From e96bebc853cb145c06d7ba7201009efd95af734b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 8 Nov 2005 13:52:29 +0000 Subject: [PATCH] - new upstream version - patches partially renumbered --- .cvsignore | 2 +- hobble-openssl | 18 ++-- openssl-0.9.8a-defaults.patch | 50 +++++++++++ openssl-0.9.8a-enginesdir.patch | 39 +++++++++ openssl-0.9.8a-link-krb5.patch | 11 +++ openssl-0.9.8a-redhat.patch | 54 ++++++++++++ openssl-0.9.8a-use-poll.patch | 73 ++++++++++++++++ openssl-thread-test.c | 1 + openssl.spec | 150 ++++++++++++++------------------ sources | 2 +- 10 files changed, 305 insertions(+), 95 deletions(-) create mode 100644 openssl-0.9.8a-defaults.patch create mode 100644 openssl-0.9.8a-enginesdir.patch create mode 100644 openssl-0.9.8a-link-krb5.patch create mode 100644 openssl-0.9.8a-redhat.patch create mode 100644 openssl-0.9.8a-use-poll.patch diff --git a/.cvsignore b/.cvsignore index 37bef0f..cf8ee06 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openssl-0.9.7f-usa.tar.bz2 libica-1.3.6-rc2.tar.bz2 +openssl-0.9.8a-usa.tar.bz2 diff --git a/hobble-openssl b/hobble-openssl index 437c02e..de0490f 100755 --- a/hobble-openssl +++ b/hobble-openssl @@ -13,14 +13,14 @@ set -e (find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv) # IDEA, MDC2, RC5, EC. -for a in idea mdc2 rc5 ec; do +for a in idea mdc2 rc5 ec ecdh ecdsa; do for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do echo Destroying $c > $c done done -for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" `; do +for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do echo Destroying $c > $c done @@ -29,13 +29,15 @@ for h in `find crypto ssl apps test -name "*.h"` ; do echo Removing IDEA, MDC2, RC5, and EC references from $h cat $h | \ awk 'BEGIN {ech=1;} \ - /#[ \t]*if/ {if(ech < 1) ech--;} \ - /#[ \t]*ifndef.*NO_IDEA/ {ech--;} \ - /#[ \t]*ifndef.*NO_MDC2/ {ech--;} \ - /#[ \t]*ifndef.*NO_RC5/ {ech--;} \ - /#[ \t]*ifndef.*NO_EC/ {ech--;} \ + /^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \ + /^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \ + /^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \ + /^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \ + /^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \ + /^#[ \t]*ifndef.*NO_ECDSA/ {ech--; next;} \ + /^#[ \t]*if/ {if(ech < 1) ech--;} \ {if(ech>0) {;print $0};} \ - /#endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ + /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ mv $h.hobbled $h done diff --git a/openssl-0.9.8a-defaults.patch b/openssl-0.9.8a-defaults.patch new file mode 100644 index 0000000..5a4db7b --- /dev/null +++ b/openssl-0.9.8a-defaults.patch @@ -0,0 +1,50 @@ +--- openssl-0.9.8a/apps/openssl.cnf.defaults 2005-09-16 14:20:24.000000000 +0200 ++++ openssl-0.9.8a/apps/openssl.cnf 2005-11-04 11:00:37.000000000 +0100 +@@ -99,6 +99,7 @@ + #################################################################### + [ req ] + default_bits = 1024 ++default_md = sha1 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes +@@ -116,23 +117,26 @@ + # MASK:XXXX a literal mask value. + # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings + # so use this option with caution! +-string_mask = nombstr ++# we use PrintableString+UTF8String mask so if pure ASCII texts are used ++# the resulting certificates are compatible with Netscape ++string_mask = MASK:0x2002 + + # req_extensions = v3_req # The extensions to add to a certificate request + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) +-countryName_default = AU ++countryName_default = GB + countryName_min = 2 + countryName_max = 2 + + stateOrProvinceName = State or Province Name (full name) +-stateOrProvinceName_default = Some-State ++stateOrProvinceName_default = Berkshire + + localityName = Locality Name (eg, city) ++localityName_default = Newbury + + 0.organizationName = Organization Name (eg, company) +-0.organizationName_default = Internet Widgits Pty Ltd ++0.organizationName_default = My Company Ltd + + # we can do this but it is not needed normally :-) + #1.organizationName = Second Organization Name (eg, company) +@@ -141,7 +145,7 @@ + organizationalUnitName = Organizational Unit Name (eg, section) + #organizationalUnitName_default = + +-commonName = Common Name (eg, YOUR name) ++commonName = Common Name (eg, your name or your server\'s hostname) + commonName_max = 64 + + emailAddress = Email Address diff --git a/openssl-0.9.8a-enginesdir.patch b/openssl-0.9.8a-enginesdir.patch new file mode 100644 index 0000000..0c33b74 --- /dev/null +++ b/openssl-0.9.8a-enginesdir.patch @@ -0,0 +1,39 @@ +--- openssl-0.9.8a/Configure.enginesdir 2005-11-04 15:06:37.000000000 +0100 ++++ openssl-0.9.8a/Configure 2005-11-07 14:15:12.000000000 +0100 +@@ -560,6 +560,7 @@ + + my $prefix=""; + my $openssldir=""; ++my $enginesdir=""; + my $exe_ext=""; + my $install_prefix=""; + my $no_threads=0; +@@ -739,6 +740,10 @@ + { + $openssldir=$1; + } ++ elsif (/^--enginesdir=(.*)$/) ++ { ++ $enginesdir=$1; ++ } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; +@@ -923,7 +928,7 @@ + + $openssldir=$prefix . "/ssl" if $openssldir eq ""; + $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; +- ++$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; + + print "IsMK1MF=$IsMK1MF\n"; + +@@ -1430,7 +1435,7 @@ + if (/^#define\s+OPENSSLDIR/) + { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + elsif (/^#define\s+ENGINESDIR/) +- { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } ++ { print OUT "#define ENGINESDIR \"$enginesdir\"\n"; } + elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) + { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" + if $export_var_as_fn; diff --git a/openssl-0.9.8a-link-krb5.patch b/openssl-0.9.8a-link-krb5.patch new file mode 100644 index 0000000..f34b1e5 --- /dev/null +++ b/openssl-0.9.8a-link-krb5.patch @@ -0,0 +1,11 @@ +--- openssl-0.9.8a/Makefile.org.link-krb5 2005-07-05 07:14:21.000000000 +0200 ++++ openssl-0.9.8a/Makefile.org 2005-11-07 18:00:08.000000000 +0100 +@@ -266,7 +266,7 @@ + + do_$(SHLIB_TARGET): + @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ +- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ ++ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ diff --git a/openssl-0.9.8a-redhat.patch b/openssl-0.9.8a-redhat.patch new file mode 100644 index 0000000..02a9527 --- /dev/null +++ b/openssl-0.9.8a-redhat.patch @@ -0,0 +1,54 @@ +--- openssl-0.9.8a/Configure.redhat 2005-11-08 01:50:41.000000000 +0100 ++++ openssl-0.9.8a/Configure 2005-11-08 10:23:38.000000000 +0100 +@@ -313,29 +313,29 @@ + #### + # *-generic* is endian-neutral target, but ./config is free to + # throw in -D[BL]_ENDIAN, whichever appropriate... +-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + #### IA-32 targets... + "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", ++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", + #### +-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + # -bpowerpc64-linux is transient option, -m64 should be the one to use... +-"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-x86_64", "gcc:-DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + #### SPARC Linux setups + # Ray Miller has patiently + # assisted with debugging of following two configs. +-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + # it's a real mess with -mcpu=ultrasparc option under Linux, but + # -Wa,-Av8plus should do the trick