From: s_kawamoto <s_kawamoto@users.sourceforge.jp>
Date: Sat, 11 Jul 2015 10:41:50 +0000 (+0900)
Subject: Update OpenSSL to 1.0.2d.
X-Git-Url: http://git.osdn.net/view?p=ffftp%2Fffftp.git;a=commitdiff_plain;h=84d4661a835d170169a608339b76899c9d8fae01

Update OpenSSL to 1.0.2d.
---

diff --git a/FFFTP_Eng_Release/FFFTP.exe b/FFFTP_Eng_Release/FFFTP.exe
index 302cfc3..d2428f6 100644
Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
diff --git a/FFFTP_Eng_Release_64/FFFTP.exe b/FFFTP_Eng_Release_64/FFFTP.exe
index c4903ec..0245748 100644
Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ
diff --git a/Release/FFFTP.exe b/Release/FFFTP.exe
index 0b5d3ad..047597b 100644
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
diff --git a/Release_64/FFFTP.exe b/Release_64/FFFTP.exe
index 6dff3f9..f30fce6 100644
Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ
diff --git a/common.h b/common.h
index 3dc91c5..da2f059 100644
--- a/common.h
+++ b/common.h
@@ -81,7 +81,7 @@
 // ã½ããã¦ã§ã¢èªåæ´æ°
 // ãªãªã¼ã¹ãã¼ã¸ã§ã³ã¯ãªãªã¼ã¹äºå®å¹´ï¼10é²æ°4æ¡ï¼+æï¼2æ¡ï¼+æ¥ï¼2æ¡ï¼+éãçªå·ï¼0ã¹ã¿ã¼ã2æ¡ï¼ã¨ãã
 // 2014å¹´7æ31æ¥ä¸­ã®30åç®ã®ãªãªã¼ã¹ã¯2014073129
-#define RELEASE_VERSION_NUM		2015061300	/* ãªãªã¼ã¹ãã¼ã¸ã§ã³ */
+#define RELEASE_VERSION_NUM		2015071100	/* ãªãªã¼ã¹ãã¼ã¸ã§ã³ */
 
 
 // SourceForge.JPã«ãããã©ã¼ã¯
diff --git a/contrib/openssl/bin/libeay32.dll b/contrib/openssl/bin/libeay32.dll
index 05f49ef..3a4bf50 100644
Binary files a/contrib/openssl/bin/libeay32.dll and b/contrib/openssl/bin/libeay32.dll differ
diff --git a/contrib/openssl/bin/ssleay32.dll b/contrib/openssl/bin/ssleay32.dll
index 3b58a08..982a65f 100644
Binary files a/contrib/openssl/bin/ssleay32.dll and b/contrib/openssl/bin/ssleay32.dll differ
diff --git a/contrib/openssl/changes.txt b/contrib/openssl/changes.txt
index 4cbf61d..5d4c234 100644
--- a/contrib/openssl/changes.txt
+++ b/contrib/openssl/changes.txt
@@ -2,6 +2,21 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
+
+  *) Alternate chains certificate forgery
+
+     During certificate verfification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     [Matt Caswell]
+
  Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
 
   *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
diff --git a/contrib/openssl/include/openssl/bio.h b/contrib/openssl/include/openssl/bio.h
index 21cafa0..10600ce 100644
--- a/contrib/openssl/include/openssl/bio.h
+++ b/contrib/openssl/include/openssl/bio.h
@@ -291,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags);
  * BIO_CB_RETURN flag indicates if it is after the call
  */
 # define BIO_CB_RETURN   0x80
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
 
diff --git a/contrib/openssl/include/openssl/opensslconf.h b/contrib/openssl/include/openssl/opensslconf.h
index 3a01da5..c1e2bf1 100644
--- a/contrib/openssl/include/openssl/opensslconf.h
+++ b/contrib/openssl/include/openssl/opensslconf.h
@@ -203,7 +203,7 @@ extern "C" {
 #endif
 
 #if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
diff --git a/contrib/openssl/include/openssl/opensslv.h b/contrib/openssl/include/openssl/opensslv.h
index 1eef06b..393299c 100644
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1000203fL
+# define OPENSSL_VERSION_NUMBER  0x1000204fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2c-fips 12 Jun 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2d-fips 9 Jul 2015"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2c 12 Jun 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2d 9 Jul 2015"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/contrib/openssl/news.txt b/contrib/openssl/news.txt
index f3574cf..29e4805 100644
--- a/contrib/openssl/news.txt
+++ b/contrib/openssl/news.txt
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+
+      o Alternate chains certificate forgery (CVE-2015-1793)
+
   Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
 
       o Fix HMAC ABI incompatibility
diff --git a/contrib/openssl/readme.txt b/contrib/openssl/readme.txt
index ae04431..493141b 100644
--- a/contrib/openssl/readme.txt
+++ b/contrib/openssl/readme.txt
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2c 12 Jun 2015
+ OpenSSL 1.0.2d 9 Jul 2015
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/dist/amd64/libeay32.dll b/dist/amd64/libeay32.dll
index c0d8f09..61488e3 100644
Binary files a/dist/amd64/libeay32.dll and b/dist/amd64/libeay32.dll differ
diff --git a/dist/amd64/ssleay32.dll b/dist/amd64/ssleay32.dll
index a8b3773..28bae01 100644
Binary files a/dist/amd64/ssleay32.dll and b/dist/amd64/ssleay32.dll differ
diff --git a/dist/libeay32.dll b/dist/libeay32.dll
index 05f49ef..3a4bf50 100644
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ
diff --git a/dist/ssleay32.dll b/dist/ssleay32.dll
index 3b58a08..982a65f 100644
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ
diff --git a/socketwrapper.c b/socketwrapper.c
index 082c5c9..904624f 100644
--- a/socketwrapper.c
+++ b/socketwrapper.c
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL()
 #ifdef ENABLE_PROCESS_PROTECTION
 	// åæ¢±ããOpenSSLã®ãã¼ã¸ã§ã³ã«åããã¦SHA1ããã·ã¥å¤ãå¤æ´ãããã¨
 #if defined(_M_IX86)
-	// ssleay32.dll 1.0.2c
-	RegisterTrustedModuleSHA1Hash("\x52\x8D\x30\xE5\xF5\x41\x8E\x16\x8A\x31\x8D\x36\xEA\xB7\xE0\x93\x4F\x13\x0B\x48");
-	// libeay32.dll 1.0.2c
-	RegisterTrustedModuleSHA1Hash("\x22\x3A\xCE\x78\xAC\x4B\x02\x20\x05\x61\x1B\xC5\xBF\xE7\x37\x7D\xD9\xDF\xE6\x1B");
+	// ssleay32.dll 1.0.2d
+	RegisterTrustedModuleSHA1Hash("\xBF\x93\x28\xBE\x43\x04\x2D\x18\xA4\x02\x1B\xF3\x63\x0A\xC7\x1A\x94\xCF\xA6\x05");
+	// libeay32.dll 1.0.2d
+	RegisterTrustedModuleSHA1Hash("\xFA\xAE\x6D\x44\xC6\x91\xF3\xA1\x53\x4E\x3A\xFE\x0C\x3C\x8D\xF9\xF7\x2B\x87\xF9");
 #elif defined(_M_AMD64)
-	// ssleay32.dll 1.0.2c
-	RegisterTrustedModuleSHA1Hash("\x9E\xE1\xA7\x17\x2C\x78\xA7\x11\xEB\x11\x95\x95\x21\x18\x0F\x29\x6B\xDF\xE6\xDF");
-	// libeay32.dll 1.0.2c
-	RegisterTrustedModuleSHA1Hash("\x86\x8B\x4B\x13\x3C\x51\x29\x91\x2D\xD3\x81\x8D\x03\x8E\x5E\x43\xEB\x1C\xA8\x5C");
+	// ssleay32.dll 1.0.2d
+	RegisterTrustedModuleSHA1Hash("\xD8\x01\x0D\xBE\xEE\x6D\x73\x79\x57\x1A\xE8\xAC\x25\x1C\x96\xA1\x93\x9A\x90\x51");
+	// libeay32.dll 1.0.2d
+	RegisterTrustedModuleSHA1Hash("\x82\xCD\x9F\x91\xB4\x48\x13\x93\x46\x1B\xC2\x83\xDF\xBC\xE2\x14\x6B\x0A\xB7\xF9");
 #endif
 #endif
 	g_hOpenSSL = LoadLibrary("ssleay32.dll");