forked from rpms/openssl
- new upstream version fixing CVE-2010-3864 (#649304)
This commit is contained in:
Tomas Mraz
parent
17a6aec60b
commit
3ff2d49a83
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
|
||||
--- openssl-1.0.0-beta4/Configure.aesni 2010-01-07 23:38:31.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/Configure 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/Configure.aesni openssl-1.0.0b/Configure
|
||||
--- openssl-1.0.0b/Configure.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||
+++ openssl-1.0.0b/Configure 2010-11-16 17:35:15.000000000 +0100
|
||||
@@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
|
||||
my $bits1="THIRTY_TWO_BIT ";
|
||||
my $bits2="SIXTY_FOUR_BIT ";
|
||||
@ -21,10 +21,10 @@ diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
|
||||
"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
|
||||
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
||||
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
||||
"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
|
||||
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
||||
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
|
||||
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
|
||||
"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
|
||||
@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/)
|
||||
@@ -1419,6 +1419,7 @@ if ($rmd160_obj =~ /\.o$/)
|
||||
if ($aes_obj =~ /\.o$/)
|
||||
{
|
||||
$cflags.=" -DAES_ASM";
|
||||
@ -32,9 +32,9 @@ diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
|
||||
}
|
||||
else {
|
||||
$aes_obj=$aes_enc;
|
||||
diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl
|
||||
--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni 2010-01-12 22:18:06.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl
|
||||
--- openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -0,0 +1,765 @@
|
||||
+#!/usr/bin/env perl
|
||||
+
|
||||
@ -801,9 +801,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-bet
|
||||
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
|
||||
+
|
||||
+&asm_finish();
|
||||
diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl
|
||||
--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni 2010-01-12 22:18:06.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl
|
||||
--- openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -0,0 +1,991 @@
|
||||
+#!/usr/bin/env perl
|
||||
+#
|
||||
@ -1796,9 +1796,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-
|
||||
+print $code;
|
||||
+
|
||||
+close STDOUT;
|
||||
diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypto/aes/Makefile
|
||||
--- openssl-1.0.0-beta4/crypto/aes/Makefile.aesni 2008-12-23 12:33:00.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/aes/Makefile 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/aes/Makefile.aesni openssl-1.0.0b/crypto/aes/Makefile
|
||||
--- openssl-1.0.0b/crypto/aes/Makefile.aesni 2008-12-23 12:33:00.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/aes/Makefile 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
|
||||
|
||||
aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl
|
||||
@ -1813,9 +1813,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypt
|
||||
|
||||
aes-sparcv9.s: asm/aes-sparcv9.pl
|
||||
$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
|
||||
diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_aesni.c
|
||||
--- openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni 2010-01-12 22:18:06.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/engine/eng_aesni.c 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni openssl-1.0.0b/crypto/engine/eng_aesni.c
|
||||
--- openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/engine/eng_aesni.c 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -0,0 +1,413 @@
|
||||
+/*
|
||||
+ * Support for Intel AES-NI intruction set
|
||||
@ -2230,9 +2230,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4
|
||||
+
|
||||
+#endif /* COMPILE_HW_AESNI */
|
||||
+#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
|
||||
diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_all.c
|
||||
--- openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni 2010-01-07 23:38:31.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/engine/eng_all.c 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/engine/eng_all.c.aesni openssl-1.0.0b/crypto/engine/eng_all.c
|
||||
--- openssl-1.0.0b/crypto/engine/eng_all.c.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/engine/eng_all.c 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
|
||||
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
|
||||
ENGINE_load_cryptodev();
|
||||
@ -2243,10 +2243,10 @@ diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/c
|
||||
ENGINE_load_dynamic();
|
||||
#ifndef OPENSSL_NO_STATIC_ENGINE
|
||||
#ifndef OPENSSL_NO_HW
|
||||
diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/crypto/engine/engine.h
|
||||
--- openssl-1.0.0-beta4/crypto/engine/engine.h.aesni 2010-01-07 23:38:30.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/engine/engine.h 2010-01-12 22:18:06.000000000 +0100
|
||||
@@ -342,6 +342,7 @@ void ENGINE_load_gost(void);
|
||||
diff -up openssl-1.0.0b/crypto/engine/engine.h.aesni openssl-1.0.0b/crypto/engine/engine.h
|
||||
--- openssl-1.0.0b/crypto/engine/engine.h.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/engine/engine.h 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -338,6 +338,7 @@ void ENGINE_load_gost(void);
|
||||
#endif
|
||||
#endif
|
||||
void ENGINE_load_cryptodev(void);
|
||||
@ -2254,9 +2254,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/cr
|
||||
void ENGINE_load_builtin_engines(void);
|
||||
|
||||
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
|
||||
diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/crypto/engine/Makefile
|
||||
--- openssl-1.0.0-beta4/crypto/engine/Makefile.aesni 2008-06-04 13:01:29.000000000 +0200
|
||||
+++ openssl-1.0.0-beta4/crypto/engine/Makefile 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/engine/Makefile.aesni openssl-1.0.0b/crypto/engine/Makefile
|
||||
--- openssl-1.0.0b/crypto/engine/Makefile.aesni 2010-11-15 15:44:49.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/engine/Makefile 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
|
||||
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
|
||||
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
|
||||
@ -2274,9 +2274,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/cr
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/crypto/evp/evp_err.c
|
||||
--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni 2010-01-07 23:38:31.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/crypto/evp/evp_err.c.aesni openssl-1.0.0b/crypto/evp/evp_err.c
|
||||
--- openssl-1.0.0b/crypto/evp/evp_err.c.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/evp/evp_err.c 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/* crypto/evp/evp_err.c */
|
||||
/* ====================================================================
|
||||
@ -2293,7 +2293,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/cryp
|
||||
{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
|
||||
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
|
||||
{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
|
||||
@@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
|
||||
@@ -86,7 +87,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
|
||||
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
|
||||
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
|
||||
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
|
||||
@ -2302,10 +2302,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/cryp
|
||||
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
|
||||
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
|
||||
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
|
||||
diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/evp/evp.h
|
||||
--- openssl-1.0.0-beta4/crypto/evp/evp.h.aesni 2010-01-07 23:38:31.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/evp/evp.h 2010-01-12 22:18:06.000000000 +0100
|
||||
@@ -1162,6 +1162,7 @@ void ERR_load_EVP_strings(void);
|
||||
diff -up openssl-1.0.0b/crypto/evp/evp.h.aesni openssl-1.0.0b/crypto/evp/evp.h
|
||||
