- new upstream version

- patches partially renumbered

.cvsignore

@@ -1,2 +1,2 @@
-openssl-0.9.7f-usa.tar.bz2
 libica-1.3.6-rc2.tar.bz2
+openssl-0.9.8a-usa.tar.bz2

hobble-openssl

@@ -13,14 +13,14 @@ set -e
 (find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv)
 
 # IDEA, MDC2, RC5, EC.
-for a in idea mdc2 rc5 ec; do
+for a in idea mdc2 rc5 ec ecdh ecdsa; do
   for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
 	echo Destroying $c
 	> $c
   done
 done
 
-for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" `; do
+for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do
 	echo Destroying $c
 	> $c
 done
@@ -29,13 +29,15 @@ for h in `find crypto ssl apps test -name "*.h"` ; do
 	echo Removing IDEA, MDC2, RC5, and EC references from $h
 	cat $h | \
 	awk    'BEGIN {ech=1;} \
-		/#[ \t]*if/ {if(ech < 1) ech--;} \
-		/#[ \t]*ifndef.*NO_IDEA/ {ech--;} \
-		/#[ \t]*ifndef.*NO_MDC2/ {ech--;} \
-		/#[ \t]*ifndef.*NO_RC5/ {ech--;} \
-		/#[ \t]*ifndef.*NO_EC/ {ech--;} \
+		/^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_ECDSA/ {ech--; next;} \
+                /^#[ \t]*if/ {if(ech < 1) ech--;} \
 		{if(ech>0) {;print $0};} \
-		/#endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
+		/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
 	mv $h.hobbled $h
 done
 

openssl-0.9.8a-defaults.patch

@@ -0,0 +1,50 @@
+--- openssl-0.9.8a/apps/openssl.cnf.defaults	2005-09-16 14:20:24.000000000 +0200
++++ openssl-0.9.8a/apps/openssl.cnf	2005-11-04 11:00:37.000000000 +0100
+@@ -99,6 +99,7 @@
+ ####################################################################
+ [ req ]
+ default_bits		= 1024
++default_md		= sha1
+ default_keyfile 	= privkey.pem
+ distinguished_name	= req_distinguished_name
+ attributes		= req_attributes
+@@ -116,23 +117,26 @@
+ # MASK:XXXX a literal mask value.
+ # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+ # so use this option with caution!
+-string_mask = nombstr
++# we use PrintableString+UTF8String mask so if pure ASCII texts are used
++# the resulting certificates are compatible with Netscape
++string_mask = MASK:0x2002
+ 
+ # req_extensions = v3_req # The extensions to add to a certificate request
+ 
+ [ req_distinguished_name ]
+ countryName			= Country Name (2 letter code)
+-countryName_default		= AU
++countryName_default		= GB
+ countryName_min			= 2
+ countryName_max			= 2
+ 
+ stateOrProvinceName		= State or Province Name (full name)
+-stateOrProvinceName_default	= Some-State
++stateOrProvinceName_default	= Berkshire
+ 
+ localityName			= Locality Name (eg, city)
++localityName_default		= Newbury
+ 
+ 0.organizationName		= Organization Name (eg, company)
+-0.organizationName_default	= Internet Widgits Pty Ltd
++0.organizationName_default	= My Company Ltd
+ 
+ # we can do this but it is not needed normally :-)
+ #1.organizationName		= Second Organization Name (eg, company)
+@@ -141,7 +145,7 @@
+ organizationalUnitName		= Organizational Unit Name (eg, section)
+ #organizationalUnitName_default	=
+ 
+-commonName			= Common Name (eg, YOUR name)
++commonName			= Common Name (eg, your name or your server\'s hostname)
+ commonName_max			= 64
+ 
+ emailAddress			= Email Address

