rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update to upstream version 1.1.0g

This commit is contained in:
Tomas Mraz 2017-11-03 16:57:03 +01:00
parent 50c1418e79
commit e85d72778f
9 changed files with 377 additions and 535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openssl-1.1.0-afalg-eventfd2.patch
View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.0b/engines/afalg/e_afalg.c.eventfd2 openssl-1.1.0b/engines/afalg/e_afalg.c
--- openssl-1.1.0b/engines/afalg/e_afalg.c.eventfd2 2016-09-26 11:46:07.000000000 +0200
+++ openssl-1.1.0b/engines/afalg/e_afalg.c 2016-10-11 10:56:00.884185249 +0200
@@ -104,7 +104,7 @@ static ossl_inline int io_setup(unsigned
static ossl_inline int eventfd(int n)
{
- return syscall(__NR_eventfd, n);
+ return syscall(__NR_eventfd2, n, 0);
}
static ossl_inline int io_destroy(aio_context_t ctx)

14
openssl-1.1.0-build.patch
View File

@ -38,12 +38,12 @@ diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configu
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt
--- openssl-1.1.0f/test/evptests.txt.build 2017-05-25 14:46:21.000000000 +0200
+++ openssl-1.1.0f/test/evptests.txt 2017-06-02 15:05:49.422161136 +0200
@@ -3690,14 +3690,6 @@ PublicKey=Bob-25519-PUBLIC
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
-----END PUBLIC KEY-----
diff -up openssl-1.1.0g/test/evptests.txt.build openssl-1.1.0g/test/evptests.txt
--- openssl-1.1.0g/test/evptests.txt.build 2017-11-02 15:29:05.000000000 +0100
+++ openssl-1.1.0g/test/evptests.txt 2017-11-03 16:37:01.253671494 +0100
@@ -3707,14 +3707,6 @@ MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+D
PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC
-Derive=Alice-25519
-PeerKey=Bob-25519-PUBLIC
@ -56,7 +56,7 @@ diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt
# Illegal sign/verify operations with X25519 key
Sign=Alice-25519
@@ -3710,6 +3702,14 @@ Result = KEYOP_INIT_ERROR
@@ -3727,6 +3719,14 @@ Result = KEYOP_INIT_ERROR
Function = EVP_PKEY_verify_init
Reason = operation not supported for this keytype

100
openssl-1.1.0-dtls-failure.patch
View File

@ -1,100 +0,0 @@
From 290cfa823fb3afea5b36ed17113ffb4f675d0165 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 20 Jun 2017 16:36:30 +0100
Subject: [PATCH] Fix DTLS failure when used in a build which has SCTP enabled
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
due to this clash, this wasn't the case. The BIO ended up going into peek
mode and was continually reading the same data over and over - throwing it
away as a replay.
Fixes #3723
---
crypto/bio/bss_dgram.c | 9 +++++++++
include/openssl/bio.h | 7 ++++---
ssl/statem/statem.c | 8 ++++----
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 7ef4281..4070f20 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -787,6 +787,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
ret = dgram_get_mtu_overhead(data);
break;
+
+ /*
+ * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+ * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+ * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+ * value has been updated to a non-clashing value. However to preserve
+ * binary compatiblity we now respond to both the old value and the new one
+ */
+ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
case BIO_CTRL_DGRAM_SET_PEEK_MODE:
data->peekmode = (unsigned int)num;
break;
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 0955b76..5f8f83a 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -126,11 +126,10 @@ extern "C" {
# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
-# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50
-
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
# ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
-# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51
# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52
# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53
@@ -143,6 +142,8 @@ extern "C" {
# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70
# endif
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71
+
/* modifiers */
# define BIO_FP_READ 0x02
# define BIO_FP_WRITE 0x04
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 52beac7..9eab8ce 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -300,10 +300,10 @@ static int state_machine(SSL *s, int server)
return -1;
}
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to enter handshake mode and prevent stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
@@ -421,10 +421,10 @@ static int state_machine(SSL *s, int server)
st->in_handshake--;
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to leave handshake mode and allow stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
--
2.9.3

