- update to new upstream release (minor bug fixes, security fixes and
machine code optimizations only)
This commit is contained in:
Tomáš Mráz
parent
a9567a4b21
commit
a9e5f01ef5
|
|
@ -1 +1 @@
|
|||
openssl-0.9.8j-usa.tar.bz2
|
||||
openssl-0.9.8k-usa.tar.bz2
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
Produce fipscheck compatible HMAC-SHA256 with the fips_standalone_sha1 binary.
|
||||
We use the binary just during the OpenSSL build to checksum the libcrypto.
|
||||
diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha/Makefile
|
||||
--- openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100
|
||||
+++ openssl-0.9.8j/fips/sha/Makefile 2009-01-14 16:39:41.000000000 +0100
|
||||
diff -up openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8k/fips/sha/Makefile
|
||||
--- openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac 2008-10-26 19:42:05.000000000 +0100
|
||||
+++ openssl-0.9.8k/fips/sha/Makefile 2009-03-25 20:18:08.000000000 +0100
|
||||
@@ -46,7 +46,7 @@ lib: $(LIBOBJ)
|
||||
@echo $(LIBOBJ) > lib
|
||||
|
||||
|
|
@ -12,9 +10,9 @@ diff -up openssl-0.9.8j/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8j/fips/sha
|
|||
$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
|
||||
|
||||
files:
|
||||
diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8j/fips/sha/fips_standalone_sha1.c
|
||||
--- openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2008-09-16 12:12:23.000000000 +0200
|
||||
+++ openssl-0.9.8j/fips/sha/fips_standalone_sha1.c 2009-01-14 17:07:56.000000000 +0100
|
||||
diff -up openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8k/fips/sha/fips_standalone_sha1.c
|
||||
--- openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac 2009-01-15 13:34:54.000000000 +0100
|
||||
+++ openssl-0.9.8k/fips/sha/fips_standalone_sha1.c 2009-03-25 20:18:08.000000000 +0100
|
||||
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
|
|
@ -23,7 +21,7 @@ diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0
|
|||
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
|
||||
const char *key)
|
||||
{
|
||||
int len=strlen(key);
|
||||
size_t len=strlen(key);
|
||||
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
|
||||
|
||||
if (len > SHA_CBLOCK)
|
||||
|
|
@ -91,15 +89,6 @@ diff -up openssl-0.9.8j/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0
|
|||
int i;
|
||||
|
||||
if(!f)
|
||||
@@ -139,7 +139,7 @@ int main(int argc,char **argv)
|
||||
for( ; ; )
|
||||
{
|
||||
char buf[1024];
|
||||
- int l=fread(buf,1,sizeof buf,f);
|
||||
+ size_t l=fread(buf,1,sizeof buf,f);
|
||||
|
||||
if(l == 0)
|
||||
{
|
||||
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
|
||||
else
|
||||
break;
|
||||
|
|
@ -1,17 +1,17 @@
|
|||
diff -up openssl-0.9.8j/test/Makefile.use-fipscheck openssl-0.9.8j/test/Makefile
|
||||
--- openssl-0.9.8j/test/Makefile.use-fipscheck 2008-12-13 13:22:47.000000000 +0100
|
||||
+++ openssl-0.9.8j/test/Makefile 2009-02-02 13:24:36.000000000 +0100
|
||||
@@ -402,8 +402,7 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$
|
||||
diff -up openssl-0.9.8k/test/Makefile.use-fipscheck openssl-0.9.8k/test/Makefile
|
||||
--- openssl-0.9.8k/test/Makefile.use-fipscheck 2009-03-25 11:59:22.000000000 +0100
|
||||
+++ openssl-0.9.8k/test/Makefile 2009-03-25 20:14:10.000000000 +0100
|
||||
@@ -401,9 +401,6 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$
|
||||
fi; \
|
||||
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
|
||||
LIBRARIES="-L$(TOP) -lfips"; \
|
||||
elif [ -n "$(FIPSCANLIB)" ]; then \
|
||||
- elif [ -n "$(FIPSCANLIB)" ]; then \
|
||||
- FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
|
||||
- LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
|
||||
+ LIBRARIES="$(LIBCRYPTO)"; \
|
||||
else \
|
||||
LIBRARIES="$(LIBCRYPTO)"; \
|
||||
fi; \
|
||||
$(MAKE) -f $(TOP)/Makefile.shared -e \
|
||||
CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
|
||||
@@ -414,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if
|
||||
@@ -416,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if
|
||||
shlib_target="$(SHLIB_TARGET)"; \
|
||||
fi; \
|
||||
LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
|
||||
|
|
@ -21,9 +21,9 @@ diff -up openssl-0.9.8j/test/Makefile.use-fipscheck openssl-0.9.8j/test/Makefile
|
|||
[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
|
||||
$(MAKE) -f $(TOP)/Makefile.shared -e \
|
||||
CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
|
||||
diff -up openssl-0.9.8j/Makefile.org.use-fipscheck openssl-0.9.8j/Makefile.org
|
||||
--- openssl-0.9.8j/Makefile.org.use-fipscheck 2009-02-02 13:24:36.000000000 +0100
|
||||
+++ openssl-0.9.8j/Makefile.org 2009-02-02 13:24:36.000000000 +0100
|
||||
diff -up openssl-0.9.8k/Makefile.org.use-fipscheck openssl-0.9.8k/Makefile.org
|
||||
--- openssl-0.9.8k/Makefile.org.use-fipscheck 2009-03-25 20:10:37.000000000 +0100
|
||||
+++ openssl-0.9.8k/Makefile.org 2009-03-25 20:10:37.000000000 +0100
|
||||
@@ -357,10 +357,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA
|
||||
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
|
||||
$(AR) libcrypto.a fips/fipscanister.o ; \
|
||||
|
|
@ -55,9 +55,9 @@ diff -up openssl-0.9.8j/Makefile.org.use-fipscheck openssl-0.9.8j/Makefile.org
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
|
||||
|
||||
Makefile: Makefile.org Configure config
|
||||
diff -up openssl-0.9.8j/fips/fips.c.use-fipscheck openssl-0.9.8j/fips/fips.c
|
||||
--- openssl-0.9.8j/fips/fips.c.use-fipscheck 2008-09-16 12:12:09.000000000 +0200
|
||||
+++ openssl-0.9.8j/fips/fips.c 2009-02-02 13:31:53.000000000 +0100
|
||||
diff -up openssl-0.9.8k/fips/fips.c.use-fipscheck openssl-0.9.8k/fips/fips.c
|
||||
--- openssl-0.9.8k/fips/fips.c.use-fipscheck 2008-09-16 12:12:09.000000000 +0200
|
||||
+++ openssl-0.9.8k/fips/fips.c 2009-03-25 20:10:37.000000000 +0100
|
||||
@@ -47,6 +47,7 @@
|
||||
*
|
||||
*/
|
||||
|
|
@ -326,9 +326,9 @@ diff -up openssl-0.9.8j/fips/fips.c.use-fipscheck openssl-0.9.8j/fips/fips.c
|
|||
|
||||
/* Generalized public key test routine. Signs and verifies the data
|
||||
* supplied in tbs using mesage digest md and setting option digest
|
||||
diff -up openssl-0.9.8j/fips/Makefile.use-fipscheck openssl-0.9.8j/fips/Makefile
|
||||
--- openssl-0.9.8j/fips/Makefile.use-fipscheck 2009-02-02 13:24:36.000000000 +0100
|
||||
+++ openssl-0.9.8j/fips/Makefile 2009-02-02 13:24:36.000000000 +0100
|
||||
diff -up openssl-0.9.8k/fips/Makefile.use-fipscheck openssl-0.9.8k/fips/Makefile
|
||||
--- openssl-0.9.8k/fips/Makefile.use-fipscheck 2009-03-25 20:10:37.000000000 +0100
|
||||
+++ openssl-0.9.8k/fips/Makefile 2009-03-25 20:16:09.000000000 +0100
|
||||
@@ -62,9 +62,9 @@ testapps:
|
||||
|
||||
all:
|
||||
|
|
@ -358,20 +358,27 @@ diff -up openssl-0.9.8j/fips/Makefile.use-fipscheck openssl-0.9.8j/fips/Makefile
|
|||
|
||||
libs:
|
||||
@target=lib; $(RECURSIVE_MAKE)
|
||||
@@ -195,10 +194,6 @@ install:
|
||||
@@ -195,17 +194,6 @@ install:
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
@target=install; $(RECURSIVE_MAKE)
|
||||
- @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
|
||||
- fips_premain.c.sha1 \
|
||||
- for i in $(EXE) ; \
|
||||
- do \
|
||||
- echo "installing $$i"; \
|
||||
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
||||
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
||||
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
|
||||
- done
|
||||
- cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
|
||||
- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
|
||||
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
|
||||
- chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
|
||||
|
||||
lint:
|
||||
@target=lint; $(RECURSIVE_MAKE)
|
||||
