← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openvpn/lucid-proposed

~ubuntu-branches/ubuntu/lucid/openvpn/lucid-proposed

« back to all changes in this revision

Viewing changes to debian/patches/debian_openssl_vulnkeys.patch

Committer: Bazaar Package Importer
Author(s): Andres Rodriguez
Date: 2009-05-05 14:25:37 UTC
mfrom: (1.1.12 upstream) (10.1.2 squeeze)
Revision ID: james.westby@ubuntu.com-20090505142537-vq38z4k80bpltxb9

Tags: 2.1~rc15-1ubuntu1

https://launchpad.net/bugs/372358

* Merge from debian unstable (LP: #372358), remaining changes:
  - debian/openvpn.init.d:
    - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
    - show per-VPN result messages
    - add "--script-security 2" by default for backwards compatibility
    - Added lsb-base>=3.2-14 depend to allow status_of_proc()

files added:
debian/openvpn.init.d.agi

debian/patches/openvpn-pkcs11warn.patch

debian/patches/remote_env.patch

t_cltsrv-down.sh

files removed:
debian/patches/lladdr-is-not-ip.patch

files modified:
COPYING

ChangeLog

INSTALL

Makefile.am

Makefile.in

PORTS

README

basic.h

buffer.c

buffer.h

circ_list.h

common.h

config-win32.h

config-win32.h.in

config.guess

config.h.in

config.sub

configure

configure.ac

contrib/pull-resolv-conf/client.down

contrib/pull-resolv-conf/client.up

crypto.c

crypto.h

debian/NEWS

debian/changelog

debian/compat

debian/control

debian/copyright

debian/patches/attemping_typo

debian/patches/close_socket_before_scripts.patch

debian/patches/debian_nogroup_for_sample_files.patch

debian/patches/debian_openssl_vulnkeys.patch

debian/patches/manpage_dash_escaping.patch

debian/patches/series

debian/rules

debug/valgrind-suppress

dhcp.c

dhcp.h

doclean

domake-win

easy-rsa/2.0/openssl.cnf

easy-rsa/2.0/pkitool

easy-rsa/2.0/revoke-full

errlevel.h

error.c

error.h

event.c

event.h

fdmisc.c

fdmisc.h

forward-inline.h

forward.c

forward.h

fragment.c

fragment.h

gremlin.c

gremlin.h

helper.c

helper.h

images/Makefile.am

images/Makefile.in

init.c

init.h

install-win32/Makefile.am

install-win32/Makefile.in

install-win32/buildinstaller

install-win32/doclean

install-win32/getopenssl

install-win32/maketap

install-win32/maketapinstall

install-win32/maketext

install-win32/openssl/README.txt

install-win32/openvpn.nsi

install-win32/settings.in

integer.h

interval.c

interval.h

list.c

list.h

lzo.c

lzo.h

manage.c

manage.h

mbuf.c

mbuf.h

memcmp.c

memdbg.h

misc.c

misc.h

mroute.c

mroute.h

mss.c

mss.h

mtcp.c

mtcp.h

mtu.c

mtu.h

mudp.c

mudp.h

multi.c

multi.h

occ-inline.h

occ.c

occ.h

openvpn-plugin.h

openvpn.8

openvpn.c

openvpn.h

openvpn.spec

options.c

options.h

otime.c

otime.h

packet_id.c

packet_id.h

perf.c

perf.h

pf-inline.h

pf.c

pf.h

ping-inline.h

ping.c

ping.h

pkcs11.c

pkcs11.h

plugin.c

plugin.h

plugin/auth-pam/auth-pam.c

plugin/defer/simple.c

plugin/down-root/down-root.c

plugin/examples/log.c

plugin/examples/simple.c

pool.c

pool.h

proto.c

proto.h

proxy.c

proxy.h

ps.c

ps.h

push.c

push.h

reliable.c

reliable.h

route.c

route.h

schedule.c

schedule.h

service-win32/Makefile.am

service-win32/Makefile.in

service-win32/openvpnserv.c

session_id.c

session_id.h

shaper.c

shaper.h

sig.c

sig.h

socket.c

socket.h

socks.c

socks.h

ssl.c

ssl.h

status.c

status.h

syshead.h

tap-win32/common.h

tap-win32/constants.h

tap-win32/dhcp.c

tap-win32/dhcp.h

tap-win32/endian.h

tap-win32/error.c

tap-win32/error.h

tap-win32/hexdump.c

tap-win32/hexdump.h

tap-win32/i386/OemWin2k.inf.in

tap-win32/instance.c

tap-win32/lock.h

tap-win32/macinfo.c

tap-win32/macinfo.h

tap-win32/mem.c

tap-win32/proto.h

tap-win32/prototypes.h

tap-win32/resource.rc

tap-win32/tapdrvr.c

tap-win32/types.h

thread.c

thread.h

tun.c

tun.h

version.m4

win32.c

win32.h

Show diffs side-by-side

added added

removed removed

debian/patches/debian_openssl_vulnkeys.patch

1

Index: trunk/init.c

1

Index: openvpn-2.1_rc15/init.c

2

2

===================================================================

3

--- trunk/init.c (revision 56669)

4

+++ trunk/init.c (working copy)

5

@@ -1513,6 +1513,23 @@

3

--- openvpn-2.1_rc15.orig/init.c 2009-04-30 12:58:46.264809894 +0200

4

+++ openvpn-2.1_rc15/init.c 2009-04-30 12:59:07.530865201 +0200

5

@@ -1536,6 +1536,23 @@

6

6

const struct options *options = &c->options;

7

7

ASSERT (options->shared_secret_file);

8

8

26

26

init_crypto_pre (c, flags);

27

27

28

28

/* Initialize packet ID tracking */

29

@@ -1598,6 +1615,7 @@

29

@@ -1621,6 +1638,7 @@

30

30

do_init_crypto_tls_c1 (struct context *c)

31

31

{

32

32

const struct options *options = &c->options;

34

34

35

35

if (!c->c1.ks.ssl_ctx)

36

36

{

37

@@ -1634,6 +1652,53 @@

38

options->ciphername_defined, options->authname,

39

options->authname_defined, options->keysize, true, true);

37

@@ -1660,6 +1678,53 @@

38

/* Initialize PRNG with config-specified digest */

39

prng_init (options->prng_hash, options->prng_nonce_secret_len);

40

40

41

41

+ /* CVE-2008-0166 (Debian weak key checks)

42

42

+ * Obtain the modulus and bits from the certificate that was initialized,

Older »