pool/openssl
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 36001 from Base:System

Browse Source 
Copy from Base:System/openssl based on submit request 36001 from user msmeissn

OBS-URL: https://build.opensuse.org/request/show/36001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=32
This commit is contained in:
OBS User autobuild 2010-03-31 17:35:44 +00:00 committed by Git OBS Bridge
parent 3be4b95390
commit 9586798e06
18 changed files with 146 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bswap.diff
View File

@ -1,13 +0,0 @@
Index: crypto/camellia/cmll_locl.h
===================================================================
--- crypto/camellia/cmll_locl.h.orig
+++ crypto/camellia/cmll_locl.h
@@ -97,7 +97,7 @@ extern "C" {
(ct)[2] = (u8)((st) >> 8); \
(ct)[3] = (u8)(st); }
-#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
+#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64) || defined(i386)))
#define CAMELLIA_SWAP4(x) \
do{\
asm("bswap %1" : "+r" (x));\

27
bug-526319_openssl-0.9.8k-no-extssl.patch
View File

@ -1,27 +0,0 @@
diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200
+++ openssl-0.9.8g/ssl/t1_lib.c 2008-08-10 21:42:11.000000000 +0200
@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
int extdatalen=0;
unsigned char *ret = p;
+ if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
+ {
+ return ret;
+ }
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -202,6 +207,11 @@ unsigned char *ssl_add_serverhello_tlsex
int extdatalen=0;
unsigned char *ret = p;
+ if (s->version != TLS1_VERSION && s->version != DTLS1_VERSION)
+ {
+ return ret;
+ }
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */

31
disable-optimization-for-s390x.diff
View File

@ -1,31 +0,0 @@
Index: crypto/ripemd/Makefile
===================================================================
--- crypto/ripemd/Makefile.orig
+++ crypto/ripemd/Makefile
@@ -13,7 +13,7 @@ AR= ar r
RIP_ASM_OBJ=
-CFLAGS= $(INCLUDES) $(CFLAG)
+CFLAGS= $(INCLUDES) $(CFLAG) -O0
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
Index: crypto/md4/Makefile
===================================================================
--- crypto/md4/Makefile.orig
+++ crypto/md4/Makefile
@@ -7,11 +7,11 @@ TOP= ../..
CC= cc
CPP= $(CC) -E
INCLUDES=
-CFLAG=-g
+CFLAG=-g
MAKEFILE= Makefile
AR= ar r
-CFLAGS= $(INCLUDES) $(CFLAG)
+CFLAGS= $(INCLUDES) $(CFLAG) -O0
GENERAL=Makefile
TEST=md4test.c

13
func-parm-err.patch
View File

@ -1,13 +0,0 @@
Index: openssl-0.9.8k/crypto/x509/x509_att.c
===================================================================
--- openssl-0.9.8k.orig/crypto/x509/x509_att.c
+++ openssl-0.9.8k/crypto/x509/x509_att.c
@@ -312,7 +312,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB
if(!(ttmp = ASN1_TYPE_new())) goto err;
if ((len == -1) && !(attrtype & MBSTRING_FLAG))
{
- if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ if (!ASN1_TYPE_set1(ttmp, attrtype, stmp))
goto err;
}
else

