Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 69860 Details for
Bug 108046
dev-libs/openssl CAN-2005-2969 (Vendor-sec)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch-0.9.7
patch-0.9.7 (text/plain), 3.46 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-10-04 09:30:59 UTC
(
hide
)
Description:
patch-0.9.7
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-10-04 09:30:59 UTC
Size:
3.46 KB
patch
obsolete
>Index: CHANGES >=================================================================== >RCS file: /e/openssl/cvs/openssl/CHANGES,v >retrieving revision 1.977.2.163 >diff -u -r1.977.2.163 CHANGES >--- CHANGES 2 Jun 2005 20:30:03 -0000 1.977.2.163 >+++ CHANGES 23 Sep 2005 03:38:41 -0000 >@@ -4,6 +4,16 @@ > > Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] > >+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING >+ (part of SSL_OP_ALL). This option used to disable the >+ countermeasure against man-in-the-middle protocol-version >+ rollback in the SSL 2.0 server implementation, which is a bad >+ idea. >+ >+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center >+ for Information Security, National Institute of Advanced Industrial >+ Science and Technology [AIST], Japan)] >+ > *) Minimal support for X9.31 signatures and PSS padding modes. This is > mainly for FIPS compliance and not fully integrated at this stage. > [Steve Henson] >@@ -53,6 +63,9 @@ > > Changes between 0.9.7f and 0.9.7g [11 Apr 2005] > >+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after >+ OpenSSL 0.9.8.] >+ > *) Fixes for newer kerberos headers. NB: the casts are needed because > the 'length' field is signed on one version and unsigned on another > with no (?) obvious way to tell the difference, without these VC++ >Index: doc/ssl/SSL_CTX_set_options.pod >=================================================================== >RCS file: /e/openssl/cvs/openssl/doc/ssl/SSL_CTX_set_options.pod,v >retrieving revision 1.9.2.4 >diff -u -r1.9.2.4 SSL_CTX_set_options.pod >--- doc/ssl/SSL_CTX_set_options.pod 22 Mar 2005 17:54:13 -0000 1.9.2.4 >+++ doc/ssl/SSL_CTX_set_options.pod 23 Sep 2005 03:38:43 -0000 >@@ -86,7 +86,7 @@ > > =item SSL_OP_MSIE_SSLV2_RSA_PADDING > >-... >+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. > > =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG > >Index: ssl/s23_srvr.c >=================================================================== >RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v >retrieving revision 1.41.2.6 >diff -u -r1.41.2.6 s23_srvr.c >--- ssl/s23_srvr.c 31 Jan 2005 01:33:35 -0000 1.41.2.6 >+++ ssl/s23_srvr.c 23 Sep 2005 03:38:44 -0000 >@@ -268,9 +268,6 @@ > int n=0,j; > int type=0; > int v[2]; >-#ifndef OPENSSL_NO_RSA >- int use_sslv2_strong=0; >-#endif > > if (s->state == SSL23_ST_SR_CLNT_HELLO_A) > { >@@ -528,9 +525,7 @@ > } > > s->state=SSL2_ST_GET_CLIENT_HELLO_A; >- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || >- use_sslv2_strong || >- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) >+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) > s->s2->ssl2_rollback=0; > else > /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 >Index: ssl/ssl.h >=================================================================== >RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v >retrieving revision 1.126.2.23 >diff -u -r1.126.2.23 ssl.h >--- ssl/ssl.h 10 Jun 2005 20:00:39 -0000 1.126.2.23 >+++ ssl/ssl.h 23 Sep 2005 03:38:47 -0000 >@@ -467,7 +467,7 @@ > #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L > #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L > #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L >-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L >+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ > #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L > #define SSL_OP_TLS_D5_BUG 0x00000100L > #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 108046
: 69860 |
69861
|
70011
|
70012
|
70297