testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity

Accepting request 213629 from Base:System

Browse Source 
Remove GCC option -O3 for compiliation issue of ARM version; Modify: openssl.spec (forwarded request 213627 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/213629
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=107
This commit is contained in:
Stephan Kulow 2014-01-17 10:05:16 +00:00 committed by Git OBS Bridge
parent d3d7dacdf7
commit bcd15fd76a
14 changed files with 2260 additions and 2147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
CVE-2013-6449.patch
View File

@ -1,77 +0,0 @@
Index: openssl-1.0.1e/ssl/s3_lib.c
===================================================================
--- openssl-1.0.1e.orig/ssl/s3_lib.c
+++ openssl-1.0.1e/ssl/s3_lib.c
@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+ if (s->method->version == TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;
Index: openssl-1.0.1e/ssl/s3_both.c
===================================================================
--- openssl-1.0.1e.orig/ssl/s3_both.c
+++ openssl-1.0.1e/ssl/s3_both.c
@@ -161,6 +161,10 @@ int ssl3_send_finished(SSL *s, int a, in
i=s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.finish_md);
+
+ if (i == 0)
+ return 0;
+
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p+=i;
Index: openssl-1.0.1e/ssl/s3_pkt.c
===================================================================
--- openssl-1.0.1e.orig/ssl/s3_pkt.c
+++ openssl-1.0.1e/ssl/s3_pkt.c
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
slen=s->method->ssl3_enc->client_finished_label_len;
}
- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+ i = s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.peer_finish_md);
+ if (i == 0)
+ {
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ s->s3->tmp.peer_finish_md_len = i;
return(1);
}
Index: openssl-1.0.1e/ssl/t1_enc.c
===================================================================
--- openssl-1.0.1e.orig/ssl/t1_enc.c
+++ openssl-1.0.1e/ssl/t1_enc.c
@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
if (mask & ssl_get_algorithm2(s))
{
int hashsize = EVP_MD_size(md);
- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
{
/* internal error: 'buf' is too small for this cipersuite! */
err = 1;
}
else
{
- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
- EVP_DigestFinal_ex(&ctx,q,&i);
- if (i != (unsigned int)hashsize) /* can't really happen */
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+ !EVP_DigestFinal_ex(&ctx,q,&i) ||
+ (i != (unsigned int)hashsize))
err = 1;
- q+=i;
+ q+=hashsize;
}
}
}

60
CVE-2013-6450.patch
View File

@ -1,60 +0,0 @@
Index: openssl-1.0.1e/ssl/d1_both.c
===================================================================
--- openssl-1.0.1e.orig/ssl/d1_both.c
+++ openssl-1.0.1e/ssl/d1_both.c
@@ -214,6 +214,11 @@ dtls1_hm_fragment_new(unsigned long frag
static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
+ if (frag->msg_header.is_ccs)
+ {
+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+ }
if (frag->fragment) OPENSSL_free(frag->fragment);
if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
Index: openssl-1.0.1e/ssl/ssl_locl.h
===================================================================
--- openssl-1.0.1e.orig/ssl/ssl_locl.h
+++ openssl-1.0.1e/ssl/ssl_locl.h
@@ -625,6 +625,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
+
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
Index: openssl-1.0.1e/ssl/t1_enc.c
===================================================================
--- openssl-1.0.1e.orig/ssl/t1_enc.c
+++ openssl-1.0.1e/ssl/t1_enc.c
@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
- if (s->enc_write_ctx != NULL)
+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ if (SSL_IS_DTLS(s))
+ {
+ mac_ctx = EVP_MD_CTX_create();
+ if (!mac_ctx)
+ goto err;
+ s->write_hash = mac_ctx;
+ }
+ else
+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{

38
README-FIPS.txt
View File

@ -51,15 +51,15 @@ differences.
The cryptographic module as defined for FIPS-140-2 is contained in the files
/usr/lib64/.libcrypto.so.1.0.0.hmac
/usr/lib64/.libssl.so.1.0.0.hmac
/usr/lib64/libcrypto.so.1.0.0
/usr/lib64/libssl.so.1.0.0
/lib64/.libcrypto.so.1.0.0.hmac
/lib64/.libssl.so.1.0.0.hmac
/lib64/libcrypto.so.1.0.0
/lib64/libssl.so.1.0.0
for 64bit operation and
/usr/lib/.libcrypto.so.1.0.0.hmac
/usr/lib/.libssl.so.1.0.0.hmac
/usr/lib/libcrypto.so.1.0.0
/usr/lib/libssl.so.1.0.0
/lib/.libcrypto.so.1.0.0.hmac
/lib/.libssl.so.1.0.0.hmac
/lib/libcrypto.so.1.0.0
/lib/libssl.so.1.0.0
for 32bit.
The .hmac files contain a HMAC for the internal integrity checking. They
@ -197,26 +197,26 @@ openssl
libopenssl1_0_0
- files:
/usr/lib64/libcrypto.so.1.0.0
/usr/lib64/libssl.so.1.0.0
/usr/lib64/engines
/usr/lib64/engines/libcapi.so
/usr/lib64/engines/libgmp.so
/usr/lib64/engines/libgost.so
/usr/lib64/engines/libpadlock.so
/lib64/libcrypto.so.1.0.0
/lib64/libssl.so.1.0.0
/lib64/engines
/lib64/engines/libcapi.so
/lib64/engines/libgmp.so
/lib64/engines/libgost.so
/lib64/engines/libpadlock.so
libopenssl1_0_0-hmac
- files:
/usr/lib64/.libcrypto.so.1.0.0.hmac
/usr/lib64/.libssl.so.1.0.0.hmac
/lib64/.libcrypto.so.1.0.0.hmac
/lib64/.libssl.so.1.0.0.hmac
libopenssl1_0_0-32bit
- files as in package libopenssl1_0_0, but in /usr/lib/.
- files as in package libopenssl1_0_0, but in /lib/.
The .so libraries are for the 32bit compatibility mode of the
openssl library.
libopenssl1_0_0-hmac-32bit
- files as in package libopenssl1_0_0-hmac, but in /usr/lib/.
- files as in package libopenssl1_0_0-hmac, but in /lib/.
libopenssl-devel
- header files and static libraries for compiling applications with the

