From 3ff2d49a83bc6aed93deba67ad602802de9e38e2 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 16 Nov 2010 18:21:39 +0100
Subject: [PATCH] - new upstream version fixing CVE-2010-3864 (#649304)

---
 ...-aesni.patch => openssl-1.0.0b-aesni.patch | 78 +++++++++----------
 ...ps.patch => openssl-1.0.0b-ipv6-apps.patch | 39 +++++-----
 ...sion.patch => openssl-1.0.0b-version.patch | 14 ++--
 openssl.spec                                  | 13 ++--
 4 files changed, 72 insertions(+), 72 deletions(-)
 rename openssl-1.0.0-beta4-aesni.patch => openssl-1.0.0b-aesni.patch (95%)
 rename openssl-1.0.0-beta5-ipv6-apps.patch => openssl-1.0.0b-ipv6-apps.patch (91%)
 rename openssl-1.0.0a-version.patch => openssl-1.0.0b-version.patch (52%)

diff --git a/openssl-1.0.0-beta4-aesni.patch b/openssl-1.0.0b-aesni.patch
similarity index 95%
rename from openssl-1.0.0-beta4-aesni.patch
rename to openssl-1.0.0b-aesni.patch
index f57918b..1dda6bf 100644
--- a/openssl-1.0.0-beta4-aesni.patch
+++ b/openssl-1.0.0b-aesni.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
---- openssl-1.0.0-beta4/Configure.aesni	2010-01-07 23:38:31.000000000 +0100
-+++ openssl-1.0.0-beta4/Configure	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/Configure.aesni openssl-1.0.0b/Configure
+--- openssl-1.0.0b/Configure.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/Configure	2010-11-16 17:35:15.000000000 +0100
 @@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
  my $bits1="THIRTY_TWO_BIT ";
  my $bits2="SIXTY_FOUR_BIT ";
@@ -21,10 +21,10 @@ diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
  "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
 -"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
 +"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+ "debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+ "debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
  # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
- # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
- "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/)
+@@ -1419,6 +1419,7 @@ if ($rmd160_obj =~ /\.o$/)
  if ($aes_obj =~ /\.o$/)
  	{
  	$cflags.=" -DAES_ASM";
@@ -32,9 +32,9 @@ diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
  	}
  else	{
  	$aes_obj=$aes_enc;
-diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl
---- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni	2010-01-12 22:18:06.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl
+--- openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,765 @@
 +#!/usr/bin/env perl
 +
@@ -801,9 +801,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-bet
 +&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
 +
 +&asm_finish();
-diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl
---- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni	2010-01-12 22:18:06.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl
+--- openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,991 @@
 +#!/usr/bin/env perl
 +#
@@ -1796,9 +1796,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-
 +print $code;
 +
 +close STDOUT;
-diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypto/aes/Makefile
---- openssl-1.0.0-beta4/crypto/aes/Makefile.aesni	2008-12-23 12:33:00.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/aes/Makefile	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/aes/Makefile.aesni openssl-1.0.0b/crypto/aes/Makefile
+--- openssl-1.0.0b/crypto/aes/Makefile.aesni	2008-12-23 12:33:00.000000000 +0100
++++ openssl-1.0.0b/crypto/aes/Makefile	2010-11-16 17:33:23.000000000 +0100
 @@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
  
  aes-586.s:	asm/aes-586.pl ../perlasm/x86asm.pl
@@ -1813,9 +1813,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypt
  
