[tor-commits] [tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'

nickm at torproject.org nickm at torproject.org
Fri Feb 10 15:58:48 UTC 2012 

commit 8855b2a90c8b3314ac9aa804ec2802e9d4c50617
Merge: ef0bc7f 2da0efb
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Feb 10 10:56:37 2012 -0500

    Merge remote-tracking branch 'origin/maint-0.2.2'
    
    Conflicts:
    	src/common/tortls.c
    
    Conflict on comment near use of the new OPENSSL_V macro

 src/common/tortls.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --cc src/common/tortls.c
index 26d3714,4c9d218..cffba2e
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@@ -79,11 -68,11 +79,11 @@@
  
  #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
  
 -#if (OPENSSL_VERSION_NUMBER  <  0x0090813fL ||    \
 -     (OPENSSL_VERSION_NUMBER >= 0x00909000L &&    \
 -      OPENSSL_VERSION_NUMBER <  0x1000006fL))
 +#if (OPENSSL_VERSION_NUMBER  <  OPENSSL_V(0,9,8,'s') ||         \
 +     (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) &&      \
 +      OPENSSL_VERSION_NUMBER <  OPENSSL_V(1,0,0,'f')))
  /* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
-  * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
+  * the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
   * SSL3 safely at the same time.
   */
  #define DISABLE_SSL3_HANDSHAKE
@@@ -1179,12 -794,12 +1179,12 @@@ tor_tls_context_new(crypto_pk_t *identi
  #ifdef DISABLE_SSL3_HANDSHAKE
        1 ||
  #endif
 -      SSLeay()  <  0x0090813fL ||
 -      (SSLeay() >= 0x00909000L &&
 -       SSLeay() <  0x1000006fL)) {
 +      SSLeay()  <  OPENSSL_V(0,9,8,'s') ||
 +      (SSLeay() >= OPENSSL_V_SERIES(0,9,9) &&
 +       SSLeay() <  OPENSSL_V(1,0,0,'f'))) {
-     /* And not SSL3 if it's subject to CVE-2011-4657. */
+     /* And not SSL3 if it's subject to CVE-2011-4576. */
      log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
-              "might otherwise be vulnerable to CVE-2011-4657 "
+              "might otherwise be vulnerable to CVE-2011-4576 "
               "(compile-time version %08lx (%s); "
               "runtime version %08lx (%s))",
               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,

More information about the tor-commits mailing list