openssl-0.9.8a-enginesdir.patch

@@ -0,0 +1,39 @@
+--- openssl-0.9.8a/Configure.enginesdir	2005-11-04 15:06:37.000000000 +0100
++++ openssl-0.9.8a/Configure	2005-11-07 14:15:12.000000000 +0100
+@@ -560,6 +560,7 @@
+ 
+ my $prefix="";
+ my $openssldir="";
++my $enginesdir="";
+ my $exe_ext="";
+ my $install_prefix="";
+ my $no_threads=0;
+@@ -739,6 +740,10 @@
+ 				{
+ 				$openssldir=$1;
+ 				}
++			elsif (/^--enginesdir=(.*)$/)
++				{
++				$enginesdir=$1;
++				}
+ 			elsif (/^--install.prefix=(.*)$/)
+ 				{
+ 				$install_prefix=$1;
+@@ -923,7 +928,7 @@
+ 
+ $openssldir=$prefix . "/ssl" if $openssldir eq "";
+ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+-
++$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
+ 
+ print "IsMK1MF=$IsMK1MF\n";
+ 
+@@ -1430,7 +1435,7 @@
+ 	if	(/^#define\s+OPENSSLDIR/)
+ 		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+ 	elsif	(/^#define\s+ENGINESDIR/)
+-		{ print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; }
++		{ print OUT "#define ENGINESDIR \"$enginesdir\"\n"; }
+ 	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+ 		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+ 			if $export_var_as_fn;

openssl-0.9.8a-link-krb5.patch

@@ -0,0 +1,11 @@
+--- openssl-0.9.8a/Makefile.org.link-krb5	2005-07-05 07:14:21.000000000 +0200
++++ openssl-0.9.8a/Makefile.org	2005-11-07 18:00:08.000000000 +0100
+@@ -266,7 +266,7 @@
+ 
+ do_$(SHLIB_TARGET):
+ 	@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ 			libs="$(LIBKRB5) $$libs"; \
+ 		fi; \
+ 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \

openssl-0.9.8a-redhat.patch

@@ -0,0 +1,54 @@
+--- openssl-0.9.8a/Configure.redhat	2005-11-08 01:50:41.000000000 +0100
++++ openssl-0.9.8a/Configure	2005-11-08 10:23:38.000000000 +0100
+@@ -313,29 +313,29 @@
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### IA-32 targets...
+ "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
++"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+ ####
+-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # -bpowerpc64-linux is transient option, -m64 should be the one to use...
+-"linux-ppc64",	"gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-ppc64",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-x86_64",	"gcc:-DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # it's a real mess with -mcpu=ultrasparc option under Linux, but
+ # -Wa,-Av8plus should do the trick no matter what.
+-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # GCC 3.1 is a requirement
+-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### Alpha Linux with GNU C and Compaq C setups
+ # Special notes:
+ # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+@@ -349,8 +349,8 @@
+ #
+ #					<appro@fy.chalmers.se>
+ #
+-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ 

