "SERVER:from client:"); - fwrite(sbuf, 1, i, stdout); - fflush(stdout); + BIO_printf(bio_stdout, "SERVER:from client:"); + BIO_write(bio_stdout, sbuf, i); + BIO_flush(bio_stdout); #endif } } else { @@ -580,12 +579,12 @@ int doit(char *ctx[4]) if (BIO_should_write(s_bio)) s_w = 1; } else { - fprintf(stderr, "ERROR in SERVER\n"); + BIO_printf(bio_err, "ERROR in SERVER\n"); ERR_print_errors_fp(stderr); return (1); } } else if (i == 0) { - fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n"); return (1); } else { s_write = 0; @@ -606,7 +605,7 @@ int doit(char *ctx[4]) SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); #ifdef undef - fprintf(stdout, "DONE\n"); + BIO_printf(bio_stdout, "DONE\n"); #endif err: /* @@ -640,7 +639,7 @@ int doit(char *ctx[4]) return (0); } -int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) +int verify_callback(int ok, X509_STORE_CTX *ctx) { char *s, buf[256]; @@ -649,9 +648,9 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) buf, 256); if (s != NULL) { if (ok) - fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf); + BIO_printf(bio_err, "depth=%d %s\n", ctx->error_depth, buf); else - fprintf(stderr, "depth=%d error=%d %s\n", + BIO_printf(bio_err, "depth=%d error=%d %s\n", ctx->error_depth, ctx->error, buf); } } @@ -688,7 +687,7 @@ void thread_cleanup(void) OPENSSL_free(lock_cs); } -void win32_locking_callback(int mode, int type, char *file, int line) +void win32_locking_callback(int mode, int type, const char *file, int line) { if (mode & CRYPTO_LOCK) { WaitForSingleObject(lock_cs[type], INFINITE); @@ -717,7 +716,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) (void *)ssl_ctx, 0L, &(thread_id[i])); } - printf("reaping\n"); + BIO_printf(bio_stdout, "reaping\n"); for (i = 0; i < thread_number; i += 50) { int j; @@ -727,7 +726,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) (CONST HANDLE *) & (thread_handle[i]), TRUE, INFINITE) == WAIT_FAILED) { - fprintf(stderr, "WaitForMultipleObjects failed:%d\n", + BIO_printf(bio_err, "WaitForMultipleObjects failed:%d\n", GetLastError()); exit(1); } @@ -743,7 +742,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) ret = (ret + end.wSecond - start.wSecond); ret += (end.wMilliseconds - start.wMilliseconds) / 1000.0; - printf("win32 threads done - %.3f seconds\n", ret); + BIO_printf(bio_stdout, "win32 threads done - %.3f seconds\n", ret); } #endif /* OPENSSL_SYS_WIN32 */ @@ -768,8 +767,8 @@ void thread_setup(void) mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL); } - CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id); - CRYPTO_set_locking_callback((void (*)())solaris_locking_callback); + CRYPTO_set_id_callback(solaris_thread_id); + CRYPTO_set_locking_callback(solaris_locking_callback); } void thread_cleanup(void) @@ -778,34 +777,34 @@ void thread_cleanup(void) CRYPTO_set_locking_callback(NULL); - fprintf(stderr, "cleanup\n"); + BIO_printf(bio_err, "cleanup\n"); for (i = 0; i < CRYPTO_num_locks(); i++) { /* rwlock_destroy(&(lock_cs[i])); */ mutex_destroy(&(lock_cs[i])); - fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); + BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); } OPENSSL_free(lock_cs); OPENSSL_free(lock_count); - fprintf(stderr, "done cleanup\n"); + BIO_printf(bio_err, "done cleanup\n"); } -void solaris_locking_callback(int mode, int type, char *file, int line) +void solaris_locking_callback(int mode, int type, const char *file, int line) { # ifdef undef - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); + BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n", + CRYPTO_thread_id(), + (mode & CRYPTO_LOCK) ? "l" : "u", + (type & CRYPTO_READ) ? "r" : "w", file, line); # endif /*- if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); + BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n", + CRYPTO_thread_id(), + mode,file,line); */ if (mode & CRYPTO_LOCK) { /*- @@ -837,21 +836,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) (void *(*)())ndoit, (void *)ssl_ctx, 0L, &(thread_ctx[i])); } - printf("reaping\n"); + BIO_printf(bio_stdout, "reaping\n"); for (i = 0; i < thread_number; i++) { thr_join(thread_ctx[i], NULL, NULL); } - printf("solaris threads done (%d,%d)\n", - s_ctx->references, c_ctx->references); +#if 0 /* We can't currently find out the reference amount */ + BIO_printf(bio_stdout, "solaris threads done (%d,%d)\n", + s_ctx->references, c_ctx->references); +#else + BIO_printf(bio_stdout, "solaris threads done\n"); +#endif } -unsigned long solaris_thread_id(void) +void solaris_thread_id(CRYPTO_THREADID *tid) { - unsigned long ret; - - ret = (unsigned long)thr_self(); - return (ret); + CRYPTO_THREADID_set_numeric((unsigned long)thr_self()); } #endif /* SOLARIS */ @@ -880,8 +880,8 @@ void thread_setup(void) lock_cs[i] = usnewsema(arena, 1); } - CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id); - CRYPTO_set_locking_callback((void (*)())irix_locking_callback); + CRYPTO_set_id_callback(irix_thread_id); + CRYPTO_set_locking_callback(irix_locking_callback); } void thread_cleanup(void) @@ -899,13 +899,13 @@ void thread_cleanup(void) OPENSSL_free(lock_cs); } -void