// ソフトウェア自動更新\r
// リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする\r
// 2014年7月31日中の30個目のリリースは2014073129\r
-#define RELEASE_VERSION_NUM 2015061300 /* リリースバージョン */\r
+#define RELEASE_VERSION_NUM 2015071100 /* リリースバージョン */\r
\r
\r
// SourceForge.JPによるフォーク\r
OpenSSL CHANGES
_______________
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
+
+ *) Alternate chains certificate forgery
+
+ During certificate verfification, OpenSSL will attempt to find an
+ alternative certificate chain if the first attempt to build such a chain
+ fails. An error in the implementation of this logic can mean that an
+ attacker could cause certain checks on untrusted certificates to be
+ bypassed, such as the CA flag, enabling them to use a valid leaf
+ certificate to act as a CA and "issue" an invalid certificate.
+
+ This issue was reported to OpenSSL by Adam Langley/David Benjamin
+ (Google/BoringSSL).
+ [Matt Caswell]
+
Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
* BIO_CB_RETURN flag indicates if it is after the call\r
*/\r
# define BIO_CB_RETURN 0x80\r
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))\r
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)\r
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))\r
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)\r
\r
#endif\r
\r
#if defined(DES_RISC1) && defined(DES_RISC2)\r
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!\r
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!\r
#endif\r
\r
/* Unroll the inner loop, this sometimes helps, sometimes hinders.\r
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for\r
* major minor fix final patch/beta)\r
*/\r
-# define OPENSSL_VERSION_NUMBER 0x1000203fL\r
+# define OPENSSL_VERSION_NUMBER 0x1000204fL\r
# ifdef OPENSSL_FIPS\r
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips 12 Jun 2015"\r
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015"\r
# else\r
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c 12 Jun 2015"\r
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015"\r
# endif\r
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT\r
\r
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+
+ o Alternate chains certificate forgery (CVE-2015-1793)
+
Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
o Fix HMAC ABI incompatibility
- OpenSSL 1.0.2c 12 Jun 2015
+ OpenSSL 1.0.2d 9 Jul 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
#ifdef ENABLE_PROCESS_PROTECTION\r
// 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること\r
#if defined(_M_IX86)\r
- // ssleay32.dll 1.0.2c\r
- RegisterTrustedModuleSHA1Hash("\x52\x8D\x30\xE5\xF5\x41\x8E\x16\x8A\x31\x8D\x36\xEA\xB7\xE0\x93\x4F\x13\x0B\x48");\r
- // libeay32.dll 1.0.2c\r
- RegisterTrustedModuleSHA1Hash("\x22\x3A\xCE\x78\xAC\x4B\x02\x20\x05\x61\x1B\xC5\xBF\xE7\x37\x7D\xD9\xDF\xE6\x1B");\r
+ // ssleay32.dll 1.0.2d\r
+ RegisterTrustedModuleSHA1Hash("\xBF\x93\x28\xBE\x43\x04\x2D\x18\xA4\x02\x1B\xF3\x63\x0A\xC7\x1A\x94\xCF\xA6\x05");\r
+ // libeay32.dll 1.0.2d\r
+ RegisterTrustedModuleSHA1Hash("\xFA\xAE\x6D\x44\xC6\x91\xF3\xA1\x53\x4E\x3A\xFE\x0C\x3C\x8D\xF9\xF7\x2B\x87\xF9");\r
#elif defined(_M_AMD64)\r
- // ssleay32.dll 1.0.2c\r
- RegisterTrustedModuleSHA1Hash("\x9E\xE1\xA7\x17\x2C\x78\xA7\x11\xEB\x11\x95\x95\x21\x18\x0F\x29\x6B\xDF\xE6\xDF");\r
- // libeay32.dll 1.0.2c\r
- RegisterTrustedModuleSHA1Hash("\x86\x8B\x4B\x13\x3C\x51\x29\x91\x2D\xD3\x81\x8D\x03\x8E\x5E\x43\xEB\x1C\xA8\x5C");\r
+ // ssleay32.dll 1.0.2d\r
+ RegisterTrustedModuleSHA1Hash("\xD8\x01\x0D\xBE\xEE\x6D\x73\x79\x57\x1A\xE8\xAC\x25\x1C\x96\xA1\x93\x9A\x90\x51");\r
+ // libeay32.dll 1.0.2d\r
+ RegisterTrustedModuleSHA1Hash("\x82\xCD\x9F\x91\xB4\x48\x13\x93\x46\x1B\xC2\x83\xDF\xBC\xE2\x14\x6B\x0A\xB7\xF9");\r
#endif\r
#endif\r
g_hOpenSSL = LoadLibrary("ssleay32.dll");\r