openssl-0.9.8a-use-poll.patch

@@ -0,0 +1,73 @@
+--- openssl-0.9.8a/crypto/rand/rand_unix.c.use-poll	2005-08-29 01:20:48.000000000 +0200
++++ openssl-0.9.8a/crypto/rand/rand_unix.c	2005-11-08 01:28:35.000000000 +0100
+@@ -125,6 +125,7 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <time.h>
++#include <sys/poll.h>
+ 
+ #ifdef __OpenBSD__
+ int RAND_poll(void)
+@@ -157,6 +158,7 @@
+ 	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
+ 	int fd;
+ 	size_t i;
++	struct pollfd pfd;
+ #endif
+ #ifdef DEVRANDOM_EGD
+ 	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+@@ -184,11 +186,10 @@
+ #endif
+ 			)) >= 0)
+ 			{
+-			struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
++			int t = 10;                        /* Spend 10ms on
+ 							      each file. */
+ 			int r;
+ 			size_t j;
+-			fd_set fset;
+ 			struct stat *st=&randomstats[i];
+ 
+ 			/* Avoid using same input... Used to be O_NOFOLLOW
+@@ -204,30 +205,25 @@
+ 
+ 			do
+ 				{
+-				FD_ZERO(&fset);
+-				FD_SET(fd, &fset);
+-				r = -1;
+-
+-				if (select(fd+1,&fset,NULL,NULL,&t) < 0)
+-					t.tv_usec=0;
+-				else if (FD_ISSET(fd, &fset))
++				pfd.fd = fd;
++				pfd.events = POLLIN;
++				pfd.revents = 0;
++				
++				if ((r=poll(&pfd,1,t)) == 0)
++					t = 0;
++				else if (r > 0 && (pfd.revents & POLLIN))
+ 					{
+ 					r=read(fd,(unsigned char *)tmpbuf+n,
+ 					       ENTROPY_NEEDED-n);
+ 					if (r > 0)
+ 						n += r;
+ 					}
+-
+-				/* Some Unixen will update t, some
+-				   won't.  For those who won't, give
+-				   up here, otherwise, we will do
+-				   this once again for the remaining
+-				   time. */
+-				if (t.tv_usec == 10*1000)
+-					t.tv_usec=0;
++				/* we don't know how big part of the timeout elapsed
++				    wait half the original timeout next time */
++				t >>= 1; 
+ 				}
+ 			while ((r > 0 || (errno == EINTR || errno == EAGAIN))
+-				&& t.tv_usec != 0 && n < ENTROPY_NEEDED);
++				&& t != 0 && n < ENTROPY_NEEDED);
+ 
+ 			close(fd);
+ 			}

openssl-thread-test.c

@@ -14,6 +14,7 @@
 #include <openssl/objects.h>
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
+#include <openssl/md5.h>
 #include <openssl/ssl.h>
 
 /* Just assume we want to do engine stuff if we're using 0.9.6b or

openssl.spec

@@ -5,7 +5,8 @@
 # 0.9.6c soversion = 3
 # 0.9.7a soversion = 4
 # 0.9.7ef soversion = 5
-%define soversion 5
+# 0.9.8a soversion = 6
+%define soversion 6
 
 # Number of threads to spawn when testing some threading fixes.
 #%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@@ -21,8 +22,8 @@
 
 Summary: The OpenSSL toolkit.
 Name: openssl
-Version: 0.9.7f
-Release: 11
+Version: 0.9.8a
+Release: 1
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -35,27 +36,24 @@ Source7: libica-%{libicaversion}.tar.bz2
 Source8: openssl-thread-test.c
 Source9: opensslconf-new.h
 Source10: opensslconf-new-warning.h
-Patch0: openssl-0.9.7f-redhat.patch
-Patch1: openssl-0.9.7f-defaults.patch
-Patch2: openssl-0.9.7-beta6-ia64.patch
-Patch3: openssl-0.9.7e-soversion.patch
-Patch4: openssl-0.9.6-x509.patch
-Patch5: openssl-0.9.7-beta5-version-add-engines.patch
-Patch6: openssl-0.9.7d-ICA_engine-sep142005.patch
-Patch10: libica-1.3.4-urandom.patch
-Patch11: libica-1.2-cleanup.patch
-Patch12: openssl-0.9.7a-libica-autoconf.patch
-Patch18: openssl-0.9.7a-krb5-1.3.patch
-Patch42: openssl-0.9.7e-krb5.patch
-Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch
-Patch44: openssl-0.9.7f-ca-dir.patch
-Patch45: openssl-0.9.7f-use-poll.patch
-Patch46: openssl-0.9.7f-backport-097g.patch
-Patch47: openssl-0.9.7f-can-2005-0109.patch
-Patch48: openssl-0.9.7f-dsa-consttime.patch
-Patch49: openssl-0.9.7f-bn-ppc-div.patch
-Patch50: openssl-0.9.7f-apps-initialize.patch
-Patch51: openssl-0.9.7a-can-2005-2969.patch
+# Build changes
+Patch0: openssl-0.9.8a-redhat.patch
+Patch1: openssl-0.9.8a-defaults.patch
+Patch2: openssl-0.9.8a-link-krb5.patch
+Patch3: openssl-0.9.8a-soversion.patch
+Patch4: openssl-0.9.8a-enginesdir.patch
+Patch6: openssl-0.9.7a-libica-autoconf.patch
+# Added engines
+Patch20: libica-1.3.4-urandom.patch
+Patch21: libica-1.2-cleanup.patch
+Patch22: openssl-0.9.8a-ICA_engine-sep142005.patch
+# Functionality changes
+Patch32: openssl-0.9.7-beta6-ia64.patch
+Patch33: openssl-0.9.7f-ca-dir.patch
+Patch34: openssl-0.9.6-x509.patch
+Patch35: openssl-0.9.7-beta5-version-add-engines.patch
+Patch36: openssl-0.9.8a-use-poll.patch
+# Backported fixes including security fixes
 