irix_locking_callback(int mode, int type, char *file, int line) +void irix_locking_callback(int mode, int type, const char *file, int line) { if (mode & CRYPTO_LOCK) { - printf("lock %d\n", type); + BIO_printf(bio_stdout, "lock %d\n", type); uspsema(lock_cs[type]); } else { - printf("unlock %d\n", type); + BIO_printf(bio_stdout, "unlock %d\n", type); usvsema(lock_cs[type]); } } @@ -924,21 +924,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) PR_SADDR | PR_SFDS, (void *)ssl_ctx); } - printf("reaping\n"); + BIO_printf(bio_stdout, "reaping\n"); for (i = 0; i < thread_number; i++) { wait(NULL); } - printf("irix threads done (%d,%d)\n", - s_ctx->references, c_ctx->references); +#if 0 /* We can't currently find out the reference amount */ + BIO_printf(bio_stdout, "irix threads done (%d,%d)\n", + s_ctx->references, c_ctx->references); +#else + BIO_printf(bio_stdout, "irix threads done\n"); +#endif } unsigned long irix_thread_id(void) { - unsigned long ret; - - ret = (unsigned long)getpid(); - return (ret); + CRYPTO_THREADID_set_numeric((unsigned long)getpid()); } #endif /* IRIX */ @@ -958,8 +959,8 @@ void thread_setup(void) pthread_mutex_init(&(lock_cs[i]), NULL); } - CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); - CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); + CRYPTO_THREADID_set_callback(pthreads_thread_id); + CRYPTO_set_locking_callback(pthreads_locking_callback); } void thread_cleanup(void) @@ -967,30 +968,30 @@ void thread_cleanup(void) int i; CRYPTO_set_locking_callback(NULL); - fprintf(stderr, "cleanup\n"); + BIO_printf(bio_err, "cleanup\n"); for (i = 0; i < CRYPTO_num_locks(); i++) { pthread_mutex_destroy(&(lock_cs[i])); - fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); + BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); } OPENSSL_free(lock_cs); OPENSSL_free(lock_count); - fprintf(stderr, "done cleanup\n"); + BIO_printf(bio_err, "done cleanup\n"); } -void pthreads_locking_callback(int mode, int type, char *file, int line) +void pthreads_locking_callback(int mode, int type, const char *file, int line) { # ifdef undef - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); + BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n", + CRYPTO_thread_id(), + (mode & CRYPTO_LOCK) ? "l" : "u", + (type & CRYPTO_READ) ? "r" : "w", file, line); # endif /*- if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); + BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n", + CRYPTO_thread_id(), + mode,file,line); */ if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); @@ -1017,21 +1018,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) (void *(*)())ndoit, (void *)ssl_ctx); } - printf("reaping\n"); + BIO_printf(bio_stdout, "reaping\n"); for (i = 0; i < thread_number; i++) { pthread_join(thread_ctx[i], NULL); } - printf("pthreads threads done (%d,%d)\n", - s_ctx->references, c_ctx->references); +#if 0 /* We can't currently find out the reference amount */ + BIO_printf(bio_stdout, "pthreads threads done (%d,%d)\n", + s_ctx->references, c_ctx->references); +#else + BIO_printf(bio_stdout, "pthreads threads done\n"); +#endif } -unsigned long pthreads_thread_id(void) +void pthreads_thread_id(CRYPTO_THREADID *tid) { - unsigned long ret; - - ret = (unsigned long)pthread_self(); - return (ret); + CRYPTO_THREADID_set_numeric(tid, (unsigned long)pthread_self()); } #endif /* PTHREADS */ @@ -1051,8 +1053,8 @@ void thread_setup(void) ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0); - CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id); - CRYPTO_set_locking_callback((void (*)())netware_locking_callback); + CRYPTO_set_id_callback(netware_thread_id); + CRYPTO_set_locking_callback(netware_locking_callback); } void thread_cleanup(void) @@ -1061,21 +1063,21 @@ void thread_cleanup(void) CRYPTO_set_locking_callback(NULL); - fprintf(stdout, "thread_cleanup\n"); + BIO_printf(bio_stdout, "thread_cleanup\n"); for (i = 0; i < CRYPTO_num_locks(); i++) { MPKMutexFree(lock_cs[i]); - fprintf(stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); + BIO_printf(bio_stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); } OPENSSL_free(lock_cs); OPENSSL_free(lock_count); MPKSemaphoreFree(ThreadSem); - fprintf(stdout, "done cleanup\n"); + BIO_printf(bio_stdout, "done cleanup\n"); } -void netware_locking_callback(int mode, int type, char *file, int line) +void netware_locking_callback(int mode, int type, const char *file, int line) { if (mode & CRYPTO_LOCK) { MPKMutexLock(lock_cs[type]); @@ -1097,22 +1099,23 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) ThreadSwitchWithDelay(); } - printf("reaping\n"); + BIO_printf(bio_stdout, "reaping\n"); /* loop until all threads have signaled the semaphore */ for (i = 0; i < thread_number; i++) { MPKSemaphoreWait(ThreadSem); } - printf("netware threads done (%d,%d)\n", - s_ctx->references, c_ctx->references); +#if 0 /* We can't currently find out the reference amount */ + BIO_printf(bio_stdout, "netware threads done (%d,%d)\n", + s_ctx->references, c_ctx->references); +#else + BIO_printf(bio_stdout, "netware threads