OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 18-Oct-2007 17:28:51
Branch: HEAD Handle: 2007101816285000
Modified files:
openpkg-src/openssl openssl.patch openssl.spec
Log:
apply a few upstream patches
Summary:
Revision Changes Path
1.33 +94 -0 openpkg-src/openssl/openssl.patch
1.94 +1 -1 openpkg-src/openssl/openssl.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.patch
============================================================================
$ cvs diff -u -r1.32 -r1.33 openssl.patch
--- openpkg-src/openssl/openssl.patch 17 Oct 2007 08:01:04 -0000 1.32
+++ openpkg-src/openssl/openssl.patch 18 Oct 2007 15:28:50 -0000 1.33
@@ -51,3 +51,97 @@
if (meth && meth->pseudorand)
return meth->pseudorand(buf,num);
return(-1);
+
+-----------------------------------------------------------------------------
+
+A few patches from upstream OpenSSL CVS:
+
+Index: ssl/ssl_asn1.c
+--- ssl/ssl_asn1.c 12 Aug 2007 18:59:02 -0000 1.20.2.2
++++ ssl/ssl_asn1.c 17 Oct 2007 11:27:25 -0000 1.20.2.3
+@@ -200,12 +200,13 @@
+ a.tlsext_tick.type=V_ASN1_OCTET_STRING;
+ a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
+ /* If we have a ticket set session ID to empty because
+- * it will be bogus.
++ * it will be bogus. If liftime hint is -1 treat as a special
++ * case because the session is being used as a container
+ */
+- if (in->tlsext_ticklen)
++ if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
+ a.session_id.length=0;
+ }
+- if (in->tlsext_tick_lifetime_hint != 0)
++ if (in->tlsext_tick_lifetime_hint > 0)
+ {
+ a.tlsext_tick_lifetime.length=LSIZE2;
+ a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
+@@ -235,7 +236,7 @@
+
M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
+
+ #ifndef OPENSSL_NO_TLSEXT
+- if (in->tlsext_tick_lifetime_hint)
++ if (in->tlsext_tick_lifetime_hint > 0)
+ M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
i2d_ASN1_INTEGER,9,v9);
+ if (in->tlsext_tick)
+ M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
i2d_ASN1_OCTET_STRING,10,v10);
+@@ -268,7 +269,7 @@
+ #ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_hostname)
+ M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
i2d_ASN1_OCTET_STRING,6,v6);
+- if (in->tlsext_tick_lifetime_hint)
++ if (in->tlsext_tick_lifetime_hint > 0)
+ M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
i2d_ASN1_INTEGER,9,v9);
+ if (in->tlsext_tick)
+ M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
i2d_ASN1_OCTET_STRING,10,v10);
+@@ -464,8 +465,10 @@
+ ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+ }
++ else if (ret->tlsext_ticklen && ret->session_id_length)
++ ret->tlsext_tick_lifetime_hint = -1;
+ else
+- ret->tlsext_tick_lifetime_hint=0;
++ ret->tlsext_tick_lifetime_hint = 0;
+ os.length=0;
+ os.data=NULL;
+ M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
+Index: ssl/ssl_sess.c
+--- ssl/ssl_sess.c 12 Aug 2007 18:59:03 -0000 1.51.2.7
++++ ssl/ssl_sess.c 17 Oct 2007 17:30:15 -0000 1.51.2.8
+@@ -320,10 +320,12 @@
+ fatal = 1;
+ goto err;
+ }
+- else if (r == 0)
++ else if (r == 0 || (!ret && !len))
+ goto err;
+ else if (!ret && !(s->session_ctx->session_cache_mode &
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+ #else
++ if (len == 0)
++ goto err;
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+ #endif
+ {
+Index: ssl/ssl.h
+--- ssl/ssl.h 12 Oct 2007 00:00:30 -0000 1.161.2.15
++++ ssl/ssl.h 17 Oct 2007 21:22:58 -0000 1.161.2.16
+@@ -995,7 +995,6 @@
+ int first_packet;
+ int client_version; /* what was passed, used for
+ * SSLv3/TLS rollback check */
+- unsigned int max_send_fragment;
+ #ifndef OPENSSL_NO_TLSEXT
+ /* TLS extension debug callback */
+ void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
+Index: ssl/t1_lib.c
+--- ssl/t1_lib.c 12 Oct 2007 00:00:31 -0000 1.13.2.7
++++ ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8
+@@ -847,6 +847,7 @@
+ memcpy(sess->session_id, sess_id, sesslen);
+ sess->session_id_length = sesslen;
+ *psess = sess;
++ s->tlsext_ticket_expected = 0;
+ return 1;
+ }
+ /* If session decrypt failure indicate a cache miss and set state to
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.spec
============================================================================
$ cvs diff -u -r1.93 -r1.94 openssl.spec
--- openpkg-src/openssl/openssl.spec 17 Oct 2007 06:58:07 -0000 1.93
+++ openpkg-src/openssl/openssl.spec 18 Oct 2007 15:28:50 -0000 1.94
@@ -33,7 +33,7 @@
Group: SSL
License: BSD-style
Version: 0.9.8f
-Release: 20071017
+Release: 20071018
# package options
%option with_zlib no
@@ .
______________________________________________________________________
OpenPKG http://openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