626
openssl-1.1.0-fips.patch
View File

File diff suppressed because it is too large Load Diff

40
openssl-1.1.0-manfix.patch
View File

@ -1,7 +1,7 @@
diff -up openssl-1.1.0-pre5/doc/apps/ec.pod.manfix openssl-1.1.0-pre5/doc/apps/ec.pod
--- openssl-1.1.0-pre5/doc/apps/ec.pod.manfix 2016-04-19 16:57:55.000000000 +0200
+++ openssl-1.1.0-pre5/doc/apps/ec.pod 2016-07-20 15:13:07.874678467 +0200
@@ -100,10 +100,6 @@ prints out the public, private key compo
diff -up openssl-1.1.0g/doc/apps/ec.pod.manfix openssl-1.1.0g/doc/apps/ec.pod
--- openssl-1.1.0g/doc/apps/ec.pod.manfix 2017-11-02 15:29:04.000000000 +0100
+++ openssl-1.1.0g/doc/apps/ec.pod 2017-11-03 16:09:31.714027145 +0100
@@ -101,10 +101,6 @@ prints out the public, private key compo
this option prevents output of the encoded version of the key.
@ -12,10 +12,10 @@ diff -up openssl-1.1.0-pre5/doc/apps/ec.pod.manfix openssl-1.1.0-pre5/doc/apps/e
=item B<-pubin>
by default a private key is read from the input file: with this option a
diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/apps/openssl.pod
--- openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix 2016-04-19 16:57:55.000000000 +0200
+++ openssl-1.1.0-pre5/doc/apps/openssl.pod 2016-07-20 15:14:57.596163046 +0200
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
diff -up openssl-1.1.0g/doc/apps/openssl.pod.manfix openssl-1.1.0g/doc/apps/openssl.pod
--- openssl-1.1.0g/doc/apps/openssl.pod.manfix 2017-11-02 15:29:04.000000000 +0100
+++ openssl-1.1.0g/doc/apps/openssl.pod 2017-11-03 16:11:48.478245311 +0100
@@ -170,7 +170,7 @@ Create or examine a Netscape certificate
Online Certificate Status Protocol utility.
@ -24,7 +24,7 @@ diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/a
Generation of hashed passwords.
@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
@@ -198,7 +198,7 @@ Public key algorithm parameter managemen
Public key algorithm cryptographic operation utility.
@ -33,15 +33,19 @@ diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/a
Generate pseudo-random bytes.
@@ -401,9 +401,9 @@ L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
L<enc(1)>, L<engine(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<openssl(1)>,
@@ -432,13 +432,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
L<ec(1)>, L<ecparam(1)>,
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
-L<passwd(1)>,
+L<sslpasswd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
-L<rand(1)>, L<req(1)>, L<rsa(1)>,
+L<sslrand(1)>, L<req(1)>, L<rsa(1)>,
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>,
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
L<s_server(1)>, L<s_time(1)>,
L<smime(1)>, L<spkac(1)>,
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
L<smime(1)>, L<speed(1)>, L<spkac(1)>,
+L<sslpasswd(1)>, L<sslrand(1)>,
L<ts(1)>,
L<verify(1)>, L<version(1)>, L<x509(1)>,
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

10
openssl-1.1.0-no-weak-verify.patch
View File

@ -1,6 +1,6 @@
diff -up openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.0f/crypto/asn1/a_verify.c
--- openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify 2017-05-25 14:46:18.000000000 +0200
+++ openssl-1.1.0f/crypto/asn1/a_verify.c 2017-06-26 16:26:49.496989272 +0200
diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/crypto/asn1/a_verify.c
--- openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify 2017-11-02 15:29:02.000000000 +0100
+++ openssl-1.1.0g/crypto/asn1/a_verify.c 2017-11-03 16:15:46.125801341 +0100
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
@ -10,8 +10,8 @@ diff -up openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.0f/cry
+
#include <stdio.h>
#include <time.h>
@@ -129,6 +132,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
#include <sys/types.h>
@@ -126,6 +129,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
if (ret != 2)
goto err;
ret = -1;

