[Pkg-openssl-changes] r548 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Sun Mar 18 15:13:13 UTC 2012
Author: kroeckx
Date: 2012-03-18 15:13:13 +0000 (Sun, 18 Mar 2012)
New Revision: 548
Added:
openssl/trunk/debian/patches/no_ssl2.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/patches/series
Log:
s_client and s_server were forcing SSLv3 only connection when SSLv2 was
disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2012-03-17 17:25:37 UTC (rev 547)
+++ openssl/trunk/debian/changelog 2012-03-18 15:13:13 UTC (rev 548)
@@ -9,8 +9,10 @@
hidden on amd64, no need to access it PIC anymore.
* pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
* Enable hardening using dpkg-buildflags (Closes: #653495)
+ * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
+ disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
- -- Kurt Roeckx <kurt at roeckx.be> Sat, 17 Mar 2012 17:19:17 +0100
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 18 Mar 2012 16:10:40 +0100
openssl (1.0.0h-1) unstable; urgency=high
Added: openssl/trunk/debian/patches/no_ssl2.patch
===================================================================
--- openssl/trunk/debian/patches/no_ssl2.patch (rev 0)
+++ openssl/trunk/debian/patches/no_ssl2.patch 2012-03-18 15:13:13 UTC (rev 548)
@@ -0,0 +1,40 @@
+Index: openssl-1.0.1/apps/s_client.c
+===================================================================
+--- openssl-1.0.1.orig/apps/s_client.c 2012-03-14 14:32:14.000000000 +0100
++++ openssl-1.0.1/apps/s_client.c 2012-03-18 16:08:29.000000000 +0100
+@@ -622,13 +622,7 @@
+ SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
+ #endif
+
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_client_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+- meth=SSLv3_client_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+- meth=SSLv2_client_method();
+-#endif
+
+ apps_startup();
+ c_Pause=0;
+Index: openssl-1.0.1/apps/s_server.c
+===================================================================
+--- openssl-1.0.1.orig/apps/s_server.c 2012-02-12 00:21:09.000000000 +0100
++++ openssl-1.0.1/apps/s_server.c 2012-03-18 16:09:21.000000000 +0100
+@@ -969,17 +969,7 @@
+ char *srpuserseed = NULL;
+ char *srp_verifier_file = NULL;
+ #endif
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_server_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+- meth=SSLv3_server_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+- meth=SSLv2_server_method();
+-#elif !defined(OPENSSL_NO_TLS1)
+- meth=TLSv1_server_method();
+-#else
+- /* #error no SSL version enabled */
+-#endif
+
+ local_argc=argc;
+ local_argv=argv;
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2012-03-17 17:25:37 UTC (rev 547)
+++ openssl/trunk/debian/patches/series 2012-03-18 15:13:13 UTC (rev 548)
@@ -29,3 +29,4 @@
block_diginotar.patch
block_digicert_malaysia.patch
c_rehash-multi.patch
+no_ssl2.patch
More information about the Pkg-openssl-changes
mailing list