no matter what. +-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + # GCC 3.1 is a requirement +-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + #### Alpha Linux with GNU C and Compaq C setups + # Special notes: + # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +@@ -349,8 +349,8 @@ + # + # + # +-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", + diff --git a/openssl-0.9.8a-use-poll.patch b/openssl-0.9.8a-use-poll.patch new file mode 100644 index 0000000..8a544a3 --- /dev/null +++ b/openssl-0.9.8a-use-poll.patch @@ -0,0 +1,73 @@ +--- openssl-0.9.8a/crypto/rand/rand_unix.c.use-poll 2005-08-29 01:20:48.000000000 +0200 ++++ openssl-0.9.8a/crypto/rand/rand_unix.c 2005-11-08 01:28:35.000000000 +0100 +@@ -125,6 +125,7 @@ + #include + #include + #include ++#include + + #ifdef __OpenBSD__ + int RAND_poll(void) +@@ -157,6 +158,7 @@ + struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; + int fd; + size_t i; ++ struct pollfd pfd; + #endif + #ifdef DEVRANDOM_EGD + static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; +@@ -184,11 +186,10 @@ + #endif + )) >= 0) + { +- struct timeval t = { 0, 10*1000 }; /* Spend 10ms on ++ int t = 10; /* Spend 10ms on + each file. */ + int r; + size_t j; +- fd_set fset; + struct stat *st=&randomstats[i]; + + /* Avoid using same input... Used to be O_NOFOLLOW +@@ -204,30 +205,25 @@ + + do + { +- FD_ZERO(&fset); +- FD_SET(fd, &fset); +- r = -1; +- +- if (select(fd+1,&fset,NULL,NULL,&t) < 0) +- t.tv_usec=0; +- else if (FD_ISSET(fd, &fset)) ++ pfd.fd = fd; ++ pfd.events = POLLIN; ++ pfd.revents = 0; ++ ++ if ((r=poll(&pfd,1,t)) == 0) ++ t = 0; ++ else if (r > 0 && (pfd.revents & POLLIN)) + { + r=read(fd,(unsigned char *)tmpbuf+n, + ENTROPY_NEEDED-n); + if (r > 0) + n += r; + } +- +- /* Some Unixen will update t, some +- won't. For those who won't, give +- up here, otherwise, we will do +- this once again for the remaining +- time. */ +- if (t.tv_usec == 10*1000) +- t.tv_usec=0; ++ /* we don't know how big part of the timeout elapsed ++ wait half the original timeout next time */ ++ t >>= 1; + } + while ((r > 0 || (errno == EINTR || errno == EAGAIN)) +- && t.tv_usec != 0 && n < ENTROPY_NEEDED); ++ && t != 0 && n < ENTROPY_NEEDED); + + close(fd); + } diff --git a/openssl-thread-test.c b/openssl-thread-test.c index a91ec00..3b90285 100644 --- a/openssl-thread-test.c +++ b/openssl-thread-test.c @@ -14,6 +14,7 @@ #include #include #include +#include #include /* Just assume we want to do engine stuff if we're using 0.9.6b or diff --git a/openssl.spec b/openssl.spec index 51c4368..1dd623e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -5,7 +5,8 @@ # 0.9.6c soversion = 3 # 0.9.7a soversion = 4 # 0.9.7ef soversion = 5 -%define soversion 5 +# 0.9.8a soversion = 6 +%define soversion 6 # Number of threads to spawn when testing some threading fixes. #%define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -21,8 +22,8 @@ Summary: The OpenSSL toolkit. Name: openssl -Version: 0.9.7f -Release: 11 +Version: 0.9.8a +Release: 1 Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -35,27 +36,24 @@ Source7: libica-%{libicaversion}.tar.bz2 Source8: openssl-thread-test.c Source9: opensslconf-new.h Source10: opensslconf-new-warning.h -Patch0: openssl-0.9.7f-redhat.patch -Patch1: openssl-0.9.7f-defaults.patch -Patch2: openssl-0.9.7-beta6-ia64.patch -Patch3: openssl-0.9.7e-soversion.patch -Patch4: openssl-0.9.6-x509.patch -Patch5: openssl-0.9.7-beta5-version-add-engines.patch -Patch6: openssl-0.9.7d-ICA_engine-sep142005.patch -Patch10: libica-1.3.4-urandom.patch -Patch11: libica-1.2-cleanup.patch -Patch12: openssl-0.9.7a-libica-autoconf.patch -Patch18: openssl-0.9.7a-krb5-1.3.patch -Patch42: openssl-0.9.7e-krb5.patch -Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch -Patch44: openssl-0.9.7f-ca-dir.patch -Patch45: openssl-0.9.7f-use-poll.patch -Patch46: openssl-0.9.7f-backport-097g.patch -Patch47: openssl-0.9.7f-can-2005-0109.patch -Patch48: openssl-0.9.7f-dsa-consttime.patch -Patch49: openssl-0.9.7f-bn-ppc-div.patch -Patch50: openssl-0.9.7f-apps-initialize.patch -Patch51: openssl-0.9.7a-can-2005-2969.patch +# Build changes +Patch0: openssl-0.9.8a-redhat.patch +Patch1: openssl-0.9.8a-defaults.patch +Patch2: openssl-0.9.8a-link-krb5.patch +Patch3: openssl-0.9.8a-soversion.patch +Patch4: openssl-0.9.8a-enginesdir.patch +Patch6: openssl-0.9.7a-libica-autoconf.patch +# Added engines +Patch20: libica-1.3.4-urandom.patch +Patch21: libica-1.2-cleanup.patch +Patch22: openssl-0.9.8a-ICA_engine-sep142005.patch +# Functionality changes +Patch32: openssl-0.9.7-beta6-ia64.patch +Patch33: openssl-0.9.7f-ca-dir.patch +Patch34: openssl-0.9.6-x509.patch +Patch35: openssl-0.9.7-beta5-version-add-engines.patch +Patch36: openssl-0.9.8a-use-poll.patch +# Backported fixes including security fixes License: BSDish Group: System Environment/Libraries @@ -64,8 +62,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildPreReq: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp Requires: mktemp -%define solibbase %(echo %version | sed 's/[[:alpha:]]//g') - %description The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared @@ -100,17 +96,17 @@ from other formats to the formats used by the OpenSSL toolkit. %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat %patch1 -p1 -b .defaults -%patch2 -p1 -b .ia64 +# Fix link line for libssl (bug #111154). +%patch2 -p1 -b .krb5 %patch3 -p1 -b .soversion -%patch4 -p1 -b .x509 -%patch5 -p1 -b .version-add-engines -%patch6 -p1 -b .ibmca +%patch4 -p1 -b .enginesdir +%patch6 -p1 -b .libica-autoconf pushd libica-%{libicaversion} # Patch for libica to use /dev/urandom instead of internal pseudo random number # generator. -%patch10 -p2 -b .urandom -%patch11 -p1 -b .cleanup +%patch20 -p2 -b .urandom +%patch21 -p1 -b .cleanup %ifarch s390 s390x if [[ $RPM_BUILD_ROOT ]] ; then export INSROOT=$RPM_BUILD_ROOT @@ -122,27 +118,13 @@ autoconf libtoolize --copy --force %endif popd +%patch22 -p1 -b .ibmca -%patch12 -p1 -b .libica-autoconf -%patch18 -p1 -b .krb5-1.3 - - -# Fix link line for libssl (bug #111154). -%patch42 -p1 -b .krb5 - -# Additional fixes -%patch43 -p1 -b .uninitialized -#patch44 is applied after make test -%patch45 -p1 -b .use-poll - -%patch46 -p1 -b .backport-097g -# CAN-2005-0109 -%patch47 -p1 -b .modexp-consttime -%patch48 -p1 -b .dsa-consttime -%patch49 -p1 -b .ppc-div -%patch50 -p1 -b .apps-initialize -# CAN-2005-2969 -%patch51 -p0 -b .ssl2-rollback +%patch32 -p1 -b .ia64 +#patch33 is applied after make test +%patch34 -p1 -b .x509 +%patch35 -p1 -b .version-add-engines +%patch36 -p1 -b .use-poll # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -162,8 +144,8 @@ make popd %endif -# Figure out which flags we want to use. Set the number of threads to use to -# the maximum we've managed to run without running afoul of the OOM killer. +# Figure out which flags we want to use. +# default sslarch=%{_os}-%{_arch} %ifarch %ix86 sslarch=linux-elf @@ -175,34 +157,23 @@ fi sslarch=linux-sparcv9 sslflags=no-asm %endif -%ifarch ia64 -sslarch=linux-ia64 -%endif %ifarch alpha sslarch=linux-alpha-gcc %endif %ifarch s390 -sslarch=linux-s390 +sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" %endif %ifarch s390x -sslarch=linux-s390x -%endif -%ifarch x86_64 -sslarch=linux-x86_64 -%endif -%ifarch ppc -sslarch=linux-ppc -%endif -%ifarch ppc64 -sslarch=linux-ppc64 +sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" %endif +# ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ - zlib no-idea no-mdc2 no-rc5 no-ec shared \ - --with-krb5-flavor=MIT \ + zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \ + --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \ ${sslarch} @@ -223,25 +194,27 @@ make -C test apps tests `krb5-config --cflags` \ -I./include \ $RPM_OPT_FLAGS \ - $RPM_SOURCE_DIR/openssl-thread-test.c \ - libssl.a libcrypto.a \ + %{SOURCE8} \ + -L. \ + -lssl -lcrypto \ `krb5-config --libs` \ -lpthread -lz -ldl -#./openssl-thread-test --threads %{thread_test_threads} +./openssl-thread-test --threads %{thread_test_threads} -# Patch44 must be patched after tests otherwise they will fail -patch -p1 -b -z .ca-dir < %{PATCH44} +# Patch33 must be patched after tests otherwise they will fail +patch -p1 -b -z .ca-dir < %{PATCH33} %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT # Install OpenSSL. -install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}} +install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared -mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/ +mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/ +mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT/%{_libdir}/openssl mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/ rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || : -rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase} +rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion} for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do chmod 755 ${lib} ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` @@ -295,12 +268,14 @@ install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/ ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/cert.pem # Fix libdir. -sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ - $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc > \ - $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp && \ -cat $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp > \ - $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc && \ -rm -f $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp +pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +for i in *.pc ; do + sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ + $i >$i.tmp && \ + cat $i.tmp >$i && \ + rm -f $i.tmp +done +popd # Determine which arch opensslconf.h is going to try to #include. basearch=%{_arch} @@ -378,6 +353,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion} %attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) /%{_lib}/*.so.%{version} %attr(0755,root,root) /%{_lib}/*.so.%{soversion} +%attr(0755,root,root) %{_libdir}/openssl %attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]* %attr(0644,root,root) %{_mandir}/man5*/* %attr(0644,root,root) %{_mandir}/man7*/* @@ -395,7 +371,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion} %attr(0644,root,root) %{_libdir}/*.a %attr(0755,root,root) %{_libdir}/*.so %attr(0644,root,root) %{_mandir}/man3*/* -%attr(0644,root,root) %{_libdir}/pkgconfig/openssl.pc +%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc %files perl %defattr(-,root,root) @@ -410,6 +386,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion} %postun -p /sbin/ldconfig %changelog +* Tue Nov 8 2005 Tomas Mraz 0.9.8a-1 +- new upstream version +- patches partially renumbered + * Fri Oct 21 2005 Tomas Mraz 0.9.7f-11 - updated IBM ICA engine library and patch to latest upstream version diff --git a/sources b/sources index 4f16a6a..b6ee435 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -1f93cf2986593d14b2a64983e4e347e3 openssl-0.9.7f-usa.tar.bz2 a915bcff41b687cb5a4f0091374b421d libica-1.3.6-rc2.tar.bz2 +7c17a9014e33507d1c2721b66baccd30 openssl-0.9.8a-usa.tar.bz2