diff --git a/openssl-1.0.0-beta3-dtls1-fix.patch b/openssl-1.0.0-beta3-dtls1-fix.patch new file mode 100644 index 0000000..32e7b56 --- /dev/null +++ b/openssl-1.0.0-beta3-dtls1-fix.patch @@ -0,0 +1,28 @@ +Index: openssl/ssl/d1_clnt.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v +rcsdiff -q -kk '-r1.16.2.10' '-r1.16.2.11' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null +--- openssl/ssl/d1_clnt.c 2009/07/15 11:32:57 1.16.2.10 ++++ openssl/ssl/d1_clnt.c 2009/07/24 11:52:32 1.16.2.11 +@@ -223,6 +223,8 @@ + s->init_num=0; + /* mark client_random uninitialized */ + memset(s->s3->client_random,0,sizeof(s->s3->client_random)); ++ s->d1->send_cookie = 0; ++ s->hit = 0; + break; + + case SSL3_ST_CW_CLNT_HELLO_A: +Index: openssl/ssl/d1_pkt.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v +rcsdiff -q -kk '-r1.27.2.13' '-r1.27.2.14' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null +--- openssl/ssl/d1_pkt.c 2009/07/13 11:44:04 1.27.2.13 ++++ openssl/ssl/d1_pkt.c 2009/07/24 11:52:32 1.27.2.14 +@@ -775,7 +775,7 @@ + /* Check for timeout */ + if (dtls1_is_timer_expired(s)) + { +- if (dtls1_read_failed(s, -1) > 0); ++ if (dtls1_read_failed(s, -1) > 0) + goto start; + } + diff --git a/openssl-1.0.0-beta3-ssl-session.patch b/openssl-1.0.0-beta3-ssl-session.patch new file mode 100644 index 0000000..923b871 --- /dev/null +++ b/openssl-1.0.0-beta3-ssl-session.patch @@ -0,0 +1,27 @@ +Index: openssl/ssl/ssl_asn1.c +RCS File: /v/openssl/cvs/openssl/ssl/ssl_asn1.c,v +rcsdiff -q -kk '-r1.36.2.2' '-r1.36.2.3' -u '/v/openssl/cvs/openssl/ssl/ssl_asn1.c,v' 2>/dev/null +--- openssl/ssl/ssl_asn1.c 2009/08/05 15:29:14 1.36.2.2 ++++ openssl/ssl/ssl_asn1.c 2009/09/02 13:20:22 1.36.2.3 +@@ -413,8 +413,8 @@ + } + else + { +- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); +- return(NULL); ++ c.error=SSL_R_UNKNOWN_SSL_VERSION; ++ goto err; + } + + ret->cipher=NULL; +@@ -505,8 +505,8 @@ + { + if (os.length > SSL_MAX_SID_CTX_LENGTH) + { +- ret->sid_ctx_length=os.length; +- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); ++ c.error=SSL_R_BAD_LENGTH; ++ goto err; + } + else + { diff --git a/openssl.spec b/openssl.spec index 09dc467..ff3176a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.8.%{beta}%{?dist} +Release: 0.9.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -67,6 +67,8 @@ Patch52: openssl-1.0.0-beta3-dss1.patch Patch60: openssl-1.0.0-beta3-namingstr.patch Patch61: openssl-1.0.0-beta3-namingblk.patch Patch62: openssl-1.0.0-beta3-camellia-rounds.patch +Patch63: openssl-1.0.0-beta3-dtls1-fix.patch +Patch64: openssl-1.0.0-beta3-ssl-session.patch License: OpenSSL Group: System Environment/Libraries @@ -151,6 +153,8 @@ from other formats to the formats used by the OpenSSL toolkit. %patch60 -p1 -b .namingstr %patch61 -p1 -b .namingblk %patch62 -p1 -b .cmll-rounds +%patch63 -p1 -b .dtls1-fix +%patch64 -p1 -b .ssl-session # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -399,6 +403,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Thu Oct 8 2009 Tomas Mraz 1.0.0-0.9.beta3 +- fix typo in DTLS1 code (#527015) +- fix leak in error handling of d2i_SSL_SESSION() + * Wed Sep 30 2009 Tomas Mraz 1.0.0-0.8.beta3 - fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127)