[Pkg-voip-commits] [kamailio] 02/02: fix for tls on jessie
Victor Seva
vseva at moszumanska.debian.org
Fri Sep 9 08:38:52 UTC 2016
This is an automated email from the git hooks/post-receive script.
vseva pushed a commit to branch jessie
in repository kamailio.
commit 1d12c9449a64aecfff9264035f80e4f196cc37f4
Author: Victor Seva <vseva at debian.org>
Date: Wed Sep 7 10:04:45 2016 +0200
fix for tls on jessie
---
debian/changelog | 9 +++++++++
debian/control | 2 +-
debian/patches/fix_tls.patch | 34 ++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
4 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index e5af7aa..9833d38 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+kamailio (4.2.0-2+deb8u2) stable-proposed-updates; urgency=medium
+
+ * use my DD account \o/
+ * add upstream fix for:
+ proper check of libssl versions used for compilation
+ and available on system (Closes: #833973)
+
+ -- Victor Seva <vseva at debian.org> Wed, 07 Sep 2016 10:00:32 +0200
+
kamailio (4.2.0-2+deb8u1) jessie-security; urgency=medium
* CVE-2016-2385
diff --git a/debian/control b/debian/control
index f6a1bb7..13dc5df 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: kamailio
Section: net
Priority: optional
Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
-Uploaders: Victor Seva <linuxmaniac at torreviejawireless.org>,
+Uploaders: Victor Seva <vseva at debian.org>,
Tzafrir Cohen <tzafrir at debian.org>
Build-Depends: bison,
debhelper (>= 9),
diff --git a/debian/patches/fix_tls.patch b/debian/patches/fix_tls.patch
new file mode 100644
index 0000000..7e6c12d
--- /dev/null
+++ b/debian/patches/fix_tls.patch
@@ -0,0 +1,34 @@
+From 0a5f99b28d01d79cf2675df6d2a6220167e2476e Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda at gmail.com>
+Date: Tue, 7 Jun 2016 15:21:06 +0200
+Subject: [PATCH] tls: proper check of libssl versions used for compilation and
+ available on system
+
+- shift out the last 12bits, being the patch version and status (see man
+ SSLeay)
+- reported by Victor Seva, GH #662
+
+(cherry picked from commit c38b4c7345a6806f48a0cdb07841e10bc962e1bf)
+(cherry picked from commit 253909bf673c0a59e7adf578bb5df73eb157d0f2)
+(cherry picked from commit 5632abc108bf8ed8157a77806ea80b962db3fa4f)
+---
+ modules/tls/tls_init.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
+index a381be1..7bfc10f 100644
+--- a/modules/tls/tls_init.c
++++ b/modules/tls/tls_init.c
+@@ -543,8 +543,10 @@ int init_tls_h(void)
+ #endif
+ ssl_version=SSLeay();
+ /* check if version have the same major minor and fix level
+- * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) */
+- if ((ssl_version>>8)!=(OPENSSL_VERSION_NUMBER>>8)){
++ * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
++ * - values is represented as 0xMMNNFFPPS: major minor fix patch status
++ * 0x00090705f == 0.9.7e release */
++ if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
+ LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library "
+ "version is too different from the library the ser tls module "
+ "was compiled with: installed \"%s\" (0x%08lx), compiled "
diff --git a/debian/patches/series b/debian/patches/series
index 5dc82ac..3f9640f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ kamctl_build.patch
default_ctl.patch
fix-mips.patch
CVE-2016-2385.patch
+fix_tls.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/kamailio.git
More information about the Pkg-voip-commits
mailing list