  aes-sparcv9.s: asm/aes-sparcv9.pl
  	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
-diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_aesni.c
---- openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni	2010-01-12 22:18:06.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/engine/eng_aesni.c	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni openssl-1.0.0b/crypto/engine/eng_aesni.c
+--- openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/eng_aesni.c	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,413 @@
 +/*
 + * Support for Intel AES-NI intruction set
@@ -2230,9 +2230,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4
 +
 +#endif /* COMPILE_HW_AESNI */
 +#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
-diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_all.c
---- openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni	2010-01-07 23:38:31.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/engine/eng_all.c	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/engine/eng_all.c.aesni openssl-1.0.0b/crypto/engine/eng_all.c
+--- openssl-1.0.0b/crypto/engine/eng_all.c.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/eng_all.c	2010-11-16 17:33:23.000000000 +0100
 @@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
  #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
  	ENGINE_load_cryptodev();
@@ -2243,10 +2243,10 @@ diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/c
  	ENGINE_load_dynamic();
  #ifndef OPENSSL_NO_STATIC_ENGINE
  #ifndef OPENSSL_NO_HW
-diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/crypto/engine/engine.h
---- openssl-1.0.0-beta4/crypto/engine/engine.h.aesni	2010-01-07 23:38:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/engine/engine.h	2010-01-12 22:18:06.000000000 +0100
-@@ -342,6 +342,7 @@ void ENGINE_load_gost(void);
+diff -up openssl-1.0.0b/crypto/engine/engine.h.aesni openssl-1.0.0b/crypto/engine/engine.h
+--- openssl-1.0.0b/crypto/engine/engine.h.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/engine.h	2010-11-16 17:33:23.000000000 +0100
+@@ -338,6 +338,7 @@ void ENGINE_load_gost(void);
  #endif
  #endif
  void ENGINE_load_cryptodev(void);
@@ -2254,9 +2254,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/cr
  void ENGINE_load_builtin_engines(void);
  
  /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
-diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/crypto/engine/Makefile
---- openssl-1.0.0-beta4/crypto/engine/Makefile.aesni	2008-06-04 13:01:29.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/engine/Makefile	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/engine/Makefile.aesni openssl-1.0.0b/crypto/engine/Makefile
+--- openssl-1.0.0b/crypto/engine/Makefile.aesni	2010-11-15 15:44:49.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/Makefile	2010-11-16 17:33:23.000000000 +0100
 @@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
  	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
  	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
@@ -2274,9 +2274,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/cr
  
  SRC= $(LIBSRC)
  
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/crypto/evp/evp_err.c
---- openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni	2010-01-07 23:38:31.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/crypto/evp/evp_err.c.aesni openssl-1.0.0b/crypto/evp/evp_err.c
+--- openssl-1.0.0b/crypto/evp/evp_err.c.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/evp/evp_err.c	2010-11-16 17:33:23.000000000 +0100
 @@ -1,6 +1,6 @@
  /* crypto/evp/evp_err.c */
  /* ====================================================================
@@ -2293,7 +2293,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/cryp
  {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
  {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
  {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
-@@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
+@@ -86,7 +87,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
  {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
  {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
  {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
@@ -2302,10 +2302,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/cryp
  {ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
  {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
  {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),	"EVP_PBE_alg_add_type"},
-diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/evp/evp.h
---- openssl-1.0.0-beta4/crypto/evp/evp.h.aesni	2010-01-07 23:38:31.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp.h	2010-01-12 22:18:06.000000000 +0100
-@@ -1162,6 +1162,7 @@ void ERR_load_EVP_strings(void);
+diff -up openssl-1.0.0b/crypto/evp/evp.h.aesni openssl-1.0.0b/crypto/evp/evp.h
+--- openssl-1.0.0b/crypto/evp/evp.h.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/evp/evp.h	2010-11-16 17:33:23.000000000 +0100
+@@ -1167,6 +1167,7 @@ void ERR_load_EVP_strings(void);
  /* Error codes for the EVP functions. */
  