99
merge_from_0_9_8k.patch Normal file
View File

@ -0,0 +1,99 @@
Index: openssl-0.9.8m/Configure
===================================================================
--- openssl-0.9.8m.orig/Configure
+++ openssl-0.9.8m/Configure
@@ -874,7 +874,7 @@ PROCESS_ARGS:
}
else
{
- die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+ warn "target already defined - $target (offending arg: $_)\n" if ($target ne "");
$target=$_;
}
@@ -1123,7 +1123,7 @@ else { $lflags=$prelflags; undef $pre
my $no_shared_warn=0;
my $no_user_cflags=0;
-if ($flags ne "") { $cflags="$flags$cflags"; }
+if ($flags ne "") { $cflags="$cflags $flags"; }
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
Index: openssl-0.9.8m/config
===================================================================
--- openssl-0.9.8m.orig/config
+++ openssl-0.9.8m/config
@@ -526,7 +526,8 @@ case "$GUESSOS" in
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
alpha-*-linux2)
- ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+ #ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+ ISA=EV56
case ${ISA:-generic} in
*[678]) OUT="linux-alpha+bwx-$CC" ;;
*) OUT="linux-alpha-$CC" ;;
@@ -546,7 +547,8 @@ case "$GUESSOS" in
echo " You have about 5 seconds to press Ctrl-C to abort."
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
- OUT="linux-ppc"
+ # we have the target and force it here
+ OUT="linux-ppc64"
;;
ppc-*-linux2) OUT="linux-ppc" ;;
ia64-*-linux?) OUT="linux-ia64" ;;
@@ -562,10 +564,10 @@ case "$GUESSOS" in
sparc-*-linux2)
KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
case ${KARCH:-sun4} in
- sun4u*) OUT="linux-sparcv9" ;;
- sun4m) OUT="linux-sparcv8" ;;
- sun4d) OUT="linux-sparcv8" ;;
- *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+# sun4u*) OUT="linux-sparcv9" ;;
+# sun4m) OUT="linux-sparcv8" ;;
+# sun4d) OUT="linux-sparcv8" ;;
+ *) OUT="linux-sparcv8" ;;
esac ;;
parisc*-*-linux2)
# 64-bit builds under parisc64 linux are not supported and
@@ -584,7 +586,11 @@ case "$GUESSOS" in
# PA8500 -> 8000 (2.0)
# PA8600 -> 8000 (2.0)
- CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
+ # CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
+ # lets have CPUSCHEDULE for 1.1:
+ CPUSCHEDULE=7100LC
+ # we want to support 1.1 CPUs as well:
+ CPUARCH=1.1
# Finish Model transformations
options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
Index: openssl-0.9.8m/crypto/camellia/cmll_locl.h
===================================================================
--- openssl-0.9.8m.orig/crypto/camellia/cmll_locl.h
+++ openssl-0.9.8m/crypto/camellia/cmll_locl.h
@@ -97,7 +97,7 @@ extern "C" {
(ct)[2] = (u8)((st) >> 8); \
(ct)[3] = (u8)(st); }
-#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
+#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64) || defined(i386)))
#define CAMELLIA_SWAP4(x) \
do{\
asm("bswap %1" : "+r" (x));\
Index: openssl-0.9.8m/crypto/perlasm/x86unix.pl
===================================================================
--- openssl-0.9.8m.orig/crypto/perlasm/x86unix.pl
+++ openssl-0.9.8m/crypto/perlasm/x86unix.pl
@@ -557,6 +557,7 @@ sub main'file_end
push(@out,$const);
$const="";
}
+ push(@out, ".section .note.GNU-stack,\"\",\@progbits");
}
sub main'data_byte

12
non-exec-stack.diff
View File

@ -1,12 +0,0 @@
Index: crypto/perlasm/x86unix.pl
===================================================================
--- crypto/perlasm/x86unix.pl.orig
+++ crypto/perlasm/x86unix.pl
@@ -557,6 +557,7 @@ sub main'file_end
push(@out,$const);
$const="";
}
+ push(@out, ".section .note.GNU-stack,\"\",\@progbits");
}
sub main'data_byte

12
openssl-0.9.6g-alpha.diff
View File

@ -1,12 +0,0 @@
--- openssl-0.9.8a/config
+++ openssl-0.9.8a/config
@@ -520,7 +520,8 @@
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
alpha-*-linux2)
- ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+ #ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+ ISA=EV56
case ${ISA:-generic} in
*[678]) OUT="linux-alpha+bwx-$CC" ;;
*) OUT="linux-alpha-$CC" ;;

12
openssl-0.9.7f-ppc64.diff
View File

@ -1,12 +0,0 @@
--- openssl-0.9.8a/config
+++ openssl-0.9.8a/config
@@ -540,7 +540,8 @@
echo " You have about 5 seconds to press Ctrl-C to abort."
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
- OUT="linux-ppc"
+ # we have the target and force it here
+ OUT="linux-ppc64"
;;
ppc-*-linux2) OUT="linux-ppc" ;;
ia64-*-linux?) OUT="linux-ia64" ;;

11
openssl-0.9.8-flags-priority.dif
View File

@ -1,11 +0,0 @@
--- openssl-0.9.8/Configure.orig 2005-07-05 01:24:11.000000000 +0200
+++ openssl-0.9.8/Configure 2005-07-06 15:16:50.481056819 +0200
@@ -957,7 +957,7 @@
my $no_shared_warn=0;
my $no_user_cflags=0;
-if ($flags ne "") { $cflags="$flags$cflags"; }
+if ($flags ne "") { $cflags="$cflags $flags"; }
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through

17
openssl-0.9.8-sparc.dif
View File

@ -1,17 +0,0 @@
--- openssl-0.9.8/config.orig 2005-06-26 20:10:20.000000000 +0200
+++ openssl-0.9.8/config 2005-07-06 15:03:56.144875647 +0200
@@ -558,10 +558,10 @@
sparc-*-linux2)
KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
case ${KARCH:-sun4} in
- sun4u*) OUT="linux-sparcv9" ;;
- sun4m) OUT="linux-sparcv8" ;;
- sun4d) OUT="linux-sparcv8" ;;
- *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+# sun4u*) OUT="linux-sparcv9" ;;
+# sun4m) OUT="linux-sparcv8" ;;
+# sun4d) OUT="linux-sparcv8" ;;
+ *) OUT="linux-sparcv8" ;;
esac ;;
parisc*-*-linux2)
# 64-bit builds under parisc64 linux are not supported and

