[Pkg-openssl-changes] r841 - in openssl/branches/jessie_backports/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Sep 22 19:31:15 UTC 2016
Author: kroeckx
Date: 2016-09-22 19:31:15 +0000 (Thu, 22 Sep 2016)
New Revision: 841
Removed:
openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch
Modified:
openssl/branches/jessie_backports/debian/changelog
openssl/branches/jessie_backports/debian/patches/series
Log:
Remove Fix-name-length-limit-check.patch
Modified: openssl/branches/jessie_backports/debian/changelog
===================================================================
--- openssl/branches/jessie_backports/debian/changelog 2016-09-22 19:26:13 UTC (rev 840)
+++ openssl/branches/jessie_backports/debian/changelog 2016-09-22 19:31:15 UTC (rev 841)
@@ -12,11 +12,12 @@
- Fix CVE-2016-6303
- Fix CVE-2016-6304
- Fix CVE-2016-6306
+ * Remove Fix-name-length-limit-check.patch, applied upstream
* Drop ca.patch, option is now documented upstream
* Update engines-path.patch to also update the libcrypto.pc, now that that
has an enginesdir in it.
- -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 21:21:00 +0200
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 22 Sep 2016 21:28:38 +0200
openssl (1.0.2h-1~bpo8+2) jessie-backports; urgency=medium
Deleted: openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch
===================================================================
--- openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch 2016-09-22 19:26:13 UTC (rev 840)
+++ openssl/branches/jessie_backports/debian/patches/Fix-name-length-limit-check.patch 2016-09-22 19:31:15 UTC (rev 841)
@@ -1,40 +0,0 @@
-From b583c1bd069f6928c3973dc6d6864930f6c4bb3e Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Wed, 4 May 2016 16:09:06 +0100
-Subject: [PATCH] Fix name length limit check.
-
-The name length limit check in x509_name_ex_d2i() includes
-the containing structure as well as the actual X509_NAME. This will
-cause large CRLs to be rejected.
-
-Fix by limiting the length passed to ASN1_item_ex_d2i() which will
-then return an error if the passed X509_NAME exceeds the length.
-
-RT#4531
-
-Reviewed-by: Rich Salz <rsalz at openssl.org>
-(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
----
- crypto/asn1/x_name.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
-index a858c29..26378fd 100644
---- a/crypto/asn1/x_name.c
-+++ b/crypto/asn1/x_name.c
-@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
- int i, j, ret;
- STACK_OF(X509_NAME_ENTRY) *entries;
- X509_NAME_ENTRY *entry;
-- if (len > X509_NAME_MAX) {
-- ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
-- return 0;
-- }
-+ if (len > X509_NAME_MAX)
-+ len = X509_NAME_MAX;
- q = p;
-
- /* Get internal representation of Name */
---
-2.8.1
-
Modified: openssl/branches/jessie_backports/debian/patches/series
===================================================================
--- openssl/branches/jessie_backports/debian/patches/series 2016-09-22 19:26:13 UTC (rev 840)
+++ openssl/branches/jessie_backports/debian/patches/series 2016-09-22 19:31:15 UTC (rev 841)
@@ -14,4 +14,3 @@
block_diginotar.patch
block_digicert_malaysia.patch
#padlock_conf.patch
-Fix-name-length-limit-check.patch
More information about the Pkg-openssl-changes
mailing list