 License: BSDish
 Group: System Environment/Libraries
@@ -64,8 +62,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildPreReq: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
 Requires: mktemp
 
-%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')
-
 %description
 The OpenSSL toolkit provides support for secure communications between
 machines. OpenSSL includes a certificate management tool and shared
@@ -100,17 +96,17 @@ from other formats to the formats used by the OpenSSL toolkit.
 %{SOURCE1} > /dev/null
 %patch0 -p1 -b .redhat
 %patch1 -p1 -b .defaults
-%patch2 -p1 -b .ia64
+# Fix link line for libssl (bug #111154).
+%patch2 -p1 -b .krb5
 %patch3 -p1 -b .soversion
-%patch4 -p1 -b .x509
-%patch5 -p1 -b .version-add-engines
-%patch6 -p1 -b .ibmca
+%patch4 -p1 -b .enginesdir
+%patch6 -p1 -b .libica-autoconf
 
 pushd libica-%{libicaversion}
 # Patch for libica to use /dev/urandom instead of internal pseudo random number
 # generator.
-%patch10 -p2 -b .urandom
-%patch11 -p1 -b .cleanup
+%patch20 -p2 -b .urandom
+%patch21 -p1 -b .cleanup
 %ifarch s390 s390x
 if [[ $RPM_BUILD_ROOT  ]] ; then
         export INSROOT=$RPM_BUILD_ROOT
@@ -122,27 +118,13 @@ autoconf
 libtoolize --copy --force
 %endif
 popd
+%patch22 -p1 -b .ibmca
 
-%patch12 -p1 -b .libica-autoconf
-%patch18 -p1 -b .krb5-1.3
-
-
-# Fix link line for libssl (bug #111154).
-%patch42 -p1 -b .krb5
-
-# Additional fixes
-%patch43 -p1 -b .uninitialized
-#patch44 is applied after make test
-%patch45 -p1 -b .use-poll
-
-%patch46 -p1 -b .backport-097g
-# CAN-2005-0109
-%patch47 -p1 -b .modexp-consttime
-%patch48 -p1 -b .dsa-consttime
-%patch49 -p1 -b .ppc-div
-%patch50 -p1 -b .apps-initialize
-# CAN-2005-2969
-%patch51 -p0 -b .ssl2-rollback
+%patch32 -p1 -b .ia64
+#patch33 is applied after make test
+%patch34 -p1 -b .x509
+%patch35 -p1 -b .version-add-engines
+%patch36 -p1 -b .use-poll
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -162,8 +144,8 @@ make
 popd
 %endif
 
