From 0ed17c065246e0f0e33ce311790c7329b5e42a74 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 26 Jul 2011 13:02:17 +0200 Subject: [PATCH] correct openssl cms help output (#636266) more tolerant starttls detection in XMPP protocol (#608239) --- openssl-1.0.0d-cms-keyid.patch | 12 ++++++++++++ openssl-1.0.0d-xmpp-starttls.patch | 12 ++++++++++++ openssl.spec | 10 +++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 openssl-1.0.0d-cms-keyid.patch create mode 100644 openssl-1.0.0d-xmpp-starttls.patch diff --git a/openssl-1.0.0d-cms-keyid.patch b/openssl-1.0.0d-cms-keyid.patch new file mode 100644 index 0000000..9fe9358 --- /dev/null +++ b/openssl-1.0.0d-cms-keyid.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.0.0d/apps/cms.c.keyid openssl-1.0.0d/apps/cms.c +--- openssl-1.0.0d/apps/cms.c.keyid 2009-10-18 16:42:26.000000000 +0200 ++++ openssl-1.0.0d/apps/cms.c 2011-07-26 12:56:48.000000000 +0200 +@@ -618,7 +618,7 @@ int MAIN(int argc, char **argv) + BIO_printf (bio_err, "-certsout file certificate output file\n"); + BIO_printf (bio_err, "-signer file signer certificate file\n"); + BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); +- BIO_printf (bio_err, "-skeyid use subject key identifier\n"); ++ BIO_printf (bio_err, "-keyid use subject key identifier\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); + BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); diff --git a/openssl-1.0.0d-xmpp-starttls.patch b/openssl-1.0.0d-xmpp-starttls.patch new file mode 100644 index 0000000..b3999cc --- /dev/null +++ b/openssl-1.0.0d-xmpp-starttls.patch @@ -0,0 +1,12 @@ +diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c +--- openssl-1.0.0d.old/apps/s_client.c 2011-07-17 21:05:19.934181169 +0200 ++++ openssl-1.0.0d/apps/s_client.c 2011-07-17 21:11:42.747824990 +0200 +@@ -1186,7 +1186,7 @@ + "xmlns='jabber:client' to='%s' version='1.0'>", host); + seen = BIO_read(sbio,mbuf,BUFSIZZ); + mbuf[seen] = 0; +- while (!strstr(mbuf, "")) + goto shut; diff --git a/openssl.spec b/openssl.spec index 7f9d669..cb550c8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0d -Release: 6%{?dist} +Release: 7%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -48,6 +48,7 @@ Patch23: openssl-1.0.0-beta4-default-paths.patch Patch24: openssl-0.9.8j-bad-mime.patch Patch25: openssl-1.0.0a-manfix.patch Patch26: openssl-1.0.0a-load-certs.patch +Patch27: openssl-1.0.0d-cms-keyid.patch # Functionality changes Patch32: openssl-0.9.8g-ia64.patch Patch33: openssl-1.0.0-beta4-ca-dir.patch @@ -75,6 +76,7 @@ Patch59: openssl-1.0.0c-pkcs12-fips-default.patch Patch60: openssl-1.0.0d-apps-dgst.patch Patch61: openssl-1.0.0d-cavs.patch Patch62: openssl-1.0.0-fips-aesni.patch +Patch63: openssl-1.0.0d-xmpp-starttls.patch # Backported fixes including security fixes Patch81: openssl-1.0.0d-padlock64.patch @@ -144,6 +146,7 @@ popd %patch24 -p1 -b .bad-mime %patch25 -p1 -b .manfix %patch26 -p1 -b .load-certs +%patch27 -p1 -b .keyid %patch32 -p1 -b .ia64 %patch33 -p1 -b .ca-dir @@ -171,6 +174,7 @@ popd %patch60 -p1 -b .dgst %patch61 -p1 -b .cavs %patch62 -p1 -b .fips-aesni +%patch63 -p1 -b .starttls %patch81 -p1 -b .padlock64 @@ -434,6 +438,10 @@ popd %postun -p /sbin/ldconfig %changelog +* Tue Jul 26 2011 Tomas Mraz 1.0.0d-7 +- correct openssl cms help output (#636266) +- more tolerant starttls detection in XMPP protocol (#608239) + * Wed Jul 20 2011 Tomas Mraz 1.0.0d-6 - add support for newest Intel acceleration improvements backported from upstream by Intel in form of a separate engine