44
openssl-1.1.0-secure-getenv.patch
View File

@ -1,6 +1,6 @@
diff -up openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0b/crypto/conf/conf_api.c
--- openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
+++ openssl-1.1.0b/crypto/conf/conf_api.c 2016-09-26 15:19:19.420705501 +0200
diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c
--- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100
+++ openssl-1.1.0g/crypto/conf/conf_api.c 2017-11-03 16:12:31.826265323 +0100
@@ -9,6 +9,8 @@
/* Part of the code in here was originally in conf.c, which is now removed */
@ -28,9 +28,9 @@ diff -up openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0b/cryp
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
diff -up openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0b/crypto/conf/conf_mod.c
--- openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
+++ openssl-1.1.0b/crypto/conf/conf_mod.c 2016-09-26 15:19:19.421705524 +0200
diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c
--- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100
+++ openssl-1.1.0g/crypto/conf/conf_mod.c 2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@ -49,9 +49,9 @@ diff -up openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0b/cryp
if (file)
return OPENSSL_strdup(file);
diff -up openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0b/crypto/engine/eng_list.c
--- openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
+++ openssl-1.1.0b/crypto/engine/eng_list.c 2016-09-26 15:19:19.421705524 +0200
diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c
--- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100
+++ openssl-1.1.0g/crypto/engine/eng_list.c 2017-11-03 16:12:31.827265347 +0100
@@ -13,6 +13,8 @@
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
@ -70,9 +70,9 @@ diff -up openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0b/cr
load_dir = ENGINESDIR;
iterator = ENGINE_by_id("dynamic");
if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/crypto/rand/randfile.c
--- openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
+++ openssl-1.1.0b/crypto/rand/randfile.c 2016-09-26 15:22:17.427882518 +0200
diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c
--- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100
+++ openssl-1.1.0g/crypto/rand/randfile.c 2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@ -82,7 +82,7 @@ diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/cryp
#include "internal/cryptlib.h"
#include <errno.h>
@@ -319,10 +321,10 @@ const char *RAND_file_name(char *buf, si
@@ -317,10 +319,10 @@ const char *RAND_file_name(char *buf, si
if (OPENSSL_issetugid() != 0) {
use_randfile = 0;
} else {
@ -95,9 +95,9 @@ diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/cryp
}
}
#endif
diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto/x509/by_dir.c
--- openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv 2016-09-26 11:46:06.000000000 +0200
+++ openssl-1.1.0b/crypto/x509/by_dir.c 2016-09-26 15:19:19.421705524 +0200
diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c
--- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100
+++ openssl-1.1.0g/crypto/x509/by_dir.c 2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@ -107,7 +107,7 @@ diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto
#include <stdio.h>
#include <time.h>
#include <errno.h>
@@ -80,7 +82,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
@ -116,9 +116,9 @@ diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
else
diff -up openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv openssl-1.1.0b/crypto/x509/by_file.c
--- openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv 2016-09-26 11:46:06.000000000 +0200
+++ openssl-1.1.0b/crypto/x509/by_file.c 2016-09-26 15:19:19.421705524 +0200
diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c
--- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100
+++ openssl-1.1.0g/crypto/x509/by_file.c 2017-11-03 16:14:13.230649686 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@ -132,8 +132,8 @@ diff -up openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv openssl-1.1.0b/crypt
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = (char *)getenv(X509_get_default_cert_file_env());
+ file = (char *)secure_getenv(X509_get_default_cert_file_env());
- file = getenv(X509_get_default_cert_file_env());
+ file = secure_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);

48
openssl-1.1.0-thread-local.patch
View File

@ -1,48 +0,0 @@
From c8ec34109cab8c92685958ddfef0776a4b3b8460 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Wed, 31 May 2017 12:14:55 -0400
Subject: [PATCH] Only release thread-local key if we created it.
Thanks to Jan Alexander Steffens for finding the bug and confirming the
fix.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3592)
(cherry picked from commit 73bc53708c386c1ea85941d345721e23dc61c05c)
---
crypto/err/err.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index f866f2f..c55f849 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
#endif
static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
+static int set_err_thread_local;
static CRYPTO_THREAD_LOCAL err_thread_local;
static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
void err_cleanup(void)
{
- CRYPTO_THREAD_cleanup_local(&err_thread_local);
+ if (set_err_thread_local != 0)
+ CRYPTO_THREAD_cleanup_local(&err_thread_local);
CRYPTO_THREAD_lock_free(err_string_lock);
err_string_lock = NULL;
}
@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid)
DEFINE_RUN_ONCE_STATIC(err_do_init)
{
+ set_err_thread_local = 1;
return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
}
--
2.9.3

18
openssl.spec
View File

@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.0f
Release: 9%{?dist}
Version: 1.1.0g
Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -58,12 +58,9 @@ Patch39: openssl-1.1.0-cc-reqs.patch
Patch40: openssl-1.1.0-disable-ssl3.patch
Patch41: openssl-1.1.0-system-cipherlist.patch
Patch42: openssl-1.1.0-fips.patch
Patch43: openssl-1.1.0-afalg-eventfd2.patch
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
Patch45: openssl-1.1.0-weak-ciphers.patch
# Backported fixes including security fixes
Patch70: openssl-1.1.0-thread-local.patch
Patch71: openssl-1.1.0-dtls-failure.patch
License: OpenSSL
Group: System Environment/Libraries
@ -157,18 +154,14 @@ cp %{SOURCE13} test/
%patch35 -p1 -b .chil
%patch36 -p1 -b .secure-getenv
%patch37 -p1 -b .curves
%patch38 -p1 -b .no-md5-verify
%patch38 -p1 -b .no-weak-verify
%patch39 -p1 -b .cc-reqs
%patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist
%patch42 -p1 -b .fips
%patch43 -p1 -b .eventfd2
%patch44 -p1 -b .preserve-nl
%patch45 -p1 -b .weak-ciphers
%patch70 -p1 -b .thread-local
%patch71 -p1 -b .dtls-failure
%build
# Figure out which flags we want to use.
# default
@ -235,6 +228,8 @@ sslarch=linux-generic64
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
export HASHBANGPERL=/usr/bin/perl
# ia64, x86_64, ppc are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
@ -436,6 +431,9 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
* Fri Nov 3 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-1
- update to upstream version 1.1.0g
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0f-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild