[Pkg-openssl-changes] r683 - openssl/branches/squeeze/debian/patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Thu Jun 19 21:42:29 UTC 2014 

Author: kroeckx
Date: 2014-06-19 21:42:29 +0000 (Thu, 19 Jun 2014)
New Revision: 683

Modified:
   openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch
Log:
Refresh patch since dpkg doesn't like that we patch the same file twice.


Modified: openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch	2014-06-19 21:40:24 UTC (rev 682)
+++ openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch	2014-06-19 21:42:29 UTC (rev 683)
@@ -1,8 +1,16 @@
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 7caabf3..af29600 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -491,6 +491,7 @@ int ssl3_connect(SSL *s)
+Index: openssl-0.9.8o/ssl/s3_clnt.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_clnt.c	2014-06-19 21:40:54.000000000 +0000
++++ openssl-0.9.8o/ssl/s3_clnt.c	2014-06-19 21:41:16.669254561 +0000
+@@ -434,6 +434,7 @@
+ 				s->method->ssl3_enc->client_finished_label,
+ 				s->method->ssl3_enc->client_finished_label_len);
+ 			if (ret <= 0) goto end;
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			s->state=SSL3_ST_CW_FLUSH;
+ 
+ 			/* clear flags */
+@@ -483,6 +484,7 @@
  		case SSL3_ST_CR_FINISHED_A:
  		case SSL3_ST_CR_FINISHED_B:
  
@@ -10,7 +18,7 @@
  			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
  				SSL3_ST_CR_FINISHED_B);
  			if (ret <= 0) goto end;
-@@ -777,6 +778,7 @@ int ssl3_get_server_hello(SSL *s)
+@@ -769,6 +771,7 @@
  		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
  		goto f_err;
  		}
@@ -18,11 +26,11 @@
  	    s->hit=1;
  	    }
  	else	/* a miss or crap from the other end */
-diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index 169f235..c087fee 100644
---- a/ssl/s3_pkt.c
-+++ b/ssl/s3_pkt.c
-@@ -1166,6 +1166,15 @@ start:
+Index: openssl-0.9.8o/ssl/s3_pkt.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_pkt.c	2014-06-19 21:40:54.000000000 +0000
++++ openssl-0.9.8o/ssl/s3_pkt.c	2014-06-19 21:41:16.537257323 +0000
+@@ -1149,6 +1149,15 @@
  			goto f_err;
  			}
  
@@ -38,7 +46,7 @@
  		rr->length=0;
  
  		if (s->msg_callback)
-@@ -1297,7 +1306,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+@@ -1280,7 +1289,7 @@
  
  	if (s->s3->tmp.key_block == NULL)
  		{
@@ -47,11 +55,11 @@
  			{
  			/* might happen if dtls1_read_bytes() calls this */
  			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index 06c7b00..fcc97f3 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -523,6 +523,7 @@ int ssl3_accept(SSL *s)
+Index: openssl-0.9.8o/ssl/s3_srvr.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_srvr.c	2014-06-19 21:40:54.000000000 +0000
++++ openssl-0.9.8o/ssl/s3_srvr.c	2014-06-19 21:41:16.601255985 +0000
+@@ -523,6 +523,7 @@
  		case SSL3_ST_SR_CERT_VRFY_A:
  		case SSL3_ST_SR_CERT_VRFY_B:
  
@@ -59,7 +67,7 @@
  			/* we should decide if we expected this one */
  			ret=ssl3_get_cert_verify(s);
  			if (ret <= 0) goto end;
-@@ -533,6 +534,7 @@ int ssl3_accept(SSL *s)
+@@ -533,6 +534,7 @@
  
  		case SSL3_ST_SR_FINISHED_A:
  		case SSL3_ST_SR_FINISHED_B:
@@ -67,11 +75,11 @@
  			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
  				SSL3_ST_SR_FINISHED_B);
  			if (ret <= 0) goto end;
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index 3aab080..de5e559 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st
+Index: openssl-0.9.8o/ssl/ssl3.h
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl3.h	2014-06-19 21:40:54.000000000 +0000
++++ openssl-0.9.8o/ssl/ssl3.h	2014-06-19 21:41:16.669254561 +0000
+@@ -333,6 +333,7 @@
  #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
  #define SSL3_FLAGS_POP_BUFFER			0x0004
  #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
@@ -79,15 +87,3 @@
   
  /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
   * restart a handshake because of MS SGC and so prevents us
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 06fb275..4b41a2b 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -442,6 +442,7 @@ int ssl3_connect(SSL *s)
- 				s->method->ssl3_enc->client_finished_label,
- 				s->method->ssl3_enc->client_finished_label_len);
- 			if (ret <= 0) goto end;
-+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
- 			s->state=SSL3_ST_CW_FLUSH;
- 
- 			/* clear flags */

More information about the Pkg-openssl-changes mailing list