diff -up openssl-0.9.8j/fips/fips_locl.h.use-fipscheck openssl-0.9.8j/fips/fips_locl.h
|
||||
--- openssl-0.9.8j/fips/fips_locl.h.use-fipscheck 2008-09-16 12:12:10.000000000 +0200
|
||||
+++ openssl-0.9.8j/fips/fips_locl.h 2009-02-02 13:24:36.000000000 +0100
|
||||
diff -up openssl-0.9.8k/fips/fips_locl.h.use-fipscheck openssl-0.9.8k/fips/fips_locl.h
|
||||
--- openssl-0.9.8k/fips/fips_locl.h.use-fipscheck 2008-09-16 12:12:10.000000000 +0200
|
||||
+++ openssl-0.9.8k/fips/fips_locl.h 2009-03-25 20:10:37.000000000 +0100
|
||||
@@ -63,7 +63,9 @@ int fips_is_owning_thread(void);
|
||||
int fips_set_owning_thread(void);
|
||||
void fips_set_selftest_fail(void);
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
--- openssl-0.9.8b/crypto/x509/x509_cmp.c.name-cmp 2004-12-01 02:45:30.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/x509/x509_cmp.c 2006-11-30 23:37:26.000000000 +0100
|
||||
@@ -282,14 +282,7 @@
|
||||
diff -up openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp openssl-0.9.8k/crypto/x509/x509_cmp.c
|
||||
--- openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp 2009-02-15 13:10:39.000000000 +0100
|
||||
+++ openssl-0.9.8k/crypto/x509/x509_cmp.c 2009-03-25 20:04:41.000000000 +0100
|
||||
@@ -282,15 +282,7 @@ int X509_NAME_cmp(const X509_NAME *a, co
|
||||
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
|
||||
j=na->value->type-nb->value->type;
|
||||
if (j)
|
||||
|
|
@ -10,7 +11,8 @@
|
|||
- if (!(nabit & STR_TYPE_CMP) ||
|
||||
- !(nbbit & STR_TYPE_CMP))
|
||||
- return j;
|
||||
- j = asn1_string_memcmp(na->value, nb->value);
|
||||
- if (!asn1_string_memcmp(na->value, nb->value))
|
||||
- j = 0;
|
||||
- }
|
||||
+ return j;
|
||||
else if (na->value->type == V_ASN1_PRINTABLESTRING)
|
||||
16
openssl.spec
16
openssl.spec
|
|
@ -7,7 +7,7 @@
|
|||
# 0.9.7ef soversion = 5
|
||||
# 0.9.8ab soversion = 6
|
||||
# 0.9.8g soversion = 7
|
||||
# 0.9.8j + EAP-FAST soversion = 8
|
||||
# 0.9.8jk + EAP-FAST soversion = 8
|
||||
%define soversion 8
|
||||
|
||||
# Number of threads to spawn when testing some threading fixes.
|
||||
|
|
@ -22,8 +22,8 @@
|
|||
|
||||
Summary: A general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 0.9.8j
|
||||
Release: 10%{?dist}
|
||||
Version: 0.9.8k
|
||||
Release: 1%{?dist}
|
||||
# We remove certain patented algorithms from the openssl source tarball
|
||||
# with the hobble-openssl script which is included below.
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
|
|
@ -44,7 +44,7 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
|
|||
Patch7: openssl-0.9.8j-shlib-version.patch
|
||||
# Bug fixes
|
||||
Patch21: openssl-0.9.8b-aliasing-bug.patch
|
||||
Patch22: openssl-0.9.8b-x509-name-cmp.patch
|
||||
Patch22: openssl-0.9.8k-x509-name-cmp.patch
|
||||
Patch23: openssl-0.9.8g-default-paths.patch
|
||||
Patch24: openssl-0.9.8g-no-extssl.patch
|
||||
# Functionality changes
|
||||
|
|
@ -55,8 +55,8 @@ Patch35: openssl-0.9.8j-version-add-engines.patch
|
|||
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
|
||||
Patch39: openssl-0.9.8g-ipv6-apps.patch
|
||||
Patch40: openssl-0.9.8j-nocanister.patch
|
||||
Patch41: openssl-0.9.8j-use-fipscheck.patch
|
||||
Patch42: openssl-0.9.8j-fipscheck-hmac.patch
|
||||
Patch41: openssl-0.9.8k-use-fipscheck.patch
|
||||
Patch42: openssl-0.9.8k-fipscheck-hmac.patch
|
||||
Patch43: openssl-0.9.8j-evp-nonfips.patch
|
||||
Patch44: openssl-0.9.8j-kernel-fipsmode.patch
|
||||
Patch45: openssl-0.9.8j-env-nozlib.patch
|
||||
|
|
@ -408,6 +408,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Thu Mar 25 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-1
|
||||
- update to new upstream release (minor bug fixes, security
|
||||
fixes and machine code optimizations only)
|
||||
|
||||
* Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-10
|
||||
- move libraries to /usr/lib (#239375)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue