[2558] | 1 | --- openssl-1.0.0-beta5-cipher-change.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
| 2 | +++ openssl-1.0.0n-cipher-change.patch 2014-08-06 21:07:44.382050554 -0400 |
---|
| 3 | @@ -9,7 +9,7 @@ |
---|
| 4 | +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */ |
---|
| 5 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L |
---|
| 6 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
---|
| 7 | - #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ |
---|
| 8 | + #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L |
---|
| 9 | @@ -530,7 +530,7 @@ typedef struct ssl_session_st |
---|
| 10 | |
---|
| 11 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. |
---|
| 12 | --- openssl-1.0.0b-ipv6-apps.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
| 13 | +++ openssl-1.0.0n-ipv6-apps.patch 2014-08-06 21:07:44.383050535 -0400 |
---|
| 14 | @@ -179,7 +179,7 @@ |
---|
| 15 | { |
---|
| 16 | - i=0; |
---|
| 17 | - i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
---|
| 18 | -- if (i < 0) { perror("keepalive"); return(0); } |
---|
| 19 | +- if (i < 0) { closesocket(s); perror("keepalive"); return(0); } |
---|
| 20 | + int i=0; |
---|
| 21 | + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE, |
---|
| 22 | + (char *)&i,sizeof(i)); |
---|
| 23 | @@ -335,7 +335,7 @@ |
---|
| 24 | int len; |
---|
| 25 | /* struct linger ling; */ |
---|
| 26 | |
---|
| 27 | -@@ -432,135 +451,58 @@ redoit: |
---|
| 28 | +@@ -432,138 +451,59 @@ redoit: |
---|
| 29 | */ |
---|
| 30 | |
---|
| 31 | if (host == NULL) goto end; |
---|
| 32 | @@ -364,6 +364,7 @@ |
---|
| 33 | + if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) |
---|
| 34 | { |
---|
| 35 | perror("OPENSSL_malloc"); |
---|
| 36 | + closesocket(ret); |
---|
| 37 | return(0); |
---|
| 38 | } |
---|
| 39 | - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
---|
| 40 | @@ -372,11 +373,13 @@ |
---|
| 41 | - if (h2 == NULL) |
---|
| 42 | - { |
---|
| 43 | - BIO_printf(bio_err,"gethostbyname failure\n"); |
---|
| 44 | +- closesocket(ret); |
---|
| 45 | - return(0); |
---|
| 46 | - } |
---|
| 47 | - if (h2->h_addrtype != AF_INET) |
---|
| 48 | - { |
---|
| 49 | - BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
---|
| 50 | +- closesocket(ret); |
---|
| 51 | - return(0); |
---|
| 52 | - } |
---|
| 53 | + strcpy(*host, buffer); |
---|
| 54 | --- openssl-1.0.0k-fips.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
| 55 | +++ openssl-1.0.0n-fips.patch 2014-08-06 21:07:44.383050535 -0400 |
---|
| 56 | @@ -10646,7 +10646,7 @@ |
---|
| 57 | |
---|
| 58 | |
---|
| 59 | static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); |
---|
| 60 | -@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char * |
---|
| 61 | +@@ -90,11 +94,18 @@ PKCS12 *PKCS12_create(char *pass, char * |
---|
| 62 | |
---|
| 63 | /* Set defaults */ |
---|
| 64 | if (!nid_cert) |
---|
| 65 | @@ -10656,7 +10656,11 @@ |
---|
| 66 | + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
---|
| 67 | + else |
---|
| 68 | +#endif |
---|
| 69 | + #ifdef OPENSSL_NO_RC2 |
---|
| 70 | + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
---|
| 71 | + #else |
---|
| 72 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; |
---|
| 73 | + #endif |
---|
| 74 | + } |
---|
| 75 | if (!nid_key) |
---|
| 76 | nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
---|
| 77 | --- openssl-1.0.1a-algo-doc.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
| 78 | +++ openssl-1.0.0n-algo-doc.patch 2014-08-06 21:07:44.382050554 -0400 |
---|
| 79 | @@ -11,8 +11,8 @@ |
---|
| 80 | |
---|
| 81 | EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the |
---|
| 82 | @@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_ |
---|
| 83 | - EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block |
---|
| 84 | - size in bytes. |
---|
| 85 | + EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and |
---|
| 86 | + EVP_MD_CTX_block_size() return the digest or block size in bytes. |
---|
| 87 | |
---|
| 88 | -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), |
---|
| 89 | +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), |
---|
| 90 | --- openssl-1.0.0k-version.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
| 91 | +++ openssl-1.0.0n-version.patch 2014-08-06 21:07:44.383050535 -0400 |
---|
| 92 | @@ -5,17 +5,17 @@ |
---|
| 93 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
---|
| 94 | * major minor fix final patch/beta) |
---|
| 95 | */ |
---|
| 96 | --#define OPENSSL_VERSION_NUMBER 0x100000bfL |
---|
| 97 | +-#define OPENSSL_VERSION_NUMBER 0x100000efL |
---|
| 98 | +#define OPENSSL_VERSION_NUMBER 0x10000003L |
---|
| 99 | #ifdef OPENSSL_FIPS |
---|
| 100 | - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0k-fips 5 Feb 2013" |
---|
| 101 | + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0n-fips 6 Aug 2014" |
---|
| 102 | #else |
---|
| 103 | @@ -83,7 +83,7 @@ |
---|
| 104 | * should only keep the versions that are binary compatible with the current. |
---|
| 105 | */ |
---|
| 106 | #define SHLIB_VERSION_HISTORY "" |
---|
| 107 | -#define SHLIB_VERSION_NUMBER "1.0.0" |
---|
| 108 | -+#define SHLIB_VERSION_NUMBER "1.0.0k" |
---|
| 109 | ++#define SHLIB_VERSION_NUMBER "1.0.0n" |
---|
| 110 | |
---|
| 111 | |
---|
| 112 | #endif /* HEADER_OPENSSLV_H */ |
---|