  /* Function codes. */
@@ -2313,9 +2313,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/e
  #define EVP_F_AES_INIT_KEY				 133
  #define EVP_F_CAMELLIA_INIT_KEY				 159
  #define EVP_F_D2I_PKEY					 100
-diff -up openssl-1.0.0-beta4/test/test_aesni.aesni openssl-1.0.0-beta4/test/test_aesni
---- openssl-1.0.0-beta4/test/test_aesni.aesni	2010-01-12 22:18:06.000000000 +0100
-+++ openssl-1.0.0-beta4/test/test_aesni	2010-01-12 22:18:06.000000000 +0100
+diff -up openssl-1.0.0b/test/test_aesni.aesni openssl-1.0.0b/test/test_aesni
+--- openssl-1.0.0b/test/test_aesni.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/test/test_aesni	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,69 @@
 +#!/bin/sh
 +
diff --git a/openssl-1.0.0-beta5-ipv6-apps.patch b/openssl-1.0.0b-ipv6-apps.patch
similarity index 91%
rename from openssl-1.0.0-beta5-ipv6-apps.patch
rename to openssl-1.0.0b-ipv6-apps.patch
index 4304c01..b85a5d8 100644
--- a/openssl-1.0.0-beta5-ipv6-apps.patch
+++ b/openssl-1.0.0b-ipv6-apps.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h
---- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps	2010-02-03 09:43:49.000000000 +0100
-+++ openssl-1.0.0-beta5/apps/s_apps.h	2010-02-03 09:43:49.000000000 +0100
+diff -up openssl-1.0.0b/apps/s_apps.h.ipv6-apps openssl-1.0.0b/apps/s_apps.h
+--- openssl-1.0.0b/apps/s_apps.h.ipv6-apps	2010-11-16 17:19:29.000000000 +0100
++++ openssl-1.0.0b/apps/s_apps.h	2010-11-16 17:19:29.000000000 +0100
 @@ -148,7 +148,7 @@ typedef fd_mask fd_set;
  #define PORT_STR        "4433"
  #define PROTOCOL        "tcp"
@@ -23,9 +23,9 @@ diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_
  
  long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
  				   int argi, long argl, long ret);
-diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c
---- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps	2010-02-03 09:43:49.000000000 +0100
-+++ openssl-1.0.0-beta5/apps/s_client.c	2010-02-03 09:43:49.000000000 +0100
+diff -up openssl-1.0.0b/apps/s_client.c.ipv6-apps openssl-1.0.0b/apps/s_client.c
+--- openssl-1.0.0b/apps/s_client.c.ipv6-apps	2010-11-16 17:19:29.000000000 +0100
++++ openssl-1.0.0b/apps/s_client.c	2010-11-16 17:19:29.000000000 +0100
 @@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
  	int cbuf_len,cbuf_off;
  	int sbuf_len,sbuf_off;
@@ -60,9 +60,9 @@ diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/
  		{
  		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
  		SHUTDOWN(s);
-diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c
---- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps	2010-02-03 09:43:49.000000000 +0100
-+++ openssl-1.0.0-beta5/apps/s_server.c	2010-02-03 09:43:49.000000000 +0100
+diff -up openssl-1.0.0b/apps/s_server.c.ipv6-apps openssl-1.0.0b/apps/s_server.c
+--- openssl-1.0.0b/apps/s_server.c.ipv6-apps	2010-11-16 17:19:29.000000000 +0100
++++ openssl-1.0.0b/apps/s_server.c	2010-11-16 17:19:29.000000000 +0100
 @@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
  	{
  	X509_VERIFY_PARAM *vpm = NULL;
@@ -94,9 +94,9 @@ diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/
  	print_stats(bio_s_out,ctx);
  	ret=0;
  end:
-diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c
---- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps	2009-08-26 13:21:50.000000000 +0200
-+++ openssl-1.0.0-beta5/apps/s_socket.c	2010-02-03 10:00:30.000000000 +0100
+diff -up openssl-1.0.0b/apps/s_socket.c.ipv6-apps openssl-1.0.0b/apps/s_socket.c
+--- openssl-1.0.0b/apps/s_socket.c.ipv6-apps	2010-07-05 13:03:22.000000000 +0200
++++ openssl-1.0.0b/apps/s_socket.c	2010-11-16 17:27:18.000000000 +0100
 @@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
  static void ssl_sock_cleanup(void);
  #endif
@@ -226,7 +226,7 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
  	{
 -	int ret=0;
 -	struct sockaddr_in server;
--	int s= -1,i;
+-	int s= -1;
 +	struct addrinfo *res, *res0, hints;
 +	char * failed_call = NULL;
 +	char port_name[8];
@@ -277,7 +277,7 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
  #if defined SOL_SOCKET && defined SO_REUSEADDR
  		{
  		int j = 1;
-@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i
+@@ -357,35 +372,39 @@ static int init_server_long(int *sock, i
  			   (void *) &j, sizeof j);
  		}
  #endif
@@ -294,7 +294,6 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
  		}
 -	/* Make it 128 for linux */
 -	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
--	i=0;
 -	*sock=s;
 -	ret=1;
 -err:
@@ -328,16 +327,15 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
  
  static int do_accept(int acc_sock, int *sock, char **host)
  	{
--	int ret,i;
--	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
 +	static struct sockaddr_storage from;
 +	char buffer[NI_MAXHOST];
-+	int ret;
+ 	int ret;
+-	struct hostent *h1,*h2;
+-	static struct sockaddr_in from;
  	int len;
  /*	struct linger ling; */
  
