[Pkg-openssl-changes] r744 - openssl/branches/squeeze/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Wed Jun 17 21:38:41 UTC 2015
Author: kroeckx
Date: 2015-06-17 21:38:41 +0000 (Wed, 17 Jun 2015)
New Revision: 744
Modified:
openssl/branches/squeeze/debian/patches/CVE-2015-1791.patch
Log:
Use 0.9.8 version of patch
Modified: openssl/branches/squeeze/debian/patches/CVE-2015-1791.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2015-1791.patch 2015-06-17 21:28:00 UTC (rev 743)
+++ openssl/branches/squeeze/debian/patches/CVE-2015-1791.patch 2015-06-17 21:38:41 UTC (rev 744)
@@ -6,8 +6,8 @@
Index: openssl-0.9.8o/ssl/s3_clnt.c
===================================================================
---- openssl-0.9.8o.orig/ssl/s3_clnt.c 2015-06-17 21:15:36.532227023 +0000
-+++ openssl-0.9.8o/ssl/s3_clnt.c 2015-06-17 21:15:45.396034981 +0000
+--- openssl-0.9.8o.orig/ssl/s3_clnt.c 2015-06-17 21:28:11.000000000 +0000
++++ openssl-0.9.8o/ssl/s3_clnt.c 2015-06-17 21:28:11.000000000 +0000
@@ -1741,6 +1741,38 @@
}
@@ -49,8 +49,8 @@
/* ticket_lifetime_hint + ticket_length + ticket */
Index: openssl-0.9.8o/ssl/ssl.h
===================================================================
---- openssl-0.9.8o.orig/ssl/ssl.h 2015-06-17 21:08:56.612889273 +0000
-+++ openssl-0.9.8o/ssl/ssl.h 2015-06-17 21:15:45.468033421 +0000
+--- openssl-0.9.8o.orig/ssl/ssl.h 2015-06-17 21:28:11.000000000 +0000
++++ openssl-0.9.8o/ssl/ssl.h 2015-06-17 21:28:11.000000000 +0000
@@ -1839,6 +1839,7 @@
#define SSL_F_SSL_READ 223
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
@@ -61,8 +61,8 @@
#define SSL_F_SSL_SESS_CERT_NEW 225
Index: openssl-0.9.8o/ssl/ssl_err.c
===================================================================
---- openssl-0.9.8o.orig/ssl/ssl_err.c 2015-06-17 21:08:56.680887802 +0000
-+++ openssl-0.9.8o/ssl/ssl_err.c 2015-06-17 21:15:45.468033421 +0000
+--- openssl-0.9.8o.orig/ssl/ssl_err.c 2015-06-17 21:28:11.000000000 +0000
++++ openssl-0.9.8o/ssl/ssl_err.c 2015-06-17 21:28:11.000000000 +0000
@@ -231,6 +231,7 @@
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
@@ -73,8 +73,8 @@
{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
Index: openssl-0.9.8o/ssl/ssl_locl.h
===================================================================
---- openssl-0.9.8o.orig/ssl/ssl_locl.h 2015-06-17 20:58:57.189873833 +0000
-+++ openssl-0.9.8o/ssl/ssl_locl.h 2015-06-17 21:15:45.468033421 +0000
+--- openssl-0.9.8o.orig/ssl/ssl_locl.h 2015-06-17 21:28:11.000000000 +0000
++++ openssl-0.9.8o/ssl/ssl_locl.h 2015-06-17 21:28:11.000000000 +0000
@@ -731,6 +731,7 @@
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
@@ -86,12 +86,11 @@
Index: openssl-0.9.8o/ssl/ssl_sess.c
===================================================================
--- openssl-0.9.8o.orig/ssl/ssl_sess.c 2010-02-01 16:48:40.000000000 +0000
-+++ openssl-0.9.8o/ssl/ssl_sess.c 2015-06-17 21:15:45.468033421 +0000
-@@ -132,6 +132,132 @@
++++ openssl-0.9.8o/ssl/ssl_sess.c 2015-06-17 21:37:18.456156239 +0000
+@@ -132,6 +132,80 @@
return(ss);
}
-+
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
@@ -110,22 +109,11 @@
+ * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+ * the case of an error whilst halfway through constructing dest
+ */
-+#ifndef OPENSSL_NO_PSK
-+ dest->psk_identity_hint = NULL;
-+ dest->psk_identity = NULL;
-+#endif
+ dest->ciphers = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ dest->tlsext_hostname = NULL;
-+# ifndef OPENSSL_NO_EC
-+ dest->tlsext_ecpointformatlist = NULL;
-+ dest->tlsext_ellipticcurvelist = NULL;
-+# endif
+#endif
+ dest->tlsext_tick = NULL;
-+#ifndef OPENSSL_NO_SRP
-+ dest->srp_username = NULL;
-+#endif
+ memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+ /* We deliberately don't copy the prev and next pointers */
@@ -140,21 +128,6 @@
+ if (src->peer != NULL)
+ CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+
-+#ifndef OPENSSL_NO_PSK
-+ if (src->psk_identity_hint) {
-+ dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
-+ if (dest->psk_identity_hint == NULL) {
-+ goto err;
-+ }
-+ }
-+ if (src->psk_identity) {
-+ dest->psk_identity = BUF_strdup(src->psk_identity);
-+ if (dest->psk_identity == NULL) {
-+ goto err;
-+ }
-+ }
-+#endif
-+
+ if(src->ciphers != NULL) {
+ dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+ if (dest->ciphers == NULL)
@@ -173,22 +146,6 @@
+ goto err;
+ }
+ }
-+# ifndef OPENSSL_NO_EC
-+ if (src->tlsext_ecpointformatlist) {
-+ dest->tlsext_ecpointformatlist =
-+ BUF_memdup(src->tlsext_ecpointformatlist,
-+ src->tlsext_ecpointformatlist_length);
-+ if (dest->tlsext_ecpointformatlist == NULL)
-+ goto err;
-+ }
-+ if (src->tlsext_ellipticcurvelist) {
-+ dest->tlsext_ellipticcurvelist =
-+ BUF_memdup(src->tlsext_ellipticcurvelist,
-+ src->tlsext_ellipticcurvelist_length);
-+ if (dest->tlsext_ellipticcurvelist == NULL)
-+ goto err;
-+ }
-+# endif
+#endif
+
+ if (ticket != 0) {
@@ -200,15 +157,6 @@
+ dest->tlsext_ticklen = 0;
+ }
+
-+#ifndef OPENSSL_NO_SRP
-+ if (src->srp_username) {
-+ dest->srp_username = BUF_strdup(src->srp_username);
-+ if (dest->srp_username == NULL) {
-+ goto err;
-+ }
-+ }
-+#endif
-+
+ return dest;
+err:
+ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
More information about the Pkg-openssl-changes
mailing list