[Pkg-openssl-changes] r738 - openssl/branches/jessie/debian/patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Thu Jun 11 21:39:52 UTC 2015 

Author: kroeckx
Date: 2015-06-11 21:39:52 +0000 (Thu, 11 Jun 2015)
New Revision: 738

Modified:
   openssl/branches/jessie/debian/patches/CVE-2015-1791.patch
Log:
Fix header


Modified: openssl/branches/jessie/debian/patches/CVE-2015-1791.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-1791.patch	2015-06-11 21:36:29 UTC (rev 737)
+++ openssl/branches/jessie/debian/patches/CVE-2015-1791.patch	2015-06-11 21:39:52 UTC (rev 738)
@@ -1,35 +1,9 @@
-From 939b4960276b040fc0ed52232238fcc9e2e9ec21 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt at openssl.org>
-Date: Mon, 18 May 2015 16:27:48 +0100
-Subject: [PATCH] Fix race condition in NewSessionTicket
+This is a combination of the following upstream commits:
+98ece4eebfb6cd45cc8d550c6ac0022965071afc
+dcad51bc13c9b716d9a66248bcc4038c071ff158
+708cf593587e2fda67dae9782991ff9fccc781eb
 
-If a NewSessionTicket is received by a multi-threaded client when
-attempting to reuse a previous ticket then a race condition can occur
-potentially leading to a double free of the ticket data.
 
-CVE-2015-1791
-
-This also fixes RT#3808 where a session ID is changed for a session already
-in the client session cache. Since the session ID is the key to the cache
-this breaks the cache access.
-
-Parts of this patch were inspired by this Akamai change:
-https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3
-
-Reviewed-by: Rich Salz <rsalz at openssl.org>
-(cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688)
-
-Conflicts:
-	ssl/ssl.h
-	ssl/ssl_err.c
----
- ssl/s3_clnt.c  |  32 +++++++++++++++
- ssl/ssl.h      |   1 +
- ssl/ssl_err.c  |   1 +
- ssl/ssl_locl.h |   1 +
- ssl/ssl_sess.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 158 insertions(+)
-
 Index: openssl-1.0.1k/ssl/s3_clnt.c
 ===================================================================
 --- openssl-1.0.1k.orig/ssl/s3_clnt.c

More information about the Pkg-openssl-changes mailing list