rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

- update to new upstream release (minor bug fixes, security fixes and

Browse Source 
machine code optimizations only)
This commit is contained in:
Tomáš Mráz 2009-03-25 21:12:41 +00:00
parent a9567a4b21
commit a9e5f01ef5
6 changed files with 56 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
openssl-0.9.8j-usa.tar.bz2 openssl-0.9.8k-usa.tar.bz2

25
openssl-0.9.8j-fipscheck-hmac.patch → openssl-0.9.8k-fipscheck-hmac.patch
View File

@ -1,8 +1,6 @@
Produce fipscheck compatible HMAC-SHA256 with the fips_standalone_sha1 binary. diff -up openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8k/fips/sha/Makefile
We use the binary just during the OpenSSL build to checksum the libcrypto. --- openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100
diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha/Makefile +++ openssl-0.9.8k/fips/sha/Makefile 2009-03-25 20:18:08.000000000 +0100
--- openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100
+++ openssl-0.9.8j/fips/sha/Makefile 2009-01-14 16:39:41.000000000 +0100
@@ -46,7 +46,7 @@ lib: $(LIBOBJ) @@ -46,7 +46,7 @@ lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib @echo $(LIBOBJ) > lib
@ -12,9 +10,9 @@ diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha
$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
files: files:
diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8j/fips/sha/fips_standalone_sha1.c diff -up openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8k/fips/sha/fips_standalone_sha1.c
--- openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2008-09-16 12:12:23.000000000 +0200 --- openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2009-01-15 13:34:54.000000000 +0100
+++ openssl-0.9.8j/fips/sha/fips_standalone_sha1.c 2009-01-14 17:07:56.000000000 +0100 +++ openssl-0.9.8k/fips/sha/fips_standalone_sha1.c 2009-03-25 20:18:08.000000000 +0100
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len) @@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
@ -23,7 +21,7 @@ diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx, +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
const char *key) const char *key)
{ {
int len=strlen(key); size_t len=strlen(key);
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH @@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
if (len > SHA_CBLOCK) if (len > SHA_CBLOCK)
@ -91,15 +89,6 @@ diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0
int i; int i;
if(!f) if(!f)
@@ -139,7 +139,7 @@ int main(int argc,char **argv)
for( ; ; )
{
char buf[1024];
- int l=fread(buf,1,sizeof buf,f);
+ size_t l=fread(buf,1,sizeof buf,f);
if(l == 0)
{
@@ -151,18 +151,18 @@ int main(int argc,char **argv) @@ -151,18 +151,18 @@ int main(int argc,char **argv)
else else
break; break;

55
openssl-0.9.8j-use-fipscheck.patch → openssl-0.9.8k-use-fipscheck.patch
View File

