[Pkg-openssl-changes] r672 - openssl/branches/squeeze/debian/patches

[Kurt Roeckx]

Author: kroeckx
Date: 2014-06-05 19:17:34 +0000 (Thu, 05 Jun 2014)
New Revision: 672

Modified:
   openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch
Log:
Use patch from correct branch.


Modified: openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch	2014-06-05 19:15:27 UTC (rev 671)
+++ openssl/branches/squeeze/debian/patches/CVE-2014-0224.patch	2014-06-05 19:17:34 UTC (rev 672)
@@ -1,8 +1,8 @@
 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index a6b3c01..c99a4c4 100644
+index 7caabf3..af29600 100644
 --- a/ssl/s3_clnt.c
 +++ b/ssl/s3_clnt.c
-@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
+@@ -491,6 +491,7 @@ int ssl3_connect(SSL *s)
  		case SSL3_ST_CR_FINISHED_A:
  		case SSL3_ST_CR_FINISHED_B:
  
@@ -10,7 +10,7 @@
  			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
  				SSL3_ST_CR_FINISHED_B);
  			if (ret <= 0) goto end;
-@@ -915,6 +916,7 @@ int ssl3_get_server_hello(SSL *s)
+@@ -777,6 +778,7 @@ int ssl3_get_server_hello(SSL *s)
  		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
  		goto f_err;
  		}
@@ -19,10 +19,10 @@
  	    }
  	else	/* a miss or crap from the other end */
 diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index 6bc8bf9..98c36e6 100644
+index 169f235..c087fee 100644
 --- a/ssl/s3_pkt.c
 +++ b/ssl/s3_pkt.c
-@@ -1316,6 +1316,15 @@ start:
+@@ -1166,6 +1166,15 @@ start:
  			goto f_err;
  			}
  
@@ -38,11 +38,20 @@
  		rr->length=0;
  
  		if (s->msg_callback)
+@@ -1297,7 +1306,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ 
+ 	if (s->s3->tmp.key_block == NULL)
+ 		{
+-		if (s->session == NULL) 
++		if (s->session == NULL || s->session->master_key_length == 0)
+ 			{
+ 			/* might happen if dtls1_read_bytes() calls this */
+ 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
 diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index 5ac4119..503bed3 100644
+index 06c7b00..fcc97f3 100644
 --- a/ssl/s3_srvr.c
 +++ b/ssl/s3_srvr.c
-@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
+@@ -523,6 +523,7 @@ int ssl3_accept(SSL *s)
  		case SSL3_ST_SR_CERT_VRFY_A:
  		case SSL3_ST_SR_CERT_VRFY_B:
  
@@ -50,7 +59,7 @@
  			/* we should decide if we expected this one */
  			ret=ssl3_get_cert_verify(s);
  			if (ret <= 0) goto end;
-@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
+@@ -533,6 +534,7 @@ int ssl3_accept(SSL *s)
  
  		case SSL3_ST_SR_FINISHED_A:
  		case SSL3_ST_SR_FINISHED_B:
@@ -58,25 +67,14 @@
  			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
  				SSL3_ST_SR_FINISHED_B);
  			if (ret <= 0) goto end;
-@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
- 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- #else
- 				if (s->s3->next_proto_neg_seen)
-+					{
-+					s->s3->flags |= SSL3_FLAGS_CCS_OK;
- 					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
-+					}
- 				else
- 					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- #endif
 diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index cb8b249..37f19e3 100644
+index 3aab080..de5e559 100644
 --- a/ssl/ssl3.h
 +++ b/ssl/ssl3.h
-@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
+@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st
+ #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
+ #define SSL3_FLAGS_POP_BUFFER			0x0004
  #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
- #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
- #define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
 +#define SSL3_FLAGS_CCS_OK			0x0080
   
  /* SSL3_FLAGS_SGC_RESTART_DONE is set when we