FFFTPのソースコードです。
Revision | 8a99c5529bb8702acca4ebf2dd764a4cb7acaaad (tree) |
---|---|
Zeit | 2016-09-27 20:59:04 |
Autor | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.1.0b.
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0 | ||
242 | 242 | BEGIN |
243 | 243 | DEFPUSHBUTTON "OK",IDOK,133,294,50,14 |
244 | 244 | ICON ffftp,-1,7,4,20,20 |
245 | - CTEXT "FFFTP Ver 1.99a-20160924",-1,113,11,90,8 | |
245 | + CTEXT "FFFTP Ver 1.99a-20160927",-1,113,11,90,8 | |
246 | 246 | CTEXT "FFFTPはfreewareです",-1,7,279,305,8 |
247 | 247 | CTEXT "Copyright(C) 1997-2010 Sota & ご協力いただいた方々\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, うなー, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ふうせん)",-1,7,25,305,44,SS_NOPREFIX |
248 | 248 | CTEXT "",ABOUT_JRE,7,96,305,8 |
@@ -2213,8 +2213,8 @@ nodrop_csr CURSOR "nodrop_c.cur" | ||
2213 | 2213 | // |
2214 | 2214 | |
2215 | 2215 | VS_VERSION_INFO VERSIONINFO |
2216 | - FILEVERSION 1,99,1,6 | |
2217 | - PRODUCTVERSION 1,99,1,6 | |
2216 | + FILEVERSION 1,99,1,7 | |
2217 | + PRODUCTVERSION 1,99,1,7 | |
2218 | 2218 | FILEFLAGSMASK 0x3fL |
2219 | 2219 | #ifdef _DEBUG |
2220 | 2220 | FILEFLAGS 0x1L |
@@ -2232,12 +2232,12 @@ BEGIN | ||
2232 | 2232 | VALUE "Comments", "これはフリーソフトウエアです。" |
2233 | 2233 | VALUE "CompanyName", "Sota, FFFTP Project" |
2234 | 2234 | VALUE "FileDescription", "FFFTP" |
2235 | - VALUE "FileVersion", "1, 99, 1, 6" | |
2235 | + VALUE "FileVersion", "1, 99, 1, 7" | |
2236 | 2236 | VALUE "InternalName", "FFFTP" |
2237 | 2237 | VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & ご協力いただいた方々\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, うなー, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ふうせん)." |
2238 | 2238 | VALUE "OriginalFilename", "FFFTP.exe" |
2239 | 2239 | VALUE "ProductName", "FFFTP" |
2240 | - VALUE "ProductVersion", "1, 99, 1, 6" | |
2240 | + VALUE "ProductVersion", "1, 99, 1, 7" | |
2241 | 2241 | END |
2242 | 2242 | END |
2243 | 2243 | BLOCK "VarFileInfo" |
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0 | ||
242 | 242 | BEGIN |
243 | 243 | DEFPUSHBUTTON "OK",IDOK,132,296,50,14 |
244 | 244 | ICON ffftp,-1,7,4,20,20 |
245 | - CTEXT "FFFTP Ver 1.99a-20160924",-1,110,11,90,8 | |
245 | + CTEXT "FFFTP Ver 1.99a-20160927",-1,110,11,90,8 | |
246 | 246 | CTEXT "FFFTP is freeware",-1,7,281,301,8 |
247 | 247 | CTEXT "Copyright(C) 1997-2010 Sota && cooperators\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)",-1,7,25,301,44 |
248 | 248 | CTEXT "",ABOUT_JRE,7,93,301,8 |
@@ -2253,8 +2253,8 @@ nodrop_csr CURSOR "nodrop_c.cur" | ||
2253 | 2253 | // |
2254 | 2254 | |
2255 | 2255 | VS_VERSION_INFO VERSIONINFO |
2256 | - FILEVERSION 1,99,1,6 | |
2257 | - PRODUCTVERSION 1,99,1,6 | |
2256 | + FILEVERSION 1,99,1,7 | |
2257 | + PRODUCTVERSION 1,99,1,7 | |
2258 | 2258 | FILEFLAGSMASK 0x3fL |
2259 | 2259 | #ifdef _DEBUG |
2260 | 2260 | FILEFLAGS 0x1L |
@@ -2272,12 +2272,12 @@ BEGIN | ||
2272 | 2272 | VALUE "Comments", "This software is Free Software" |
2273 | 2273 | VALUE "CompanyName", "Sota, FFFTP Project" |
2274 | 2274 | VALUE "FileDescription", "FFFTP" |
2275 | - VALUE "FileVersion", "1, 99, 1, 6" | |
2275 | + VALUE "FileVersion", "1, 99, 1, 7" | |
2276 | 2276 | VALUE "InternalName", "FFFTP" |
2277 | 2277 | VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & cooperators\nCopyright (C) 2011-2016 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)." |
2278 | 2278 | VALUE "OriginalFilename", "FFFTP.exe" |
2279 | 2279 | VALUE "ProductName", "FFFTP" |
2280 | - VALUE "ProductVersion", "1, 99, 1, 6" | |
2280 | + VALUE "ProductVersion", "1, 99, 1, 7" | |
2281 | 2281 | END |
2282 | 2282 | END |
2283 | 2283 | BLOCK "VarFileInfo" |
@@ -72,16 +72,16 @@ | ||
72 | 72 | //#define PROGRAM_VERSION_NUM 1972 /* バージョン */ |
73 | 73 | // 64ビット対応 |
74 | 74 | #ifdef _WIN64 |
75 | -#define VER_STR "1.99a-20160924 64bit" | |
75 | +#define VER_STR "1.99a-20160927 64bit" | |
76 | 76 | #else |
77 | -#define VER_STR "1.99a-20160924" | |
77 | +#define VER_STR "1.99a-20160927" | |
78 | 78 | #endif |
79 | 79 | #define VER_NUM 1990 /* 設定バージョン */ |
80 | 80 | #define PROGRAM_VERSION_NUM 1990 /* バージョン */ |