@ -1,17 +1,17 @@
diff -up openssl-0.9.8j/test/Makefile.use-fipscheck openssl-0.9.8j/test/Makefile diff -up openssl-0.9.8k/test/Makefile.use-fipscheck openssl-0.9.8k/test/Makefile
--- openssl-0.9.8j/test/Makefile.use-fipscheck 2008-12-13 13:22:47.000000000 +0100 --- openssl-0.9.8k/test/Makefile.use-fipscheck 2009-03-25 11:59:22.000000000 +0100
+++ openssl-0.9.8j/test/Makefile 2009-02-02 13:24:36.000000000 +0100 +++ openssl-0.9.8k/test/Makefile 2009-03-25 20:14:10.000000000 +0100
@@ -402,8 +402,7 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$ @@ -401,9 +401,6 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$
fi; \
if [ "$(FIPSCANLIB)" = "libfips" ]; then \ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
LIBRARIES="-L$(TOP) -lfips"; \ LIBRARIES="-L$(TOP) -lfips"; \
elif [ -n "$(FIPSCANLIB)" ]; then \ - elif [ -n "$(FIPSCANLIB)" ]; then \
- FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
- LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ - LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
+ LIBRARIES="$(LIBCRYPTO)"; \ else \
LIBRARIES="$(LIBCRYPTO)"; \
fi; \ fi; \
$(MAKE) -f $(TOP)/Makefile.shared -e \ @@ -416,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if
CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
@@ -414,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if
shlib_target="$(SHLIB_TARGET)"; \ shlib_target="$(SHLIB_TARGET)"; \
fi; \ fi; \
LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
@ -21,9 +21,9 @@ diff -up openssl-0.9.8j/test/Makefile.use-fipscheck openssl-0.9.8j/test/Makefile
[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
$(MAKE) -f $(TOP)/Makefile.shared -e \ $(MAKE) -f $(TOP)/Makefile.shared -e \
CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
diff -up openssl-0.9.8j/Makefile.org.use-fipscheck openssl-0.9.8j/Makefile.org diff -up openssl-0.9.8k/Makefile.org.use-fipscheck openssl-0.9.8k/Makefile.org
--- openssl-0.9.8j/Makefile.org.use-fipscheck 2009-02-02 13:24:36.000000000 +0100 --- openssl-0.9.8k/Makefile.org.use-fipscheck 2009-03-25 20:10:37.000000000 +0100
+++ openssl-0.9.8j/Makefile.org 2009-02-02 13:24:36.000000000 +0100 +++ openssl-0.9.8k/Makefile.org 2009-03-25 20:10:37.000000000 +0100
@@ -357,10 +357,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA @@ -357,10 +357,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
$(AR) libcrypto.a fips/fipscanister.o ; \ $(AR) libcrypto.a fips/fipscanister.o ; \
@ -55,9 +55,9 @@ diff -up openssl-0.9.8j/Makefile.org.use-fipscheck openssl-0.9.8j/Makefile.org
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org Configure config Makefile: Makefile.org Configure config
diff -up openssl-0.9.8j/fips/fips.c.use-fipscheck openssl-0.9.8j/fips/fips.c diff -up openssl-0.9.8k/fips/fips.c.use-fipscheck openssl-0.9.8k/fips/fips.c
--- openssl-0.9.8j/fips/fips.c.use-fipscheck 2008-09-16 12:12:09.000000000 +0200 --- openssl-0.9.8k/fips/fips.c.use-fipscheck 2008-09-16 12:12:09.000000000 +0200
+++ openssl-0.9.8j/fips/fips.c 2009-02-02 13:31:53.000000000 +0100 +++ openssl-0.9.8k/fips/fips.c 2009-03-25 20:10:37.000000000 +0100
@@ -47,6 +47,7 @@ @@ -47,6 +47,7 @@
* *
*/ */
@ -326,9 +326,9 @@ diff -up openssl-0.9.8j/fips/fips.c.use-fipscheck openssl-0.9.8j/fips/fips.c
/* Generalized public key test routine. Signs and verifies the data /* Generalized public key test routine. Signs and verifies the data
* supplied in tbs using mesage digest md and setting option digest * supplied in tbs using mesage digest md and setting option digest
diff -up openssl-0.9.8j/fips/Makefile.use-fipscheck openssl-0.9.8j/fips/Makefile diff -up openssl-0.9.8k/fips/Makefile.use-fipscheck openssl-0.9.8k/fips/Makefile
--- openssl-0.9.8j/fips/Makefile.use-fipscheck 2009-02-02 13:24:36.000000000 +0100 --- openssl-0.9.8k/fips/Makefile.use-fipscheck 2009-03-25 20:10:37.000000000 +0100
+++ openssl-0.9.8j/fips/Makefile 2009-02-02 13:24:36.000000000 +0100 +++ openssl-0.9.8k/fips/Makefile 2009-03-25 20:16:09.000000000 +0100
@@ -62,9 +62,9 @@ testapps: @@ -62,9 +62,9 @@ testapps:
all: all:
@ -358,20 +358,27 @@ diff -up openssl-0.9.8j/fips/Makefile.use-fipscheck openssl-0.9.8j/fips/Makefile
libs: libs:
@target=lib; $(RECURSIVE_MAKE) @target=lib; $(RECURSIVE_MAKE)
@@ -195,10 +194,6 @@ install: @@ -195,17 +194,6 @@ install:
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done; done;
@target=install; $(RECURSIVE_MAKE) @target=install; $(RECURSIVE_MAKE)
- @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \ - for i in $(EXE) ; \
- fips_premain.c.sha1 \ - do \
- echo "installing $$i"; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
- done
- cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
- chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips* - chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
lint: lint:
@target=lint; $(RECURSIVE_MAKE) @target=lint; $(RECURSIVE_MAKE)
diff -up openssl-0.9.8j/fips/fips_locl.h.use-fipscheck openssl-0.9.8j/fips/fips_locl.h diff -up openssl-0.9.8k/fips/fips_locl.h.use-fipscheck openssl-0.9.8k/fips/fips_locl.h
--- openssl-0.9.8j/fips/fips_locl.h.use-fipscheck 2008-09-16 12:12:10.000000000 +0200 --- openssl-0.9.8k/fips/fips_locl.h.use-fipscheck 2008-09-16 12:12:10.000000000 +0200
+++ openssl-0.9.8j/fips/fips_locl.h 2009-02-02 13:24:36.000000000 +0100 +++ openssl-0.9.8k/fips/fips_locl.h 2009-03-25 20:10:37.000000000 +0100
@@ -63,7 +63,9 @@ int fips_is_owning_thread(void); @@ -63,7 +63,9 @@ int fips_is_owning_thread(void);
int fips_set_owning_thread(void); int fips_set_owning_thread(void);
void fips_set_selftest_fail(void); void fips_set_selftest_fail(void);

