Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 69861 Details for
Bug 108046
dev-libs/openssl CAN-2005-2969 (Vendor-sec)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch-0.9.8
patch-0.9.8 (text/plain), 4.07 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-10-04 09:31:35 UTC
(
hide
)
Description:
patch-0.9.8
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-10-04 09:31:35 UTC
Size:
4.07 KB
patch
obsolete
>Index: CHANGES >=================================================================== >RCS file: /e/openssl/cvs/openssl/CHANGES,v >retrieving revision 1.1238.2.17 >diff -u -r1.1238.2.17 CHANGES >--- CHANGES 2 Sep 2005 22:48:13 -0000 1.1238.2.17 >+++ CHANGES 23 Sep 2005 03:37:36 -0000 >@@ -4,6 +4,16 @@ > > Changes between 0.9.8 and 0.9.8a [XX xxx XXXX] > >+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING >+ (part of SSL_OP_ALL). This option used to disable the >+ countermeasure against man-in-the-middle protocol-version >+ rollback in the SSL 2.0 server implementation, which is a bad >+ idea. >+ >+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center >+ for Information Security, National Institute of Advanced Industrial >+ Science and Technology [AIST], Japan)] >+ > *) Add two function to clear and return the verify parameter flags. > [Steve Henson] > >@@ -850,6 +860,16 @@ > > Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] > >+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING >+ (part of SSL_OP_ALL). This option used to disable the >+ countermeasure against man-in-the-middle protocol-version >+ rollback in the SSL 2.0 server implementation, which is a bad >+ idea. >+ >+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center >+ for Information Security, National Institute of Advanced Industrial >+ Science and Technology [AIST], Japan)] >+ > *) Minimal support for X9.31 signatures and PSS padding modes. This is > mainly for FIPS compliance and not fully integrated at this stage. > [Steve Henson] >@@ -899,6 +919,9 @@ > > Changes between 0.9.7f and 0.9.7g [11 Apr 2005] > >+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after >+ OpenSSL 0.9.8.] >+ > *) Fixes for newer kerberos headers. NB: the casts are needed because > the 'length' field is signed on one version and unsigned on another > with no (?) obvious way to tell the difference, without these VC++ >Index: doc/ssl/SSL_CTX_set_options.pod >=================================================================== >RCS file: /e/openssl/cvs/openssl/doc/ssl/SSL_CTX_set_options.pod,v >retrieving revision 1.13 >diff -u -r1.13 SSL_CTX_set_options.pod >--- doc/ssl/SSL_CTX_set_options.pod 22 Mar 2005 17:55:33 -0000 1.13 >+++ doc/ssl/SSL_CTX_set_options.pod 23 Sep 2005 03:37:38 -0000 >@@ -86,7 +86,7 @@ > > =item SSL_OP_MSIE_SSLV2_RSA_PADDING > >-... >+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. > > =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG > >Index: ssl/s23_srvr.c >=================================================================== >RCS file: /e/openssl/cvs/openssl/ssl/s23_srvr.c,v >retrieving revision 1.46.2.1 >diff -u -r1.46.2.1 s23_srvr.c >--- ssl/s23_srvr.c 5 Aug 2005 23:52:07 -0000 1.46.2.1 >+++ ssl/s23_srvr.c 23 Sep 2005 03:37:38 -0000 >@@ -250,9 +250,6 @@ > int n=0,j; > int type=0; > int v[2]; >-#ifndef OPENSSL_NO_RSA >- int use_sslv2_strong=0; >-#endif > > if (s->state == SSL23_ST_SR_CLNT_HELLO_A) > { >@@ -501,9 +498,7 @@ > } > > s->state=SSL2_ST_GET_CLIENT_HELLO_A; >- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || >- use_sslv2_strong || >- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) >+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) > s->s2->ssl2_rollback=0; > else > /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 >Index: ssl/ssl.h >=================================================================== >RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v >retrieving revision 1.161.2.1 >diff -u -r1.161.2.1 ssl.h >--- ssl/ssl.h 10 Jun 2005 19:51:16 -0000 1.161.2.1 >+++ ssl/ssl.h 23 Sep 2005 03:37:40 -0000 >@@ -480,7 +480,7 @@ > #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L > #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L > #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L >-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L >+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ > #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L > #define SSL_OP_TLS_D5_BUG 0x00000100L > #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 108046
:
69860
| 69861 |
70011
|
70012
|
70297