diff --git a/.cvsignore b/.cvsignore index 6dba667..d39bc0a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-0.9.8j-usa.tar.bz2 +openssl-0.9.8k-usa.tar.bz2 diff --git a/openssl-0.9.8j-fipscheck-hmac.patch b/openssl-0.9.8k-fipscheck-hmac.patch similarity index 76% rename from openssl-0.9.8j-fipscheck-hmac.patch rename to openssl-0.9.8k-fipscheck-hmac.patch index 3ba459b..c47cb82 100644 --- a/openssl-0.9.8j-fipscheck-hmac.patch +++ b/openssl-0.9.8k-fipscheck-hmac.patch @@ -1,8 +1,6 @@ -Produce fipscheck compatible HMAC-SHA256 with the fips_standalone_sha1 binary. -We use the binary just during the OpenSSL build to checksum the libcrypto. -diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha/Makefile ---- openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100 -+++ openssl-0.9.8j/fips/sha/Makefile 2009-01-14 16:39:41.000000000 +0100 +diff -up openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8k/fips/sha/Makefile +--- openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100 ++++ openssl-0.9.8k/fips/sha/Makefile 2009-03-25 20:18:08.000000000 +0100 @@ -46,7 +46,7 @@ lib: $(LIBOBJ) @echo $(LIBOBJ) > lib @@ -12,9 +10,9 @@ diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM files: -diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8j/fips/sha/fips_standalone_sha1.c ---- openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2008-09-16 12:12:23.000000000 +0200 -+++ openssl-0.9.8j/fips/sha/fips_standalone_sha1.c 2009-01-14 17:07:56.000000000 +0100 +diff -up openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8k/fips/sha/fips_standalone_sha1.c +--- openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2009-01-15 13:34:54.000000000 +0100 ++++ openssl-0.9.8k/fips/sha/fips_standalone_sha1.c 2009-03-25 20:18:08.000000000 +0100 @@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len) #ifdef OPENSSL_FIPS @@ -23,7 +21,7 @@ diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0 +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx, const char *key) { - int len=strlen(key); + size_t len=strlen(key); @@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH if (len > SHA_CBLOCK) @@ -91,15 +89,6 @@ diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0 int i; if(!f) -@@ -139,7 +139,7 @@ int main(int argc,char **argv) - for( ; ; ) - { - char buf[1024]; -- int l=fread(buf,1,sizeof buf,f); -+ size_t l=fread(buf,1,sizeof buf,f); - - if(l == 0) - { @@ -151,18 +151,18 @@ int main(int argc,char **argv) else break; diff --git a/openssl-0.9.8j-use-fipscheck.patch b/openssl-0.9.8k-use-fipscheck.patch similarity index 82% rename from openssl-0.9.8j-use-fipscheck.patch rename to openssl-0.9.8k-use-fipscheck.patch index c21075a..e8298ff 100644 --- a/openssl-0.9.8j-use-fipscheck.patch +++ b/openssl-0.9.8k-use-fipscheck.patch @@ -1,17 +1,17 @@ -diff -up openssl-0.9.8j/test/Makefile.use-fipscheck openssl-0.9.8j/test/Makefile ---- openssl-0.9.8j/test/Makefile.use-fipscheck 2008-12-13 13:22:47.000000000 +0100 -+++ openssl-0.9.8j/test/Makefile 2009-02-02 13:24:36.000000000 +0100 -@@ -402,8 +402,7 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$ +diff -up openssl-0.9.8k/test/Makefile.use-fipscheck openssl-0.9.8k/test/Makefile +--- openssl-0.9.8k/test/Makefile.use-fipscheck 2009-03-25 11:59:22.000000000 +0100 ++++ openssl-0.9.8k/test/Makefile 2009-03-25 20:14:10.000000000 +0100 +@@ -401,9 +401,6 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$ + fi; \ if [ "$(FIPSCANLIB)" = "libfips" ]; then \ LIBRARIES="-L$(TOP) -lfips"; \ - elif [ -n "$(FIPSCANLIB)" ]; then \ +- elif [ -n "$(FIPSCANLIB)" ]; then \ - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ - LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ -+ LIBRARIES="$(LIBCRYPTO)"; \ + else \ + LIBRARIES="$(LIBCRYPTO)"; \ fi; \ - $(MAKE) -f $(TOP)/Makefile.shared -e \ - CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ -@@ -414,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if +@@ -416,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if shlib_target="$(SHLIB_TARGET)"; \ fi; \ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ @@ -21,9 +21,9 @@ diff -up openssl-0.9.8j/test/Makefile.use-fipscheck openssl-0.9.8j/test/Makefile [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ -diff -up openssl-0.9.8j/Makefile.org.use-fipscheck openssl-0.9.8j/Makefile.org ---- openssl-0.9.8j/Makefile.org.use-fipscheck 2009-02-02 13:24:36.000000000 +0100 -+++ openssl-0.9.8j/Makefile.org 2009-02-02 13:24:36.000000000 +0100 +diff -up openssl-0.9.8k/Makefile.org.use-fipscheck openssl-0.9.8k/Makefile.org +--- openssl-0.9.8k/Makefile.org.use-fipscheck 2009-03-25 20:10:37.000000000 +0100 ++++ openssl-0.9.8k/Makefile.org 2009-03-25 20:10:37.000000000 +0100 @@ -357,10 +357,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ $(AR) libcrypto.a fips/fipscanister.o ; \ @@ -55,9 +55,9 @@ diff -up openssl-0.9.8j/Makefile.org.use-fipscheck openssl-0.9.8j/Makefile.org echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc Makefile: Makefile.org Configure config -diff -up openssl-0.9.8j/fips/fips.c.use-fipscheck openssl-0.9.8j/fips/fips.c ---- openssl-0.9.8j/fips/fips.c.use-fipscheck 2008-09-16 12:12:09.000000000 +0200 -+++ openssl-0.9.8j/fips/fips.c 2009-02-02 13:31:53.000000000 +0100 +diff -up openssl-0.9.8k/fips/fips.c.use-fipscheck openssl-0.9.8k/fips/fips.c +--- openssl-0.9.8k/fips/fips.c.use-fipscheck 2008-09-16 12:12:09.000000000 +0200 ++++ openssl-0.9.8k/fips/fips.c 2009-03-25 20:10:37.000000000 +0100 @@ -47,6 +47,7 @@ * */ @@ -326,9 +326,9 @@ diff -up openssl-0.9.8j/fips/fips.c.use-fipscheck openssl-0.9.8j/fips/fips.c /* Generalized public key test routine. Signs and verifies the data * supplied in tbs using mesage digest md and setting option digest -diff -up openssl-0.9.8j/fips/Makefile.use-fipscheck openssl-0.9.8j/fips/Makefile ---- openssl-0.9.8j/fips/Makefile.use-fipscheck 2009-02-02 13:24:36.000000000 +0100 -+++ openssl-0.9.8j/fips/Makefile 2009-02-02 13:24:36.000000000 +0100 +diff -up openssl-0.9.8k/fips/Makefile.use-fipscheck openssl-0.9.8k/fips/Makefile +--- openssl-0.9.8k/fips/Makefile.use-fipscheck 2009-03-25 20:10:37.000000000 +0100 ++++ openssl-0.9.8k/fips/Makefile 2009-03-25 20:16:09.000000000 +0100 @@ -62,9 +62,9 @@ testapps: all: @@ -358,20 +358,27 @@ diff -up openssl-0.9.8j/fips/Makefile.use-fipscheck openssl-0.9.8j/fips/Makefile libs: @target=lib; $(RECURSIVE_MAKE) -@@ -195,10 +194,6 @@ install: +@@ -195,17 +194,6 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; @target=install; $(RECURSIVE_MAKE) -- @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \ -- fips_premain.c.sha1 \ +- for i in $(EXE) ; \ +- do \ +- echo "installing $$i"; \ +- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ +- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ +- done +- cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \ +- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \ - chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips* lint: @target=lint; $(RECURSIVE_MAKE) -diff -up openssl-0.9.8j/fips/fips_locl.h.use-fipscheck openssl-0.9.8j/fips/fips_locl.h ---- openssl-0.9.8j/fips/fips_locl.h.use-fipscheck 