silence the .rnd write failure as that is auxiliary functionality (#1524833)

This commit is contained in:
Tomas Mraz 2018-01-11 18:08:54 +01:00
parent f20f5f466f
commit 899f2baacb
2 changed files with 30 additions and 1 deletions

View File

@ -0,0 +1,24 @@
diff -up openssl-1.1.0g/apps/app_rand.c.silent-rnd-write openssl-1.1.0g/apps/app_rand.c
--- openssl-1.1.0g/apps/app_rand.c.silent-rnd-write 2017-05-25 14:46:17.000000000 +0200
+++ openssl-1.1.0g/apps/app_rand.c 2018-01-11 18:05:32.332703425 +0100
@@ -91,6 +91,7 @@ long app_RAND_load_files(char *name)
int app_RAND_write_file(const char *file)
{
char buffer[200];
+ const char *origfile = file;
if (egdsocket || !seeded)
/*
@@ -103,8 +104,10 @@ int app_RAND_write_file(const char *file
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
if (file == NULL || !RAND_write_file(file)) {
- BIO_printf(bio_err, "unable to write 'random state'\n");
- return 0;
+ if (origfile != NULL) {
+ BIO_printf(bio_err, "unable to write 'random state'\n");
+ return 0;
+ }
}
return 1;
}

View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.0g
Release: 2%{?dist}
Release: 3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -60,6 +60,7 @@ Patch41: openssl-1.1.0-system-cipherlist.patch
Patch42: openssl-1.1.0-fips.patch
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
Patch45: openssl-1.1.0-weak-ciphers.patch
Patch46: openssl-1.1.0-silent-rnd-write.patch
# Backported fixes including security fixes
License: OpenSSL
@ -161,6 +162,7 @@ cp %{SOURCE13} test/
%patch42 -p1 -b .fips
%patch44 -p1 -b .preserve-nl
%patch45 -p1 -b .weak-ciphers
%patch46 -p1 -b .silent-rnd-write
%build
# Figure out which flags we want to use.
@ -431,6 +433,9 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
* Thu Jan 11 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-3
- silence the .rnd write failure as that is auxiliary functionality (#1524833)
* Thu Dec 14 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-2
- put the Makefile.certificate in pkgdocdir and drop the requirement on make