[Pkg-openssl-changes] r841 - in openssl/branches/jessie_backports/debian: . patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Thu Sep 22 19:31:15 UTC 2016


Author: kroeckx
Date: 2016-09-22 19:31:15 +0000 (Thu, 22 Sep 2016)
New Revision: 841

Removed:
   openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch
Modified:
   openssl/branches/jessie_backports/debian/changelog
   openssl/branches/jessie_backports/debian/patches/series
Log:
Remove Fix-name-length-limit-check.patch


Modified: openssl/branches/jessie_backports/debian/changelog
===================================================================
--- openssl/branches/jessie_backports/debian/changelog	2016-09-22 19:26:13 UTC (rev 840)
+++ openssl/branches/jessie_backports/debian/changelog	2016-09-22 19:31:15 UTC (rev 841)
@@ -12,11 +12,12 @@
     - Fix CVE-2016-6303
     - Fix CVE-2016-6304
     - Fix CVE-2016-6306
+  * Remove Fix-name-length-limit-check.patch, applied upstream
   * Drop ca.patch, option is now documented upstream
   * Update engines-path.patch to also update the libcrypto.pc, now that that
     has an enginesdir in it.
 
- -- Kurt Roeckx <kurt at roeckx.be>  Thu, 22 Sep 2016 21:21:00 +0200
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 22 Sep 2016 21:28:38 +0200
 
 openssl (1.0.2h-1~bpo8+2) jessie-backports; urgency=medium
 

Deleted: openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch
===================================================================
--- openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch	2016-09-22 19:26:13 UTC (rev 840)
+++ openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch	2016-09-22 19:31:15 UTC (rev 841)
@@ -1,40 +0,0 @@
-From b583c1bd069f6928c3973dc6d6864930f6c4bb3e Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Wed, 4 May 2016 16:09:06 +0100
-Subject: [PATCH] Fix name length limit check.
-
-The name length limit check in x509_name_ex_d2i() includes
-the containing structure as well as the actual X509_NAME. This will
-cause large CRLs to be rejected.
-
-Fix by limiting the length passed to ASN1_item_ex_d2i() which will
-then return an error if the passed X509_NAME exceeds the length.
-
-RT#4531
-
-Reviewed-by: Rich Salz <rsalz at openssl.org>
-(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
----
- crypto/asn1/x_name.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
-index a858c29..26378fd 100644
---- a/crypto/asn1/x_name.c
-+++ b/crypto/asn1/x_name.c
-@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
-     int i, j, ret;
-     STACK_OF(X509_NAME_ENTRY) *entries;
-     X509_NAME_ENTRY *entry;
--    if (len > X509_NAME_MAX) {
--        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
--        return 0;
--    }
-+    if (len > X509_NAME_MAX)
-+        len = X509_NAME_MAX;
-     q = p;
- 
-     /* Get internal representation of Name */
--- 
-2.8.1
-

Modified: openssl/branches/jessie_backports/debian/patches/series
===================================================================
--- openssl/branches/jessie_backports/debian/patches/series	2016-09-22 19:26:13 UTC (rev 840)
+++ openssl/branches/jessie_backports/debian/patches/series	2016-09-22 19:31:15 UTC (rev 841)
@@ -14,4 +14,3 @@
 block_diginotar.patch
 block_digicert_malaysia.patch
 #padlock_conf.patch
-Fix-name-length-limit-check.patch




More information about the Pkg-openssl-changes mailing list