-@@ -432,136 +450,58 @@ redoit:
+@@ -432,135 +451,58 @@ redoit:
  */
  
  	if (host == NULL) goto end;
@@ -376,7 +374,6 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
 -			BIO_printf(bio_err,"gethostbyname failure\n");
 -			return(0);
 -			}
--		i=0;
 -		if (h2->h_addrtype != AF_INET)
 -			{
 -			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
diff --git a/openssl-1.0.0a-version.patch b/openssl-1.0.0b-version.patch
similarity index 52%
rename from openssl-1.0.0a-version.patch
rename to openssl-1.0.0b-version.patch
index 75003af..bdb6ab6 100644
--- a/openssl-1.0.0a-version.patch
+++ b/openssl-1.0.0b-version.patch
@@ -1,22 +1,22 @@
-diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h
---- openssl-1.0.0a/crypto/opensslv.h.version	2010-08-13 12:40:00.000000000 +0200
-+++ openssl-1.0.0a/crypto/opensslv.h	2010-09-07 21:38:41.000000000 +0200
+diff -up openssl-1.0.0b/crypto/opensslv.h.version openssl-1.0.0b/crypto/opensslv.h
+--- openssl-1.0.0b/crypto/opensslv.h.version	2010-11-16 17:31:23.000000000 +0100
++++ openssl-1.0.0b/crypto/opensslv.h	2010-11-16 17:32:59.000000000 +0100
 @@ -25,7 +25,8 @@
   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
   *  major minor fix final patch/beta)
   */
--#define OPENSSL_VERSION_NUMBER	0x1000001fL
+-#define OPENSSL_VERSION_NUMBER	0x1000002f
 +/* we have to keep the version number to not break the abi */
-+#define OPENSSL_VERSION_NUMBER	0x10000003L
++#define OPENSSL_VERSION_NUMBER	0x10000003
  #ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0a-fips 1 Jun 2010"
+ #define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0b-fips 16 Nov 2010"
  #else
 @@ -83,7 +84,7 @@
   * should only keep the versions that are binary compatible with the current.
   */
  #define SHLIB_VERSION_HISTORY ""
 -#define SHLIB_VERSION_NUMBER "1.0.0"
-+#define SHLIB_VERSION_NUMBER "1.0.0a"
++#define SHLIB_VERSION_NUMBER "1.0.0b"
  
  
  #endif /* HEADER_OPENSSLV_H */
diff --git a/openssl.spec b/openssl.spec
index 17a8d67..8e4a9de 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -20,8 +20,8 @@
 
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.0.0a
-Release: 3%{?dist}
+Version: 1.0.0b
+Release: 1%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
 Source: openssl-%{version}-usa.tar.bz2
@@ -50,7 +50,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
 Patch34: openssl-0.9.6-x509.patch
 Patch35: openssl-0.9.8j-version-add-engines.patch
 Patch38: openssl-1.0.0-beta5-cipher-change.patch
-Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
+Patch39: openssl-1.0.0b-ipv6-apps.patch
 Patch40: openssl-1.0.0a-fips.patch
 Patch41: openssl-1.0.0-beta3-fipscheck.patch
 Patch43: openssl-1.0.0a-fipsmode.patch
@@ -59,8 +59,8 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
 Patch47: openssl-1.0.0-beta5-readme-warning.patch
 Patch49: openssl-1.0.0-beta4-algo-doc.patch
 Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
-Patch51: openssl-1.0.0a-version.patch
-Patch52: openssl-1.0.0-beta4-aesni.patch
+Patch51: openssl-1.0.0b-version.patch
+Patch52: openssl-1.0.0b-aesni.patch
 Patch53: openssl-1.0.0-name-hash.patch
 # Backported fixes including security fixes
 
@@ -393,6 +393,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Nov 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-1
+- new upstream version fixing CVE-2010-3864 (#649304)
+
 * Tue Sep  7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-3
 - make SHLIB_VERSION reflect the library suffix