[Pkg-openssl-changes] r533 - openssl/branches/squeeze/debian/patches

Kurt Roeckx kroeckx at alioth.debian.org
Tue Mar 13 20:50:42 UTC 2012 

Author: kroeckx
Date: 2012-03-13 20:50:42 +0000 (Tue, 13 Mar 2012)
New Revision: 533

Modified:
   openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
Log:
Cleanup patch.


Modified: openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch	2012-03-13 20:49:37 UTC (rev 532)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch	2012-03-13 20:50:42 UTC (rev 533)
@@ -1,26 +1,3 @@
-diff --git a/CHANGES b/CHANGES
-index 59de463..a2409ac 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -4,6 +4,17 @@
- 
-  Changes between 0.9.8t and 0.9.8u [xx XXX xxxx]
- 
-+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
-+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
-+     content decryption and always return the same error. Note: this attack
-+     needs on average 2^20 messages so it only affects automated senders. The
-+     old behaviour can be reenabled in the CMS code by setting the
-+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
-+     an MMA defence is not necessary.
-+     Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
-+     this issue. (CVE-2012-0884)
-+     [Steve Henson]
-+
-   *) Fix CVE-2011-4619: make sure we really are receiving a 
-      client hello before rejecting multiple SGC restarts. Thanks to
-      Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
-diff --git a/apps/cms.c b/apps/cms.c
 index 7407ae1..b8c0ee8 100644
 --- a/apps/cms.c
 +++ b/apps/cms.c
@@ -42,7 +19,6 @@
  
  		if (secret_key)
  			{
-diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
 index 25f8874..75e3be0 100644
 --- a/crypto/cms/cms.h
 +++ b/crypto/cms/cms.h
@@ -54,7 +30,6 @@
  
  const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
  
-diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
 index bab2623..580083b 100644
 --- a/crypto/cms/cms_enc.c
 +++ b/crypto/cms/cms_enc.c
@@ -151,7 +126,6 @@
  	if (ok)
  		return b;
  	BIO_free(b);
-diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
 index d499ae8..b8685fa 100644
 --- a/crypto/cms/cms_env.c
 +++ b/crypto/cms/cms_env.c
@@ -181,7 +155,6 @@
  
  	err:
  	if (!ret && ek)
-diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
 index 7d60fac..ce65d6e 100644
 --- a/crypto/cms/cms_lcl.h
 +++ b/crypto/cms/cms_lcl.h
@@ -194,7 +167,6 @@
  	};
  
  struct CMS_RecipientInfo_st
-diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
 index f35883a..2be07c2 100644
 --- a/crypto/cms/cms_smime.c
 +++ b/crypto/cms/cms_smime.c
@@ -267,7 +239,6 @@
  	cont = CMS_dataInit(cms, dcont);
  	if (!cont)
  		return 0;
-diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
 index c8f1eb1..8b3024e 100644
 --- a/crypto/pkcs7/pk7_doit.c
 +++ b/crypto/pkcs7/pk7_doit.c

More information about the Pkg-openssl-changes mailing list