done\n"); +#endif } unsigned long netware_thread_id(void) { - unsigned long ret; - - ret = (unsigned long)GetThreadID(); - return (ret); + CRYPTO_THREADID_set_numeric((unsigned long)GetThreadID()); } #endif /* NETWARE */ @@ -1144,24 +1147,24 @@ void thread_cleanup(void) int i; CRYPTO_set_locking_callback(NULL); - fprintf(stderr, "cleanup\n"); + BIO_printf(bio_err, "cleanup\n"); for (i = 0; i < CRYPTO_num_locks(); i++) { delete lock_cs[i]; - fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); + BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i)); } OPENSSL_free(lock_cs); OPENSSL_free(lock_count); - fprintf(stderr, "done cleanup\n"); + BIO_printf(bio_err, "done cleanup\n"); } void beos_locking_callback(int mode, int type, const char *file, int line) { # if 0 - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); + BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n", + CRYPTO_thread_id(), + (mode & CRYPTO_LOCK) ? "l" : "u", + (type & CRYPTO_READ) ? "r" : "w", file, line); # endif if (mode & CRYPTO_LOCK) { lock_cs[type]->Lock(); @@ -1187,14 +1190,14 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) resume_thread(thread_ctx[i]); } - printf("waiting...\n"); + BIO_printf(bio_stdout, "waiting...\n"); for (i = 0; i < thread_number; i++) { status_t result; wait_for_thread(thread_ctx[i], &result); } - printf("beos threads done (%d,%d)\n", - s_ctx->references, c_ctx->references); + BIO_printf(bio_stdout, "beos threads done (%d,%d)\n", + s_ctx->references, c_ctx->references); } unsigned long beos_thread_id(void) diff --git a/openssl/crypto/threads/pthread2.sh b/openssl/crypto/threads/pthread2.sh index 41264c6..ec945c4 100644 --- a/openssl/crypto/threads/pthread2.sh +++ b/openssl/crypto/threads/pthread2.sh @@ -3,5 +3,4 @@ # build using pthreads where it's already built into the system # /bin/rm -f mttest -gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread - +gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread -ldl diff --git a/openssl/crypto/x509/Makefile b/openssl/crypto/x509/Makefile index af3c255..aac3ece 100644 --- a/openssl/crypto/x509/Makefile +++ b/openssl/crypto/x509/Makefile @@ -13,7 +13,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README -TEST= +TEST=verify_extra_test.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/openssl/crypto/x509/verify_extra_test.c b/openssl/crypto/x509/verify_extra_test.c new file mode 100644 index 0000000..a1e41f2 --- /dev/null +++ b/openssl/crypto/x509/verify_extra_test.c @@ -0,0 +1,209 @@ +/* + * Written by Matt Caswell for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <openssl/crypto.h> +#include <openssl/bio.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/err.h> + +static STACK_OF(X509) *load_certs_from_file(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +/* + * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) + * + * Chain is as follows: + * + * rootCA (self-signed) + * | + * interCA + * | + * subinterCA subinterCA (self-signed) + * | | + * leaf ------------------ + * | + * bad + * + * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE + * leaf and bad have CA=FALSE + * + * subinterCA and subinterCA (ss) have the same subject name and keys + * + * interCA (but not rootCA) and subinterCA (ss) are in the trusted store + * (roots.pem) + * leaf and subinterCA are in the untrusted list (untrusted.pem) + * bad is the certificate being verified (bad.pem) + * + * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has + * CA=FALSE, and will therefore incorrectly verify bad + * + */ +static int test_alt_chains_cert_forgery(void) +{ + int ret = 0; + int i; + X509 *x = NULL; + STACK_OF(X509) *untrusted = NULL; + BIO *bio = NULL; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM)) + goto err; + + untrusted = load_certs_from_file("certs/untrusted.pem"); + + if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL) + goto err; + + if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + goto err; + + sctx = X509_STORE_CTX_new(); + if (sctx == NULL) + goto err; + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if(i == 0 && X509_STORE_CTX_get_error(sctx) + == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) { + /* This is the result we were expecting: Test passed */ + ret = 1; + } + err: + X509_STORE_CTX_free(sctx); + X509_free(x); + BIO_free(bio); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + + if (!test_alt_chains_cert_forgery()) { + fprintf(stderr, "Test alt chains cert forgery failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/openssl/crypto/x509/x509_vfy.c b/openssl/crypto/x509/x509_vfy.c index 16db4c0..7009ae6 100644 --- a/openssl/crypto/x509/x509_vfy.c +++ b/openssl/crypto/x509/x509_vfy.c @@ -162,6 +162,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify a cert. We + * cannot do another one. + */ + X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } cb = ctx->verify_cb; @@ -169,15 +177,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (ctx->chain == NULL) { - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); - ctx->last_untrusted = 1; + if (((ctx->chain = sk_X509_new_null()) == NULL) || + (!sk_X509_push(ctx->chain, ctx->cert))) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto end; } + CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL @@ -306,7 +312,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * if the user hasn't switched off alternate chain checking */ retry = 0; - if (j == ctx->last_untrusted && + if (num == ctx->last_untrusted && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { while (j-- > 1) { xtmp2 = sk_X509_value(ctx->chain, j - 1); @@ -328,8 +334,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) xtmp = sk_X509_pop(ctx->chain); X509_free(xtmp); num--; - ctx->last_untrusted--; } + ctx->last_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } diff --git a/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod index c8a8128..109f561 100644 --- a/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos> should initially be set to -1. If there are no more entries -1 is returned. +If B<nid> is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B<name>. @@ -63,6 +64,10 @@ The list of all relevant B<NID_*> and B<OBJ_* codes> can be found in the source code header files E<lt>openssl/obj_mac.hE<gt> and/or E<lt>openssl/objects.hE<gt>. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -95,6 +100,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries. diff --git a/openssl/doc/crypto/X509_STORE_CTX_new.pod b/openssl/doc/crypto/X509_STORE_CTX_new.pod index b17888f..eb38b0a 100644 --- a/openssl/doc/crypto/X509_STORE_CTX_new.pod +++ b/openssl/doc/crypto/X509_STORE_CTX_new.pod @@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx> is no longer valid. X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation. -The trusted certificate store is set to B<store>, the end entity certificate -to be verified is set to B<x509> and a set of additional certificates (which -will be untrusted but may be used to build the chain) in B<chain>. Any or -all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>. +It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to B<store>, the end +entity certificate to be verified is set to B<x509> and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be +B<NULL>. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx> to B<sk>. This is an alternative way of specifying trusted certificates diff --git a/openssl/doc/crypto/X509_verify_cert.pod b/openssl/doc/crypto/X509_verify_cert.pod index 5253bdc..a22e441 100644 --- a/openssl/doc/crypto/X509_verify_cert.pod +++ b/openssl/doc/crypto/X509_verify_cert.pod @@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code. The negative return value from X509_verify_cert() can only occur if no -certificate is set in B<ctx> (due to a programming error) or if a retry +certificate is set in B<ctx> (due to a programming error); if X509_verify_cert() +twice without reinitialising B<ctx> in between; or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). It is however recommended that application check for <= 0 return value on error. diff --git a/openssl/openssl.spec b/openssl/openssl.spec index 3e8f3a9..67a6074 100644 --- a/openssl/openssl.spec +++ b/openssl/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl #Version: %{libmaj}.%{libmin}.%{librel} -Version: 1.0.1o +Version: 1.0.1p Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 0879a0f..35ad121 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1]; - param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); @@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* - * If received PSK identity hint contains NULL characters, the hint - * is truncated from the first NULL. p may not be ending with NULL, - * so create a NULL-terminated string. - */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s) } memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 9aa3292..3a5f71d 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -2792,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err; diff --git a/openssl/test/Makefile b/openssl/test/Makefile index 0ee4ec2..eca1400 100644 --- a/openssl/test/Makefile +++ b/openssl/test/Makefile @@ -66,6 +66,7 @@ SRPTEST= srptest ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test +VERIFYEXTRATEST= verify_extra_test TESTS= alltests @@ -77,7 +78,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ - $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) + $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -90,7 +91,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -100,7 +101,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(HEARTBEATTEST).c $(CONSTTIMETEST).c + $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c EXHEADER= HEADER= $(EXHEADER) @@ -143,7 +144,7 @@ alltests: \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ - test_jpake test_srp test_cms test_heartbeat test_constant_time + test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -334,6 +335,10 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) @echo "Test constant time utilites" ../util/shlib_wrap.sh ./$(CONSTTIMETEST) +test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -502,6 +507,9 @@ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o @target=$(CONSTTIMETEST) $(BUILD_CMD) +$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o + @target=$(VERIFYEXTRATEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -792,6 +800,21 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.o: ../include/openssl/x509v3.h ssltest.c +verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +verify_extra_test.o: ../include/openssl/objects.h +verify_extra_test.o: ../include/openssl/opensslconf.h +verify_extra_test.o: ../include/openssl/opensslv.h +verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify_extra_test.o: verify_extra_test.c wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/openssl/test/certs/bad.key b/openssl/test/certs/bad.key new file mode 100644 index 0000000..4708495 --- /dev/null +++ b/openssl/test/certs/bad.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi +HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL +fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ +n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh +7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6 +y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R +452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO ++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/ +rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9 +ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr +5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF +XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr +YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC +PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw +MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ +AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR +Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf +pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP +kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH ++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur +WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi +njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR +R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR +8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP +RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA= +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/certs/bad.pem b/openssl/test/certs/bad.pem new file mode 100644 index 0000000..8769231 --- /dev/null +++ b/openssl/test/certs/bad.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN +MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi +YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8 +nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp +bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh +twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB +cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb +Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm +ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4 +9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht +OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H +pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR +VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ +ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ +O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE +-----END CERTIFICATE----- diff --git a/openssl/test/certs/interCA.key b/openssl/test/certs/interCA.key new file mode 100644 index 0000000..c32fe26 --- /dev/null +++ b/openssl/test/certs/interCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q +xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl +oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ +vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj +m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ +T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC +cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww +CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V +PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676 +X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO +674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ +Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW +EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L +/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w +Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay +ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm +R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af +N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F +kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr +fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc +YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu +DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U +fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT ++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe +nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/certs/interCA.pem b/openssl/test/certs/interCA.pem new file mode 100644 index 0000000..35568ab --- /dev/null +++ b/openssl/test/certs/interCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/openssl/test/certs/leaf.key b/openssl/test/certs/leaf.key new file mode 100644 index 0000000..a1b1721 --- /dev/null +++ b/openssl/test/certs/leaf.