--- openssl-1.0.0b/crypto/evp/evp.h.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/evp/evp.h 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -1167,6 +1167,7 @@ void ERR_load_EVP_strings(void);
|
||||
/* Error codes for the EVP functions. */
|
||||
|
||||
/* Function codes. */
|
||||
@ -2313,9 +2313,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/e
|
||||
#define EVP_F_AES_INIT_KEY 133
|
||||
#define EVP_F_CAMELLIA_INIT_KEY 159
|
||||
#define EVP_F_D2I_PKEY 100
|
||||
diff -up openssl-1.0.0-beta4/test/test_aesni.aesni openssl-1.0.0-beta4/test/test_aesni
|
||||
--- openssl-1.0.0-beta4/test/test_aesni.aesni 2010-01-12 22:18:06.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/test/test_aesni 2010-01-12 22:18:06.000000000 +0100
|
||||
diff -up openssl-1.0.0b/test/test_aesni.aesni openssl-1.0.0b/test/test_aesni
|
||||
--- openssl-1.0.0b/test/test_aesni.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||
+++ openssl-1.0.0b/test/test_aesni 2010-11-16 17:33:23.000000000 +0100
|
||||
@@ -0,0 +1,69 @@
|
||||
+#!/bin/sh
|
||||
+
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h
|
||||
--- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
|
||||
+++ openssl-1.0.0-beta5/apps/s_apps.h 2010-02-03 09:43:49.000000000 +0100
|
||||
diff -up openssl-1.0.0b/apps/s_apps.h.ipv6-apps openssl-1.0.0b/apps/s_apps.h
|
||||
--- openssl-1.0.0b/apps/s_apps.h.ipv6-apps 2010-11-16 17:19:29.000000000 +0100
|
||||
+++ openssl-1.0.0b/apps/s_apps.h 2010-11-16 17:19:29.000000000 +0100
|
||||
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
||||
#define PORT_STR "4433"
|
||||
#define PROTOCOL "tcp"
|
||||
@ -23,9 +23,9 @@ diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_
|
||||
|
||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c
|
||||
--- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
|
||||
+++ openssl-1.0.0-beta5/apps/s_client.c 2010-02-03 09:43:49.000000000 +0100
|
||||
diff -up openssl-1.0.0b/apps/s_client.c.ipv6-apps openssl-1.0.0b/apps/s_client.c
|
||||
--- openssl-1.0.0b/apps/s_client.c.ipv6-apps 2010-11-16 17:19:29.000000000 +0100
|
||||
+++ openssl-1.0.0b/apps/s_client.c 2010-11-16 17:19:29.000000000 +0100
|
||||
@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
@ -60,9 +60,9 @@ diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
{
|
||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||
SHUTDOWN(s);
|
||||
diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c
|
||||
--- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
|
||||
+++ openssl-1.0.0-beta5/apps/s_server.c 2010-02-03 09:43:49.000000000 +0100
|
||||
diff -up openssl-1.0.0b/apps/s_server.c.ipv6-apps openssl-1.0.0b/apps/s_server.c
|
||||
--- openssl-1.0.0b/apps/s_server.c.ipv6-apps 2010-11-16 17:19:29.000000000 +0100
|
||||
+++ openssl-1.0.0b/apps/s_server.c 2010-11-16 17:19:29.000000000 +0100
|
||||
@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
|
||||
{
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
@ -94,9 +94,9 @@ diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
print_stats(bio_s_out,ctx);
|
||||
ret=0;
|
||||
end:
|
||||
diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c
|
||||
--- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps 2009-08-26 13:21:50.000000000 +0200
|
||||
+++ openssl-1.0.0-beta5/apps/s_socket.c 2010-02-03 10:00:30.000000000 +0100
|
||||
diff -up openssl-1.0.0b/apps/s_socket.c.ipv6-apps openssl-1.0.0b/apps/s_socket.c
|
||||
--- openssl-1.0.0b/apps/s_socket.c.ipv6-apps 2010-07-05 13:03:22.000000000 +0200
|
||||
+++ openssl-1.0.0b/apps/s_socket.c 2010-11-16 17:27:18.000000000 +0100
|
||||
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
|
||||
static void ssl_sock_cleanup(void);
|
||||
#endif
|
||||
@ -226,7 +226,7 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
{
|
||||
- int ret=0;
|
||||
- struct sockaddr_in server;
|
||||
- int s= -1,i;
|
||||
- int s= -1;
|
||||
+ struct addrinfo *res, *res0, hints;
|
||||
+ char * failed_call = NULL;
|
||||
+ char port_name[8];
|
||||
@ -277,7 +277,7 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||
{
|
||||
int j = 1;
|
||||
@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i
|
||||
@@ -357,35 +372,39 @@ static int init_server_long(int *sock, i
|
||||
(void *) &j, sizeof j);
