Merge remote-tracking branch 'origin/released'

Conflicts:
	freetype/src/base/ftfntfmt.c
	freetype/src/cache/ftcimage.c
	freetype/src/cid/cidriver.c
	freetype/src/truetype/ttdriver.c
	mesalib/src/mesa/drivers/dri/common/dri_util.c
	mesalib/src/mesa/drivers/dri/swrast/swrast.c
	openssl/Makefile

1 files changed, 6 insertions, 3 deletions

diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
index 30398c7ca..b1c586e6f 100755
--- a/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -94,7 +94,7 @@ typedef struct {
         defined(_M_AMD64)       || defined(_M_X64)      || \
         defined(__INTEL__)      )
 
-extern unsigned int OPENSSL_ia32cap_P[3];
+extern unsigned int OPENSSL_ia32cap_P[];
 #  define AESNI_CAPABLE   (1<<(57-32))
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
@@ -813,6 +813,11 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
             unsigned char *p = ptr;
             unsigned int len = p[arg - 2] << 8 | p[arg - 1];
 
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
             if (ctx->encrypt) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =
@@ -828,8 +833,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                                AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
                              - len);
             } else {
-                if (arg > 13)
-                    arg = 13;
                 memcpy(key->aux.tls_aad, ptr, arg);
                 key->payload_length = arg;