-# Figure out which flags we want to use.  Set the number of threads to use to
-# the maximum we've managed to run without running afoul of the OOM killer.
+# Figure out which flags we want to use.
+# default
 sslarch=%{_os}-%{_arch}
 %ifarch %ix86
 sslarch=linux-elf
@@ -175,34 +157,23 @@ fi
 sslarch=linux-sparcv9
 sslflags=no-asm
 %endif
-%ifarch ia64
-sslarch=linux-ia64
-%endif
 %ifarch alpha
 sslarch=linux-alpha-gcc
 %endif
 %ifarch s390
-sslarch=linux-s390
+sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM"
 %endif
 %ifarch s390x
-sslarch=linux-s390x
-%endif
-%ifarch x86_64
-sslarch=linux-x86_64
-%endif
-%ifarch ppc
-sslarch=linux-ppc
-%endif
-%ifarch ppc64
-sslarch=linux-ppc64
+sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
 %endif
+# ia64, x86_64, ppc, ppc64 are OK by default
 # Configure the build tree.  Override OpenSSL defaults with known-good defaults
 # usable on all platforms.  The Configure script already knows to use -fPIC and
 # RPM_OPT_FLAGS, so we can skip specifiying them here.
 ./Configure \
 	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
-	zlib no-idea no-mdc2 no-rc5 no-ec shared \
-	--with-krb5-flavor=MIT \
+	zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
+	--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
 	-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
 	${sslarch}
 
@@ -223,25 +194,27 @@ make -C test apps tests
 	`krb5-config --cflags` \
 	-I./include \
 	$RPM_OPT_FLAGS \
-	$RPM_SOURCE_DIR/openssl-thread-test.c \
-	libssl.a libcrypto.a \
+	%{SOURCE8} \
+	-L. \
+	-lssl -lcrypto \
 	`krb5-config --libs` \
 	-lpthread -lz -ldl
-#./openssl-thread-test --threads %{thread_test_threads}
+./openssl-thread-test --threads %{thread_test_threads}
 
-# Patch44 must be patched after tests otherwise they will fail
-patch -p1 -b -z .ca-dir < %{PATCH44}
+# Patch33 must be patched after tests otherwise they will fail
+patch -p1 -b -z .ca-dir < %{PATCH33}
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 # Install OpenSSL.
-install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}}
+install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
 make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
-mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/
+mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/
+mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT/%{_libdir}/openssl
 mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
 rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
 mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
-rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase}
+rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion}
 for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
 	chmod 755 ${lib}
 	ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
@@ -295,12 +268,14 @@ install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/
 ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/cert.pem
 
 # Fix libdir.
-sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
-	$RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc > \
-	$RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp && \
-cat $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp > \
-	$RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc && \
-rm -f $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp
+pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+for i in *.pc ; do
+	sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
+	    $i >$i.tmp && \
+	cat $i.tmp >$i && \
+	rm -f $i.tmp
+done
+popd
 
 # Determine which arch opensslconf.h is going to try to #include.
 basearch=%{_arch}
@@ -378,6 +353,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion}
 %attr(0755,root,root) %{_bindir}/openssl
 %attr(0755,root,root) /%{_lib}/*.so.%{version}
 %attr(0755,root,root) /%{_lib}/*.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/openssl
 %attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
 %attr(0644,root,root) %{_mandir}/man5*/*
 %attr(0644,root,root) %{_mandir}/man7*/*
@@ -395,7 +371,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion}
 %attr(0644,root,root) %{_libdir}/*.a
 %attr(0755,root,root) %{_libdir}/*.so
 %attr(0644,root,root) %{_mandir}/man3*/*
-%attr(0644,root,root) %{_libdir}/pkgconfig/openssl.pc
+%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
 
 %files perl
 %defattr(-,root,root)
@@ -410,6 +386,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion}
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Nov  8 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-1
+- new upstream version
+- patches partially renumbered
+
 * Fri Oct 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-11
 - updated IBM ICA engine library and patch to latest upstream version
 

sources

@@ -1,2 +1,2 @@
-1f93cf2986593d14b2a64983e4e347e3  openssl-0.9.7f-usa.tar.bz2
 a915bcff41b687cb5a4f0091374b421d  libica-1.3.6-rc2.tar.bz2
+7c17a9014e33507d1c2721b66baccd30  openssl-0.9.8a-usa.tar.bz2