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1 +sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs +0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR +yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2 +QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F +auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT +uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX +aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4 +m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn +q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd +vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5 +BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE +L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd +v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86 +Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D +lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG +UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz +1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu +z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt +nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ +C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF +RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O +IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ +IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh +t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg== +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/certs/leaf.pem b/openssl/test/certs/leaf.pem new file mode 100644 index 0000000..bb94d12 --- /dev/null +++ b/openssl/test/certs/leaf.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/openssl/test/certs/rootCA.key b/openssl/test/certs/rootCA.key new file mode 100644 index 0000000..527f3ad --- /dev/null +++ b/openssl/test/certs/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/ +m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD +Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7 +w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM +uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV +ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE +qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL +GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH +g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM +VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj +/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH +bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+ +LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz +YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6 +Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ +iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1 +uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude +8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP +Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh +Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5 +VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ +f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH +mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T +xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g +AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ== +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/certs/rootCA.pem b/openssl/test/certs/rootCA.pem new file mode 100644 index 0000000..ef73d00 --- /dev/null +++ b/openssl/test/certs/rootCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/openssl/test/certs/roots.pem b/openssl/test/certs/roots.pem new file mode 100644 index 0000000..0bc6912 --- /dev/null +++ b/openssl/test/certs/roots.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/openssl/test/certs/subinterCA-ss.pem b/openssl/test/certs/subinterCA-ss.pem new file mode 100644 index 0000000..a436b4b --- /dev/null +++ b/openssl/test/certs/subinterCA-ss.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/openssl/test/certs/subinterCA.key b/openssl/test/certs/subinterCA.key new file mode 100644 index 0000000..c867af9 --- /dev/null +++ b/openssl/test/certs/subinterCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb +2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n +JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C +pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy +wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF +HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg +nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO +ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd +SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5 +P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH +VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX +lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh +ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z +uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g +5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im +S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4 +hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS +zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc +cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7 +M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1 +sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW +aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s +5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu +ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S +zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c= +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/certs/subinterCA.pem b/openssl/test/certs/subinterCA.pem new file mode 100644 index 0000000..2cdf480 --- /dev/null +++ b/openssl/test/certs/subinterCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- diff --git a/openssl/test/certs/untrusted.pem b/openssl/test/certs/untrusted.pem new file mode 100644 index 0000000..d93d312 --- /dev/null +++ b/openssl/test/certs/untrusted.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/openssl/test/testssl b/openssl/test/testssl index b9b86b3..261097b 100644 --- a/openssl/test/testssl +++ b/openssl/test/testssl @@ -120,16 +120,15 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 test_cipher() { - local cipher=$1 - local protocol=$2 - echo "Testing $cipher" + _cipher=$1 + echo "Testing $_cipher" prot="" - if [ $protocol = "SSLv3" ] ; then + if [ $2 = "SSLv3" ] ; then prot="-ssl3" fi - $ssltest -cipher $cipher $prot + $ssltest -cipher $_cipher $prot if [ $? -ne 0 ] ; then - echo "Failed $cipher" + echo "Failed $_cipher" exit 1 fi } @@ -199,16 +198,16 @@ if ../util/shlib_wrap.sh ../apps/openssl no-srp; then echo skipping SRP tests else echo test tls1 with SRP - $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 + $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 echo test tls1 with SRP via BIO pair - $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 + $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 echo test tls1 with SRP auth - $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 + $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 echo test tls1 with SRP auth via BIO pair - $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 + $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 fi exit 0 diff --git a/openssl/test/verify_extra_test.c b/openssl/test/verify_extra_test.c new file mode 120000 index 0000000..11d837c --- /dev/null +++ b/openssl/test/verify_extra_test.c @@ -0,0 +1 @@ +../crypto/x509/verify_extra_test.c \ No newline at end of file diff --git a/packages.txt b/packages.txt index 4d7311c..43324a0 100644 --- a/packages.txt +++ b/packages.txt @@ -66,7 +66,7 @@ libxcb git version libxkbfile-1.0.8 mesa git version mkfontscale git version -openssl-1.0.1o +openssl-1.0.1p pixman git version presentproto-1.0 pthreads-w32 cvs version diff --git a/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt b/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt index 27825ea..780e581 100644 --- a/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt +++ b/releasenotes/releasenote_1.15.2.8.x2go+arctica.txt @@ -1,5 +1,7 @@ Changes in 1.15.2.8 (X2Go/Arctica Builds) ------------------- +Update the following packages: + openssl 1.0.1o -> 1.0.1p Changes in 1.15.2.7 (X2Go/Arctica Builds) ------------------- -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.15.2.8 in repository vcxsrv. commit 719332a134ccfe63ba90a8a70ad3ffee7e7a5d89 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sat Jun 27 19:26:02 2015 -0400 Replace various "VENDOR" strings for X2Go/Arctica --- xorg-server/include/site.h | 2 +- xorg-server/include/version-config.h | 2 +- xorg-server/include/xwin-config.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xorg-server/include/site.h b/xorg-server/include/site.h index 52a5e83..efd8b44 100644 --- a/xorg-server/include/site.h +++ b/xorg-server/include/site.h @@ -51,7 +51,7 @@ SOFTWARE. * server executable. */ #ifndef VENDOR_STRING -#define VENDOR_STRING "HC-Consult" +#define VENDOR_STRING "The X2Go and Arctica Projects" #endif /* diff --git a/xorg-server/include/version-config.h b/xorg-server/include/version-config.h index b8d482c..db18128 100644 --- a/xorg-server/include/version-config.h +++ b/xorg-server/include/version-config.h @@ -7,7 +7,7 @@ #undef VENDOR_MAN_VERSION /* Vendor name */ -#define VENDOR_NAME "HC-Consult" +#define VENDOR_NAME "The X2Go and Arctica Projects" /* Vendor release */ #define VENDOR_RELEASE XORG_VERSION_CURRENT diff --git a/xorg-server/include/xwin-config.h b/xorg-server/include/xwin-config.h index e6c4488..9617b81 100644 --- a/xorg-server/include/xwin-config.h +++ b/xorg-server/include/xwin-config.h @@ -21,10 +21,10 @@ /* #undef _XSERVER64 */ /* Short vendor name */ -#define XVENDORNAMESHORT "VcXsrv" +#define XVENDORNAMESHORT "VcXsrv-X2Go/Arctica" /* Vendor web address for support */ -#define __VENDORDWEBSUPPORT__ "http://www.hc-consult.be/" +#define __VENDORDWEBSUPPORT__ "https://github.com/ArcticaProject/vcxsrv/issues" /* Location of system.XWinrc */ #define SYSCONFDIR "." -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git