2008-09-16 12:12:10.000000000 +0200 -+++ openssl-0.9.8j/fips/fips_locl.h 2009-02-02 13:24:36.000000000 +0100 +diff -up openssl-0.9.8k/fips/fips_locl.h.use-fipscheck openssl-0.9.8k/fips/fips_locl.h +--- openssl-0.9.8k/fips/fips_locl.h.use-fipscheck 2008-09-16 12:12:10.000000000 +0200 ++++ openssl-0.9.8k/fips/fips_locl.h 2009-03-25 20:10:37.000000000 +0100 @@ -63,7 +63,9 @@ int fips_is_owning_thread(void); int fips_set_owning_thread(void); void fips_set_selftest_fail(void); diff --git a/openssl-0.9.8b-x509-name-cmp.patch b/openssl-0.9.8k-x509-name-cmp.patch similarity index 55% rename from openssl-0.9.8b-x509-name-cmp.patch rename to openssl-0.9.8k-x509-name-cmp.patch index c7e8848..d5fa16b 100644 --- a/openssl-0.9.8b-x509-name-cmp.patch +++ b/openssl-0.9.8k-x509-name-cmp.patch @@ -1,6 +1,7 @@ ---- openssl-0.9.8b/crypto/x509/x509_cmp.c.name-cmp 2004-12-01 02:45:30.000000000 +0100 -+++ openssl-0.9.8b/crypto/x509/x509_cmp.c 2006-11-30 23:37:26.000000000 +0100 -@@ -282,14 +282,7 @@ +diff -up openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp openssl-0.9.8k/crypto/x509/x509_cmp.c +--- openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp 2009-02-15 13:10:39.000000000 +0100 ++++ openssl-0.9.8k/crypto/x509/x509_cmp.c 2009-03-25 20:04:41.000000000 +0100 +@@ -282,15 +282,7 @@ int X509_NAME_cmp(const X509_NAME *a, co nb=sk_X509_NAME_ENTRY_value(b->entries,i); j=na->value->type-nb->value->type; if (j) @@ -10,7 +11,8 @@ - if (!(nabit & STR_TYPE_CMP) || - !(nbbit & STR_TYPE_CMP)) - return j; -- j = asn1_string_memcmp(na->value, nb->value); +- if (!asn1_string_memcmp(na->value, nb->value)) +- j = 0; - } + return j; else if (na->value->type == V_ASN1_PRINTABLESTRING) diff --git a/openssl.spec b/openssl.spec index 1412a7f..107081d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ # 0.9.7ef soversion = 5 # 0.9.8ab soversion = 6 # 0.9.8g soversion = 7 -# 0.9.8j + EAP-FAST soversion = 8 +# 0.9.8jk + EAP-FAST soversion = 8 %define soversion 8 # Number of threads to spawn when testing some threading fixes. @@ -22,8 +22,8 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl -Version: 0.9.8j -Release: 10%{?dist} +Version: 0.9.8k +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -44,7 +44,7 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch Patch7: openssl-0.9.8j-shlib-version.patch # Bug fixes Patch21: openssl-0.9.8b-aliasing-bug.patch -Patch22: openssl-0.9.8b-x509-name-cmp.patch +Patch22: openssl-0.9.8k-x509-name-cmp.patch Patch23: openssl-0.9.8g-default-paths.patch Patch24: openssl-0.9.8g-no-extssl.patch # Functionality changes @@ -55,8 +55,8 @@ Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch39: openssl-0.9.8g-ipv6-apps.patch Patch40: openssl-0.9.8j-nocanister.patch -Patch41: openssl-0.9.8j-use-fipscheck.patch -Patch42: openssl-0.9.8j-fipscheck-hmac.patch +Patch41: openssl-0.9.8k-use-fipscheck.patch +Patch42: openssl-0.9.8k-fipscheck-hmac.patch Patch43: openssl-0.9.8j-evp-nonfips.patch Patch44: openssl-0.9.8j-kernel-fipsmode.patch Patch45: openssl-0.9.8j-env-nozlib.patch @@ -408,6 +408,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Thu Mar 25 2009 Tomas Mraz 0.9.8k-1 +- update to new upstream release (minor bug fixes, security + fixes and machine code optimizations only) + * Thu Mar 19 2009 Tomas Mraz 0.9.8j-10 - move libraries to /usr/lib (#239375) diff --git a/sources b/sources index f0e2eb7..a5840e3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -573353d8cb4330b71e9985cea4785d61 openssl-0.9.8j-usa.tar.bz2 +de4f31dd6546e8e11b4ffd4332b3c162 openssl-0.9.8k-usa.tar.bz2