From 9fc25c1d2897c4a1881efd8ecbb3ba44010bdae7 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Aug 10 2016 11:50:49 +0000 Subject: fix regression in Cisco AnyConnect VPN support (#1354588) --- diff --git a/openssl-1.0.2h-dtls-bad-ver.patch b/openssl-1.0.2h-dtls-bad-ver.patch new file mode 100644 index 0000000..19fb577 --- /dev/null +++ b/openssl-1.0.2h-dtls-bad-ver.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.0.2h/ssl/ssl_lib.c.dtls-bad-ver openssl-1.0.2h/ssl/ssl_lib.c +--- openssl-1.0.2h/ssl/ssl_lib.c.dtls-bad-ver 2016-05-03 18:06:45.000000000 +0200 ++++ openssl-1.0.2h/ssl/ssl_lib.c 2016-08-10 13:47:33.995530954 +0200 +@@ -1828,7 +1828,7 @@ int SSL_export_keying_material(SSL *s, u + const unsigned char *p, size_t plen, + int use_context) + { +- if (s->version < TLS1_VERSION) ++ if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) + return -1; + + return s->method->ssl3_enc->export_keying_material(s, out, olen, label, diff --git a/openssl.spec b/openssl.spec index 8a47df8..18121a8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.2h -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -87,6 +87,7 @@ Patch96: openssl-1.0.2e-speed-doc.patch Patch80: openssl-1.0.2e-wrap-pad.patch Patch81: openssl-1.0.2a-padlock64.patch Patch82: openssl-1.0.2h-trusted-first-doc.patch +Patch83: openssl-1.0.2h-dtls-bad-ver.patch License: OpenSSL Group: System Environment/Libraries @@ -210,6 +211,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch80 -p1 -b .wrap %patch81 -p1 -b .padlock64 %patch82 -p1 -b .trusted-first +%patch83 -p1 -b .dtls-bad-ver sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -500,6 +502,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Wed Aug 10 2016 Tomáš Mráz 1.0.2h-3 +- fix regression in Cisco AnyConnect VPN support (#1354588) + * Mon Jun 27 2016 Tomáš Mráz 1.0.2h-2 - require libcrypto in libssl.pc (#1301301)