[Pkg-openssl-changes] r639 - openssl/branches/wheezy/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Mon Dec 23 16:58:38 UTC 2013
Author: kroeckx
Date: 2013-12-23 16:58:38 +0000 (Mon, 23 Dec 2013)
New Revision: 639
Modified:
openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch
Log:
Make the patch apply
Modified: openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch 2013-12-23 16:53:09 UTC (rev 638)
+++ openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch 2013-12-23 16:58:38 UTC (rev 639)
@@ -13,27 +13,11 @@
ssl/t1_enc.c | 17 +++++++++++------
4 files changed, 24 insertions(+), 6 deletions(-)
-diff --git a/CHANGES b/CHANGES
-index cfaebba..173be24 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -4,6 +4,11 @@
-
- Changes between 1.0.1e and 1.0.1f [xx XXX xxxx]
-
-+ *) Keep original DTLS digest and encryption contexts in retransmission
-+ structures so we can use the previous session parameters if they need
-+ to be resent. (CVE-2013-6450)
-+ [Steve Henson]
-+
- *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
- avoids preferring ECDHE-ECDSA ciphers when the client appears to be
- Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 65ec001..7a5596a 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+Index: openssl-1.0.1e/ssl/d1_both.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/d1_both.c 2013-12-23 17:57:07.916566103 +0100
++++ openssl-1.0.1e/ssl/d1_both.c 2013-12-23 17:57:07.888566708 +0100
+@@ -214,6 +214,12 @@
static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
@@ -46,11 +30,11 @@
if (frag->fragment) OPENSSL_free(frag->fragment);
if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 96ce9a7..e485907 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+Index: openssl-1.0.1e/ssl/ssl_locl.h
+===================================================================
+--- openssl-1.0.1e.orig/ssl/ssl_locl.h 2013-12-23 17:57:07.916566103 +0100
++++ openssl-1.0.1e/ssl/ssl_locl.h 2013-12-23 17:57:07.888566708 +0100
+@@ -621,6 +621,8 @@
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;
@@ -59,11 +43,11 @@
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 72015f5..56db834 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+Index: openssl-1.0.1e/ssl/t1_enc.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/t1_enc.c 2013-12-23 17:57:07.916566103 +0100
++++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-23 17:57:07.888566708 +0100
+@@ -414,15 +414,20 @@
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -90,6 +74,3 @@
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
---
-1.8.5.1
-
More information about the Pkg-openssl-changes
mailing list