[Pkg-openssl-changes] r639 - openssl/branches/wheezy/debian/patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Mon Dec 23 16:58:38 UTC 2013 

Author: kroeckx
Date: 2013-12-23 16:58:38 +0000 (Mon, 23 Dec 2013)
New Revision: 639

Modified:
   openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch
Log:
Make the patch apply


Modified: openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch	2013-12-23 16:53:09 UTC (rev 638)
+++ openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch	2013-12-23 16:58:38 UTC (rev 639)
@@ -13,27 +13,11 @@
  ssl/t1_enc.c   | 17 +++++++++++------
  4 files changed, 24 insertions(+), 6 deletions(-)
 
-diff --git a/CHANGES b/CHANGES
-index cfaebba..173be24 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -4,6 +4,11 @@
- 
-  Changes between 1.0.1e and 1.0.1f [xx XXX xxxx]
- 
-+  *) Keep original DTLS digest and encryption contexts in retransmission
-+     structures so we can use the previous session parameters if they need
-+     to be resent. (CVE-2013-6450)
-+     [Steve Henson]
-+
-   *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
-      avoids preferring ECDHE-ECDSA ciphers when the client appears to be
-      Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 65ec001..7a5596a 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+Index: openssl-1.0.1e/ssl/d1_both.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/d1_both.c	2013-12-23 17:57:07.916566103 +0100
++++ openssl-1.0.1e/ssl/d1_both.c	2013-12-23 17:57:07.888566708 +0100
+@@ -214,6 +214,12 @@
  static void
  dtls1_hm_fragment_free(hm_fragment *frag)
  	{
@@ -46,11 +30,11 @@
  	if (frag->fragment) OPENSSL_free(frag->fragment);
  	if (frag->reassembly) OPENSSL_free(frag->reassembly);
  	OPENSSL_free(frag);
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 96ce9a7..e485907 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+Index: openssl-1.0.1e/ssl/ssl_locl.h
+===================================================================
+--- openssl-1.0.1e.orig/ssl/ssl_locl.h	2013-12-23 17:57:07.916566103 +0100
++++ openssl-1.0.1e/ssl/ssl_locl.h	2013-12-23 17:57:07.888566708 +0100
+@@ -621,6 +621,8 @@
  extern SSL3_ENC_METHOD SSLv3_enc_data;
  extern SSL3_ENC_METHOD DTLSv1_enc_data;
  
@@ -59,11 +43,11 @@
  #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
  				s_get_meth) \
  const SSL_METHOD *func_name(void)  \
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 72015f5..56db834 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+Index: openssl-1.0.1e/ssl/t1_enc.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/t1_enc.c	2013-12-23 17:57:07.916566103 +0100
++++ openssl-1.0.1e/ssl/t1_enc.c	2013-12-23 17:57:07.888566708 +0100
+@@ -414,15 +414,20 @@
  			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
  			else
  			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -90,6 +74,3 @@
  #ifndef OPENSSL_NO_COMP
  		if (s->compress != NULL)
  			{
--- 
-1.8.5.1
-

More information about the Pkg-openssl-changes mailing list