1 | --- openssl-1.0.0-beta5-cipher-change.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
2 | +++ openssl-1.0.0n-cipher-change.patch 2014-08-06 21:07:44.382050554 -0400 |
---|
3 | @@ -9,7 +9,7 @@ |
---|
4 | +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */ |
---|
5 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L |
---|
6 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
---|
7 | - #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ |
---|
8 | + #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L |
---|
9 | @@ -530,7 +530,7 @@ typedef struct ssl_session_st |
---|
10 | |
---|
11 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. |
---|
12 | --- openssl-1.0.0b-ipv6-apps.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
13 | +++ openssl-1.0.0n-ipv6-apps.patch 2014-08-06 21:07:44.383050535 -0400 |
---|
14 | @@ -179,7 +179,7 @@ |
---|
15 | { |
---|
16 | - i=0; |
---|
17 | - i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
---|
18 | -- if (i < 0) { perror("keepalive"); return(0); } |
---|
19 | +- if (i < 0) { closesocket(s); perror("keepalive"); return(0); } |
---|
20 | + int i=0; |
---|
21 | + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE, |
---|
22 | + (char *)&i,sizeof(i)); |
---|
23 | @@ -335,7 +335,7 @@ |
---|
24 | int len; |
---|
25 | /* struct linger ling; */ |
---|
26 | |
---|
27 | -@@ -432,135 +451,58 @@ redoit: |
---|
28 | +@@ -432,138 +451,59 @@ redoit: |
---|
29 | */ |
---|
30 | |
---|
31 | if (host == NULL) goto end; |
---|
32 | @@ -364,6 +364,7 @@ |
---|
33 | + if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) |
---|
34 | { |
---|
35 | perror("OPENSSL_malloc"); |
---|
36 | + closesocket(ret); |
---|
37 | return(0); |
---|
38 | } |
---|
39 | - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
---|
40 | @@ -372,11 +373,13 @@ |
---|
41 | - if (h2 == NULL) |
---|
42 | - { |
---|
43 | - BIO_printf(bio_err,"gethostbyname failure\n"); |
---|
44 | +- closesocket(ret); |
---|
45 | - return(0); |
---|
46 | - } |
---|
47 | - if (h2->h_addrtype != AF_INET) |
---|
48 | - { |
---|
49 | - BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
---|
50 | +- closesocket(ret); |
---|
51 | - return(0); |
---|
52 | - } |
---|
53 | + strcpy(*host, buffer); |
---|
54 | --- openssl-1.0.0k-fips.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
55 | +++ openssl-1.0.0n-fips.patch 2014-08-06 21:07:44.383050535 -0400 |
---|
56 | @@ -10646,7 +10646,7 @@ |
---|
57 | |
---|
58 | |
---|
59 | static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); |
---|
60 | -@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char * |
---|
61 | +@@ -90,11 +94,18 @@ PKCS12 *PKCS12_create(char *pass, char * |
---|
62 | |
---|
63 | /* Set defaults */ |
---|
64 | if (!nid_cert) |
---|
65 | @@ -10656,7 +10656,11 @@ |
---|
66 | + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
---|
67 | + else |
---|
68 | +#endif |
---|
69 | + #ifdef OPENSSL_NO_RC2 |
---|
70 | + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
---|
71 | + #else |
---|
72 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; |
---|
73 | + #endif |
---|
74 | + } |
---|
75 | if (!nid_key) |
---|
76 | nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
---|
77 | --- openssl-1.0.1a-algo-doc.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
78 | +++ openssl-1.0.0n-algo-doc.patch 2014-08-06 21:07:44.382050554 -0400 |
---|
79 | @@ -11,8 +11,8 @@ |
---|
80 | |
---|
81 | EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the |
---|
82 | @@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_ |
---|
83 | - EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block |
---|
84 | - size in bytes. |
---|
85 | + EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and |
---|
86 | + EVP_MD_CTX_block_size() return the digest or block size in bytes. |
---|
87 | |
---|
88 | -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), |
---|
89 | +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), |
---|
90 | --- openssl-1.0.0k-version.patch 2013-02-19 16:06:15.000000000 -0500 |
---|
91 | +++ openssl-1.0.0n-version.patch 2014-08-06 21:07:44.383050535 -0400 |
---|
92 | @@ -5,17 +5,17 @@ |
---|
93 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
---|
94 | * major minor fix final patch/beta) |
---|
95 | */ |
---|
96 | --#define OPENSSL_VERSION_NUMBER 0x100000bfL |
---|
97 | +-#define OPENSSL_VERSION_NUMBER 0x100000efL |
---|
98 | +#define OPENSSL_VERSION_NUMBER 0x10000003L |
---|
99 | #ifdef OPENSSL_FIPS |
---|
100 | - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0k-fips 5 Feb 2013" |
---|
101 | + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0n-fips 6 Aug 2014" |
---|
102 | #else |
---|
103 | @@ -83,7 +83,7 @@ |
---|
104 | * should only keep the versions that are binary compatible with the current. |
---|
105 | */ |
---|
106 | #define SHLIB_VERSION_HISTORY "" |
---|
107 | -#define SHLIB_VERSION_NUMBER "1.0.0" |
---|
108 | -+#define SHLIB_VERSION_NUMBER "1.0.0k" |
---|
109 | ++#define SHLIB_VERSION_NUMBER "1.0.0n" |
---|
110 | |
---|
111 | |
---|
112 | #endif /* HEADER_OPENSSLV_H */ |
---|