[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/openssl/ openssl.patch o...

Tue, 11 Oct 2005 07:27:03 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   11-Oct-2005 16:27:04
  Branch: OPENPKG_2_3_SOLID                Handle: 2005101115270400

  Modified files:           (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/openssl     openssl.patch openssl.spec

  Log:
    apply Security Fix (CAN-2005-2969)

  Summary:
    Revision    Changes     Path
    1.17.2.2    +34 -0      openpkg-src/openssl/openssl.patch
    1.59.2.4    +1  -1      openpkg-src/openssl/openssl.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.patch
  ============================================================================
  $ cvs diff -u -r1.17.2.1 -r1.17.2.2 openssl.patch
  --- openpkg-src/openssl/openssl.patch 13 Mar 2005 19:10:14 -0000      1.17.2.1
  +++ openpkg-src/openssl/openssl.patch 11 Oct 2005 14:27:04 -0000      1.17.2.2
  @@ -94,3 +94,37 @@
                        )) >= 0)
                        {
                        struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
  +
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CAN-2005-2969)
  +
  +Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of
  +SSL_OP_ALL). This option used to disable the countermeasure against
  +man-in-the-middle protocol-version rollback in the SSL 2.0 server
  +implementation, which is a bad idea.
  +
  +Index: ssl/s23_srvr.c
  +--- ssl/s23_srvr.c.orig      2002-11-13 16:43:17 +0100
  ++++ ssl/s23_srvr.c   2005-10-11 14:06:55 +0200
  +@@ -268,9 +268,6 @@
  +     int n=0,j;
  +     int type=0;
  +     int v[2];
  +-#ifndef OPENSSL_NO_RSA
  +-    int use_sslv2_strong=0;
  +-#endif
  + 
  +     if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
  +             {
  +@@ -519,9 +516,7 @@
  +                     }
  + 
  +             s->state=SSL2_ST_GET_CLIENT_HELLO_A;
  +-            if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
  +-                    use_sslv2_strong ||
  +-                    (s->options & SSL_OP_NO_TLSv1 && s->options & 
SSL_OP_NO_SSLv3))
  ++            if (s->options & SSL_OP_NO_TLSv1 && s->options & 
SSL_OP_NO_SSLv3)
  +                     s->s2->ssl2_rollback=0;
  +             else
  +                     /* reject SSL 2.0 session if client supports SSL 3.0 or 
TLS 1.0
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.spec
  ============================================================================
  $ cvs diff -u -r1.59.2.3 -r1.59.2.4 openssl.spec
  --- openpkg-src/openssl/openssl.spec  7 Jul 2005 08:35:17 -0000       1.59.2.3
  +++ openpkg-src/openssl/openssl.spec  11 Oct 2005 14:27:04 -0000      1.59.2.4
  @@ -34,7 +34,7 @@
   Group:        Cryptography
   License:      BSD-style
   Version:      0.9.7e
  -Release:      2.3.2
  +Release:      2.3.3
   
   #   package options
   %option       with_zlib     no
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to