|
||||
}
|
||||
#endif
|
||||
@ -294,7 +294,6 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
}
|
||||
- /* Make it 128 for linux */
|
||||
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
|
||||
- i=0;
|
||||
- *sock=s;
|
||||
- ret=1;
|
||||
-err:
|
||||
@ -328,16 +327,15 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
|
||||
static int do_accept(int acc_sock, int *sock, char **host)
|
||||
{
|
||||
- int ret,i;
|
||||
- struct hostent *h1,*h2;
|
||||
- static struct sockaddr_in from;
|
||||
+ static struct sockaddr_storage from;
|
||||
+ char buffer[NI_MAXHOST];
|
||||
+ int ret;
|
||||
int ret;
|
||||
- struct hostent *h1,*h2;
|
||||
- static struct sockaddr_in from;
|
||||
int len;
|
||||
/* struct linger ling; */
|
||||
|
||||
@@ -432,136 +450,58 @@ redoit:
|
||||
@@ -432,135 +451,58 @@ redoit:
|
||||
*/
|
||||
|
||||
if (host == NULL) goto end;
|
||||
@ -376,7 +374,6 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||
- return(0);
|
||||
- }
|
||||
- i=0;
|
||||
- if (h2->h_addrtype != AF_INET)
|
||||
- {
|
||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||
@ -1,22 +1,22 @@
|
||||
diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h
|
||||
--- openssl-1.0.0a/crypto/opensslv.h.version 2010-08-13 12:40:00.000000000 +0200
|
||||
+++ openssl-1.0.0a/crypto/opensslv.h 2010-09-07 21:38:41.000000000 +0200
|
||||
diff -up openssl-1.0.0b/crypto/opensslv.h.version openssl-1.0.0b/crypto/opensslv.h
|
||||
--- openssl-1.0.0b/crypto/opensslv.h.version 2010-11-16 17:31:23.000000000 +0100
|
||||
+++ openssl-1.0.0b/crypto/opensslv.h 2010-11-16 17:32:59.000000000 +0100
|
||||
@@ -25,7 +25,8 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
-#define OPENSSL_VERSION_NUMBER 0x1000001fL
|
||||
-#define OPENSSL_VERSION_NUMBER 0x1000002f
|
||||
+/* we have to keep the version number to not break the abi */
|
||||
+#define OPENSSL_VERSION_NUMBER 0x10000003L
|
||||
+#define OPENSSL_VERSION_NUMBER 0x10000003
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0b-fips 16 Nov 2010"
|
||||
#else
|
||||
@@ -83,7 +84,7 @@
|
||||
* should only keep the versions that are binary compatible with the current.
|
||||
*/
|
||||
#define SHLIB_VERSION_HISTORY ""
|
||||
-#define SHLIB_VERSION_NUMBER "1.0.0"
|
||||
+#define SHLIB_VERSION_NUMBER "1.0.0a"
|
||||
+#define SHLIB_VERSION_NUMBER "1.0.0b"
|
||||
|
||||
|
||||
#endif /* HEADER_OPENSSLV_H */
|
||||
13
openssl.spec
13
openssl.spec
@ -20,8 +20,8 @@
|
||||
|
||||
Summary: A general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.0a
|
||||
Release: 3%{?dist}
|
||||
Version: 1.0.0b
|
||||
Release: 1%{?dist}
|
||||
# We remove certain patented algorithms from the openssl source tarball
|
||||
# with the hobble-openssl script which is included below.
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
@ -50,7 +50,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||
Patch34: openssl-0.9.6-x509.patch
|
||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||
Patch38: openssl-1.0.0-beta5-cipher-change.patch
|
||||
Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
|
||||
Patch39: openssl-1.0.0b-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.0a-fips.patch
|
||||
Patch41: openssl-1.0.0-beta3-fipscheck.patch
|
||||
Patch43: openssl-1.0.0a-fipsmode.patch
|
||||
@ -59,8 +59,8 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
|
||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||
Patch49: openssl-1.0.0-beta4-algo-doc.patch
|
||||
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
|
||||
Patch51: openssl-1.0.0a-version.patch
|
||||
Patch52: openssl-1.0.0-beta4-aesni.patch
|
||||
Patch51: openssl-1.0.0b-version.patch
|
||||
Patch52: openssl-1.0.0b-aesni.patch
|
||||
Patch53: openssl-1.0.0-name-hash.patch
|
||||
# Backported fixes including security fixes
|
||||
|
||||
@ -393,6 +393,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue Nov 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-1
|
||||
- new upstream version fixing CVE-2010-3864 (#649304)
|
||||
|
||||
* Tue Sep 7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-3
|
||||
- make SHLIB_VERSION reflect the library suffix
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user