10
openssl-0.9.8b-x509-name-cmp.patch → openssl-0.9.8k-x509-name-cmp.patch
View File

@ -1,6 +1,7 @@
--- openssl-0.9.8b/crypto/x509/x509_cmp.c.name-cmp 2004-12-01 02:45:30.000000000 +0100 diff -up openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp openssl-0.9.8k/crypto/x509/x509_cmp.c
+++ openssl-0.9.8b/crypto/x509/x509_cmp.c 2006-11-30 23:37:26.000000000 +0100 --- openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp 2009-02-15 13:10:39.000000000 +0100
@@ -282,14 +282,7 @@ +++ openssl-0.9.8k/crypto/x509/x509_cmp.c 2009-03-25 20:04:41.000000000 +0100
@@ -282,15 +282,7 @@ int X509_NAME_cmp(const X509_NAME *a, co
nb=sk_X509_NAME_ENTRY_value(b->entries,i); nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=na->value->type-nb->value->type; j=na->value->type-nb->value->type;
if (j) if (j)
@ -10,7 +11,8 @@
- if (!(nabit & STR_TYPE_CMP) || - if (!(nabit & STR_TYPE_CMP) ||
- !(nbbit & STR_TYPE_CMP)) - !(nbbit & STR_TYPE_CMP))
- return j; - return j;
- j = asn1_string_memcmp(na->value, nb->value); - if (!asn1_string_memcmp(na->value, nb->value))
- j = 0;
- } - }
+ return j; + return j;
else if (na->value->type == V_ASN1_PRINTABLESTRING) else if (na->value->type == V_ASN1_PRINTABLESTRING)

16
openssl.spec
View File

@ -7,7 +7,7 @@
# 0.9.7ef soversion = 5 # 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6 # 0.9.8ab soversion = 6
# 0.9.8g soversion = 7 # 0.9.8g soversion = 7
# 0.9.8j + EAP-FAST soversion = 8 # 0.9.8jk + EAP-FAST soversion = 8
%define soversion 8 %define soversion 8
# Number of threads to spawn when testing some threading fixes. # Number of threads to spawn when testing some threading fixes.
@ -22,8 +22,8 @@
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 0.9.8j Version: 0.9.8k
Release: 10%{?dist} Release: 1%{?dist}
# We remove certain patented algorithms from the openssl source tarball # We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below. # with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
@ -44,7 +44,7 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-0.9.8j-shlib-version.patch Patch7: openssl-0.9.8j-shlib-version.patch
# Bug fixes # Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch Patch21: openssl-0.9.8b-aliasing-bug.patch
Patch22: openssl-0.9.8b-x509-name-cmp.patch Patch22: openssl-0.9.8k-x509-name-cmp.patch
Patch23: openssl-0.9.8g-default-paths.patch Patch23: openssl-0.9.8g-default-paths.patch
Patch24: openssl-0.9.8g-no-extssl.patch Patch24: openssl-0.9.8g-no-extssl.patch
# Functionality changes # Functionality changes
@ -55,8 +55,8 @@ Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch
Patch39: openssl-0.9.8g-ipv6-apps.patch Patch39: openssl-0.9.8g-ipv6-apps.patch
Patch40: openssl-0.9.8j-nocanister.patch Patch40: openssl-0.9.8j-nocanister.patch
Patch41: openssl-0.9.8j-use-fipscheck.patch Patch41: openssl-0.9.8k-use-fipscheck.patch
Patch42: openssl-0.9.8j-fipscheck-hmac.patch Patch42: openssl-0.9.8k-fipscheck-hmac.patch
Patch43: openssl-0.9.8j-evp-nonfips.patch Patch43: openssl-0.9.8j-evp-nonfips.patch
Patch44: openssl-0.9.8j-kernel-fipsmode.patch Patch44: openssl-0.9.8j-kernel-fipsmode.patch
Patch45: openssl-0.9.8j-env-nozlib.patch Patch45: openssl-0.9.8j-env-nozlib.patch
@ -408,6 +408,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Thu Mar 25 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-1
- update to new upstream release (minor bug fixes, security
fixes and machine code optimizations only)
* Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-10 * Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-10
- move libraries to /usr/lib (#239375) - move libraries to /usr/lib (#239375)

2
sources
View File

@ -1 +1 @@
573353d8cb4330b71e9985cea4785d61 openssl-0.9.8j-usa.tar.bz2 de4f31dd6546e8e11b4ffd4332b3c162 openssl-0.9.8k-usa.tar.bz2