12
openssl-0.9.8a.ca-app-segfault.bug128655.dif
View File

@ -1,12 +0,0 @@
--- openssl-0.9.8a/apps/ca.c
+++ openssl-0.9.8a/apps/ca.c
@@ -1515,7 +1515,8 @@
if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
- free_index(db);
+ if (db)
+ free_index(db);
EVP_PKEY_free(pkey);
if (x509) X509_free(x509);
X509_CRL_free(crl);

3
openssl-0.9.8k.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b51b8d0974be7936545020c096fe6e3bf454fdcc7bf798f7c01c46d492c7438c
size 3092074

3
openssl-0.9.8m.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4752c8fb0de6225d0a714183f23e23fd57752bcb908cba93f0adf15d4319cd80
size 2968475

17
openssl-CVE-2010-0740.patch Normal file
View File

@ -0,0 +1,17 @@
Index: openssl-0.9.8m/ssl/s3_pkt.c
===================================================================
--- openssl-0.9.8m.orig/ssl/s3_pkt.c
+++ openssl-0.9.8m/ssl/s3_pkt.c
@@ -291,9 +291,9 @@ again:
if (version != s->version)
{
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- /* Send back error using their
- * version number :-) */
- s->version=version;
+ if ((s->version & 0xFF00) == (version & 0xFF00))
+ /* Send back error using their minor version number :-) */
+ s->version = (unsigned short)version;
al=SSL_AD_PROTOCOL_VERSION;
goto f_err;
}

17
openssl-allow-arch.diff
View File

@ -1,17 +0,0 @@
---
Configure | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: openssl-0.9.8k/Configure
===================================================================
--- openssl-0.9.8k.orig/Configure
+++ openssl-0.9.8k/Configure
@@ -857,7 +857,7 @@ PROCESS_ARGS:
}
else
{
- die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+ warn "target already defined - $target (offending arg: $_)\n" if ($target ne "");
$target=$_;
}

15
openssl-hppa-config.diff
View File

@ -1,15 +0,0 @@
--- config
+++ config
@@ -579,7 +579,11 @@
# PA8500 -> 8000 (2.0)
# PA8600 -> 8000 (2.0)
- CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
+ # CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
+ # lets have CPUSCHEDULE for 1.1:
+ CPUSCHEDULE=7100LC
+ # we want to support 1.1 CPUs as well:
+ CPUARCH=1.1
# Finish Model transformations
options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"

20
openssl.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Thu Mar 25 02:18:22 UTC 2010 - gjhe@novell.com
- fix security bug [bnc#590833]
CVE-2010-0740
-------------------------------------------------------------------
Mon Mar 22 06:29:14 UTC 2010 - gjhe@novell.com
- update to version 0.9.8m
Merge the following patches from 0.9.8k:
bswap.diff
non-exec-stack.diff
openssl-0.9.6g-alpha.diff
openssl-0.9.7f-ppc64.diff
openssl-0.9.8-flags-priority.dif
openssl-0.9.8-sparc.dif
openssl-allow-arch.diff
openssl-hppa-config.diff
-------------------------------------------------------------------
Fri Feb 5 01:24:55 UTC 2010 - jengelh@medozas.de

41
openssl.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package openssl (Version 0.9.8k)
# spec file for package openssl (Version 0.9.8m)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -31,29 +31,15 @@ AutoReqProv: on
Obsoletes: openssl-64bit
%endif
#
Version: 0.9.8k
Release: 5
Version: 0.9.8m
Release: 1
Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
Source2: baselibs.conf
Source10: README.SuSE
Patch0: openssl-0.9.8-sparc.dif
Patch1: openssl-0.9.8-flags-priority.dif
Patch2: non-exec-stack.diff
Patch3: openssl-0.9.7f-ppc64.diff
Patch4: openssl-hppa-config.diff
Patch5: openssl-0.9.6g-alpha.diff
# http://www-124.ibm.com/developerworks/projects/libica/
#Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2
Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif
Patch7: bswap.diff
Patch8: func-parm-err.patch
%ifarch s390x
Patch9: disable-optimization-for-s390x.diff
%endif
Patch10: bug-526319_openssl-0.9.8k-no-extssl.patch
Patch11: openssl-allow-arch.diff
Patch0: merge_from_0_9_8k.patch
Patch1: openssl-CVE-2010-0740.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -181,21 +167,8 @@ Authors:
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2
%patch3 -p1
%patch4
%patch5 -p1
#%patch10 -p1
%patch6 -p1
%patch7
%patch8 -p1
%ifarch s390x
%patch9
%endif
%patch10 -p1
%patch -P 11 -p1
%patch0 -p1
%patch1 -p1
cp -p %{S:10} .
# lib64 installation fixes
for i in Makefile.org engines/Makefile; do