81 | 81 | // ソフトウェア自動更新 |
82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
84 | -#define RELEASE_VERSION_NUM 2016092400 /* リリースバージョン */ | |
84 | +#define RELEASE_VERSION_NUM 2016092700 /* リリースバージョン */ | |
85 | 85 | |
86 | 86 | |
87 | 87 | // SourceForge.JPによるフォーク |
@@ -2,6 +2,23 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.1.0a and 1.1.0b [26 Sep 2016] | |
6 | + | |
7 | + *) Fix Use After Free for large message sizes | |
8 | + | |
9 | + The patch applied to address CVE-2016-6307 resulted in an issue where if a | |
10 | + message larger than approx 16k is received then the underlying buffer to | |
11 | + store the incoming message is reallocated and moved. Unfortunately a | |
12 | + dangling pointer to the old location is left which results in an attempt to | |
13 | + write to the previously freed location. This is likely to result in a | |
14 | + crash, however it could potentially lead to execution of arbitrary code. | |
15 | + | |
16 | + This issue only affects OpenSSL 1.1.0a. | |
17 | + | |
18 | + This issue was reported to OpenSSL by Robert Święcki. | |
19 | + (CVE-2016-6309) | |
20 | + [Matt Caswell] | |
21 | + | |
5 | 22 | Changes between 1.1.0 and 1.1.0a [22 Sep 2016] |
6 | 23 | |
7 | 24 | *) OCSP Status Request extension unbounded memory growth |
@@ -5,6 +5,10 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] | |
9 | + | |
10 | + o Fix Use After Free for large message sizes (CVE-2016-6309) | |
11 | + | |
8 | 12 | Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] |
9 | 13 | |
10 | 14 | o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.1.0a 22 Sep 2016 | |
2 | + OpenSSL 1.1.0b 26 Sep 2016 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2016 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -39,11 +39,11 @@ extern "C" { | ||
39 | 39 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
40 | 40 | * major minor fix final patch/beta) |
41 | 41 | */ |
42 | -# define OPENSSL_VERSION_NUMBER 0x1010001fL | |
42 | +# define OPENSSL_VERSION_NUMBER 0x1010002fL | |
43 | 43 | # ifdef OPENSSL_FIPS |
44 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0a-fips 22 Sep 2016" | |
44 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0b-fips 26 Sep 2016" | |
45 | 45 | # else |
46 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0a 22 Sep 2016" | |
46 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0b 26 Sep 2016" | |
47 | 47 | # endif |
48 | 48 | |
49 | 49 | /*- |
@@ -161,15 +161,15 @@ BOOL LoadOpenSSL() | ||
161 | 161 | #ifdef ENABLE_PROCESS_PROTECTION |
162 | 162 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
163 | 163 | #if defined(_M_IX86) |
164 | - // ssleay32.dll 1.1.0a | |
165 | - RegisterTrustedModuleSHA1Hash("\xBF\x25\x75\x85\x71\x67\x5D\x3E\x07\x11\x40\xE2\x47\xC0\xE0\x5C\xB2\xCD\xC3\x12"); | |
166 | - // libeay32.dll 1.1.0a | |
167 | - RegisterTrustedModuleSHA1Hash("\x0A\x29\x8D\xAC\x2C\xA2\xB1\x43\x2B\x9F\xA4\xD8\x14\x80\x9B\x04\xD9\x23\x73\x41"); | |
164 | + // ssleay32.dll 1.1.0b | |
165 | + RegisterTrustedModuleSHA1Hash("\x62\xF4\x7E\xA1\xD9\x24\xE5\xCF\xA7\xBE\x04\xD9\x55\x89\xA6\xF8\x96\x62\x43\xAD"); | |
166 | + // libeay32.dll 1.1.0b | |
167 | + RegisterTrustedModuleSHA1Hash("\xB7\x63\x47\x26\x24\xE7\x99\x68\xC7\x46\xAD\x59\xBD\xAF\xD0\x44\x86\x35\xB4\x27"); | |
168 | 168 | #elif defined(_M_AMD64) |
169 | - // ssleay32.dll 1.1.0a | |
170 | - RegisterTrustedModuleSHA1Hash("\xCE\x74\x3E\x3D\x88\x2C\xC4\xAC\x33\x53\xD4\x5A\xAE\x17\x4F\x59\x01\x8A\x6E\xAB"); | |
171 | - // libeay32.dll 1.1.0a | |
172 | - RegisterTrustedModuleSHA1Hash("\xA1\x40\x78\xD1\xD5\x47\xCA\x47\x8A\x03\x93\xBC\x9E\xAD\xFA\xCA\x65\x1F\x36\x78"); | |
169 | + // ssleay32.dll 1.1.0b | |
170 | + RegisterTrustedModuleSHA1Hash("\x10\xCD\x83\x06\x6F\xBE\x4D\x58\xE3\x0B\x2C\xF0\xA1\x13\x1B\xA2\x55\xB0\x6D\xE1"); | |
171 | + // libeay32.dll 1.1.0b | |
172 | + RegisterTrustedModuleSHA1Hash("\x4F\x8E\xFB\xF6\x10\x50\x62\xA0\xB4\xF3\x28\x08\x10\x63\x67\x9E\xFD\xBE\xAC\x17"); | |
173 | 173 | #endif |
174 | 174 | #endif |
175 | 175 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |