[Pkg-openssl-changes] r681 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Jun 19 21:36:04 UTC 2014
Author: kroeckx
Date: 2014-06-19 21:36:04 +0000 (Thu, 19 Jun 2014)
New Revision: 681
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch
Log:
Update CVE-2014-0224 patch
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2014-06-15 11:30:45 UTC (rev 680)
+++ openssl/branches/squeeze/debian/changelog 2014-06-19 21:36:04 UTC (rev 681)
@@ -1,3 +1,10 @@
+openssl (0.9.8o-4squeeze16) squeeze-lts; urgency=medium
+
+ * Update CVE-2014-0224 patch: Accept CCS after sending finished.
+ (Closes: #751093)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Jun 2014 23:25:00 +0200
+
openssl (0.9.8o-4squeeze15) squeeze-lts; urgency=medium
* Fix CVE-2014-0076.patch
Modified: openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch 2014-06-15 11:30:45 UTC (rev 680)
+++ openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch 2014-06-19 21:36:04 UTC (rev 681)
@@ -79,3 +79,15 @@
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index 06fb275..4b41a2b 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -442,6 +442,7 @@ int ssl3_connect(SSL *s)
+ s->method->ssl3_enc->client_finished_label,
+ s->method->ssl3_enc->client_finished_label_len);
+ if (ret <= 0) goto end;
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->state=SSL3_ST_CW_FLUSH;
+
+ /* clear flags */
More information about the Pkg-openssl-changes
mailing list