[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/openssl/ openssl.patch o...

Tue, 11 Oct 2005 07:23:46 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   11-Oct-2005 16:23:47
  Branch: OPENPKG_2_4_SOLID                Handle: 2005101115234700

  Modified files:           (Branch: OPENPKG_2_4_SOLID)
    openpkg-src/openssl     openssl.patch openssl.spec

  Log:
    apply Security Fix (CAN-2005-2969)

  Summary:
    Revision    Changes     Path
    1.20.2.1    +33 -0      openpkg-src/openssl/openssl.patch
    1.64.2.3    +1  -1      openpkg-src/openssl/openssl.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.patch
  ============================================================================
  $ cvs diff -u -r1.20 -r1.20.2.1 openssl.patch
  --- openpkg-src/openssl/openssl.patch 6 May 2005 20:32:47 -0000       1.20
  +++ openpkg-src/openssl/openssl.patch 11 Oct 2005 14:23:47 -0000      1.20.2.1
  @@ -93,3 +93,36 @@
                        while (*p)
                                buf->data[to++]= *(p++);
    
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CAN-2005-2969)
  +
  +Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of
  +SSL_OP_ALL). This option used to disable the countermeasure against
  +man-in-the-middle protocol-version rollback in the SSL 2.0 server
  +implementation, which is a bad idea.
  +
  +Index: ssl/s23_srvr.c
  +--- ssl/s23_srvr.c.orig      2002-11-13 16:43:17 +0100
  ++++ ssl/s23_srvr.c   2005-10-11 14:06:55 +0200
  +@@ -268,9 +268,6 @@
  +     int n=0,j;
  +     int type=0;
  +     int v[2];
  +-#ifndef OPENSSL_NO_RSA
  +-    int use_sslv2_strong=0;
  +-#endif
  + 
  +     if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
  +             {
  +@@ -519,9 +516,7 @@
  +                     }
  + 
  +             s->state=SSL2_ST_GET_CLIENT_HELLO_A;
  +-            if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
  +-                    use_sslv2_strong ||
  +-                    (s->options & SSL_OP_NO_TLSv1 && s->options & 
SSL_OP_NO_SSLv3))
  ++            if (s->options & SSL_OP_NO_TLSv1 && s->options & 
SSL_OP_NO_SSLv3)
  +                     s->s2->ssl2_rollback=0;
  +             else
  +                     /* reject SSL 2.0 session if client supports SSL 3.0 or 
TLS 1.0
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.spec
  ============================================================================
  $ cvs diff -u -r1.64.2.2 -r1.64.2.3 openssl.spec
  --- openpkg-src/openssl/openssl.spec  7 Jul 2005 08:34:25 -0000       1.64.2.2
  +++ openpkg-src/openssl/openssl.spec  11 Oct 2005 14:23:47 -0000      1.64.2.3
  @@ -33,7 +33,7 @@
   Group:        Cryptography
   License:      BSD-style
   Version:      0.9.7g
  -Release:      2.4.1
  +Release:      2.4.2
   
   #   package options
   %option       with_zlib     no
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to