Hello community, here is the log from the commit of package openssl for openSUSE:13.1 checked in at 2013-09-27 19:48:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/openssl (Old) and /work/SRC/openSUSE:13.1/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:13.1/openssl/openssl.changes 2013-09-23 11:02:32.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.openssl.new/openssl.changes 2013-09-27 19:48:25.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Sep 27 10:26:43 UTC 2013 - [email protected] + +- VPN openconnect problem (DTLS handshake failed) + (git 9fe4603b8, bnc#822642, openssl ticket#2984) + +------------------------------------------------------------------- New: ---- openssl-1.0.1e-bnc822642.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.p7C7HR/_old 2013-09-27 19:48:25.000000000 +0200 +++ /var/tmp/diff_new_pack.p7C7HR/_new 2013-09-27 19:48:25.000000000 +0200 @@ -54,6 +54,7 @@ Patch9: openssl-1.0.1c-default-paths.patch Patch10: openssl-pkgconfig.patch Patch11: SSL_get_certificate-broken.patch +Patch12: openssl-1.0.1e-bnc822642.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -141,6 +142,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" ++++++ openssl-1.0.1e-bnc822642.patch ++++++ commit 9fe4603b8245425a4c46986ed000fca054231253 Author: David Woodhouse <[email protected]> Date: Tue Feb 12 14:55:32 2013 +0000 Check DTLS_BAD_VER for version number. The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. PR:2984 (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 02edf3f..443a31e 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, unsigned padding_length, good, to_check, i; const unsigned overhead = 1 /* padding length byte */ + mac_size; /* Check if version requires explicit IV */ - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { /* These lengths are all public so we can test them in * non-constant time. -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
