FFFTPのソースコードです。
Revision | aac1eb09918d65dc2e50c0df14b002ad9bba9612 (tree) |
---|---|
Zeit | 2013-02-12 12:05:52 |
Autor | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.0.1e.
@@ -2,6 +2,10 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.0.1d and 1.0.1e [11 Feb 2013] | |
6 | + | |
7 | + *) | |
8 | + | |
5 | 9 | Changes between 1.0.1c and 1.0.1d [5 Feb 2013] |
6 | 10 | |
7 | 11 | *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. |
@@ -83,11 +83,11 @@ OpenSSL - Frequently Asked Questions | ||
83 | 83 | * Which is the current version of OpenSSL? |
84 | 84 | |
85 | 85 | The current version is available from <URL: http://www.openssl.org>. |
86 | -OpenSSL 1.0.1d was released on Feb 5th, 2013. | |
86 | +OpenSSL 1.0.1e was released on Feb 11th, 2013. | |
87 | 87 | |
88 | 88 | In addition to the current stable release, you can also access daily |
89 | 89 | snapshots of the OpenSSL development version at <URL: |
90 | -ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. | |
90 | +ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. | |
91 | 91 | |
92 | 92 | |
93 | 93 | * Where is the documentation? |
@@ -25,11 +25,11 @@ | ||
25 | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
26 | 26 | * major minor fix final patch/beta) |
27 | 27 | */ |
28 | -#define OPENSSL_VERSION_NUMBER 0x1000104fL | |
28 | +#define OPENSSL_VERSION_NUMBER 0x1000105fL | |
29 | 29 | #ifdef OPENSSL_FIPS |
30 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d-fips 5 Feb 2013" | |
30 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e-fips 11 Feb 2013" | |
31 | 31 | #else |
32 | -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d 5 Feb 2013" | |
32 | +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e 11 Feb 2013" | |
33 | 33 | #endif |
34 | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
35 | 35 |
@@ -5,6 +5,10 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: | |
9 | + | |
10 | + o Corrected fix for CVE-2013-0169 | |
11 | + | |
8 | 12 | Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: |
9 | 13 | |
10 | 14 | o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.0.1d 5 Feb 2013 | |
2 | + OpenSSL 1.0.1e 11 Feb 2013 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2011 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -190,7 +190,7 @@ | ||
190 | 190 | reason as to why that feature isn't implemented. |
191 | 191 | |
192 | 192 | Patches should be as up to date as possible, preferably relative to the |
193 | - current CVS or the last snapshot. They should follow the coding style of | |
193 | + current Git or the last snapshot. They should follow the coding style of | |
194 | 194 | OpenSSL and compile without warnings. Some of the core team developer targets |
195 | 195 | can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL |
196 | 196 | compiles on many varied platforms: try to ensure you only use portable |
@@ -116,10 +116,10 @@ BOOL LoadOpenSSL() | ||
116 | 116 | return FALSE; |
117 | 117 | #ifdef ENABLE_PROCESS_PROTECTION |
118 | 118 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
119 | - // ssleay32.dll 1.0.1d | |
120 | - RegisterTrustedModuleSHA1Hash("\x52\x2F\xA2\x9D\xDC\x20\x73\x1D\xDF\x08\xEF\x79\x63\xA8\xB7\xC7\x68\xAC\x9F\xF4"); | |
121 | - // libeay32.dll 1.0.1d | |
122 | - RegisterTrustedModuleSHA1Hash("\x16\x46\x92\xB4\x55\x67\xA4\x0B\x25\x0B\xBF\x05\xA7\xC7\x9E\xB7\x0F\x6E\xBE\x0D"); | |
119 | + // ssleay32.dll 1.0.1e | |
120 | + RegisterTrustedModuleSHA1Hash("\xE8\x9A\x16\xDF\xCE\xA2\x7E\x55\x28\xC4\x78\x1A\x21\x40\xCB\x57\xDC\x40\xCD\x61"); | |
121 | + // libeay32.dll 1.0.1e | |
122 | + RegisterTrustedModuleSHA1Hash("\x38\xC8\x30\xCB\xE0\x5D\x4E\xF7\xA1\x93\xBB\xF7\x54\xA5\x21\xC8\xF7\xA1\x85\xC5"); | |
123 | 123 | #endif |
124 | 124 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |
125 | 125 | // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止 |