15
SSL_get_certificate-broken.patch
View File

@ -1,15 +0,0 @@
Index: openssl-1.0.1e/ssl/ssl_lib.c
===================================================================
--- openssl-1.0.1e.orig/ssl/ssl_lib.c
+++ openssl-1.0.1e/ssl/ssl_lib.c
@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
- if (s->server)
- return(ssl_get_server_send_cert(s));
- else if (s->cert != NULL)
+ if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);

26
openssl-1.0.1e-bnc822642.patch
View File

@ -1,26 +0,0 @@
commit 9fe4603b8245425a4c46986ed000fca054231253
Author: David Woodhouse <dwmw2@infradead.org>
Date: Tue Feb 12 14:55:32 2013 +0000
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
PR:2984
(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 02edf3f..443a31e 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
{
/* These lengths are all public so we can test them in
* non-constant time.

3538
openssl-1.0.1e-fips.patch
View File

File diff suppressed because it is too large Load Diff

3
openssl-1.0.1e.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
size 4459777

11
openssl-1.0.1e.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUAURkNmqLSm3vylcdZAQIW+QgAvzzm4hlt+QUHVLkMW0eiiJeTk+ZNqAAe
ver8u+JwEGUiNA2Tq0/9n+/vmLlAC48lRiZpviVAq3olbmmEWi4FrsToEoNOp9Ho
tr++fq4kGcLSnqRu6gy4unJZVy9U1RZRGCxESTI5nvsneLQGs34lpBxRpQ/Q0Iqg
h3NZJkdbX5oL+pKgEtQV25HFoKnEWe1mqVkTZPaTE4mfSr3Uc0+NjOkKaxm5ud+9
CZBSqesMPohUWo8Fm9BxkCZuZ6SwTUWHUzZvODANp8VyjderZdWhVlGc6E0zV6SU
TlmjCpOblE7CP26QC+SttDRx8nM+Qd5HTLq10ciX1UX1YD8n4XtRFg==
=IVUi
-----END PGP SIGNATURE-----

3
openssl-1.0.1f.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
size 4509212

11
openssl-1.0.1f.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUAUsq/WqLSm3vylcdZAQI63Af8DQSLbopKVXumiTiK0dAtXU+FwGl3FSXE
KKJgpfMdPPTSn/kdcmh4LXv4rFae5gNn0GEpEMlcLPxJSSauo8CO9xfYzA2Y1POE
bL9qemk7B/g/i2WZi6gTVP0/38/qRBh/3WyR94iVplZm5P8e+7bXqoHDEBtNMew1
YcalGMgd/1ajvGo9+Y6qHHSNVu2FfSLQ7vqeurTHgo9c2ZhvDEsw/rQjqn7oQ3c7
mz2qTYbgJ1+cikue47E0T0mQFv/my9flG6Bu63vhyioNZUxR5QVluuqAoLUAuM7h
xdJ8fVXMmqbLdr3ZQsCkdHeDQgke/FRVgyvzAdt7ensZoFSshfXcJw==
=exdx
-----END PGP SIGNATURE-----

445
openssl-fix-pod-syntax.diff
View File

@ -34,33 +34,35 @@ content-type: text/plain; charset="utf-8"
Content-Length: 12835
---
doc/apps/cms.pod | 12 ++++++------
doc/apps/smime.pod | 12 ++++++------
doc/crypto/OPENSSL_ia32cap.pod | 10 +++++++++-
doc/ssl/SSL_COMP_add_compression_method.pod | 4 ++--
doc/ssl/SSL_CTX_add_session.pod | 4 ++--
doc/ssl/SSL_CTX_load_verify_locations.pod | 4 ++--
doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 ++--
doc/ssl/SSL_CTX_set_session_id_context.pod | 4 ++--
doc/ssl/SSL_CTX_set_ssl_version.pod | 4 ++--
doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 2 +-
doc/ssl/SSL_accept.pod | 4 ++--
doc/ssl/SSL_clear.pod | 4 ++--
doc/ssl/SSL_connect.pod | 4 ++--
doc/ssl/SSL_do_handshake.pod | 4 ++--
doc/ssl/SSL_read.pod | 2 +-
doc/ssl/SSL_session_reused.pod | 4 ++--
doc/ssl/SSL_set_fd.pod | 4 ++--
doc/ssl/SSL_set_session.pod | 4 ++--
doc/ssl/SSL_set_shutdown.pod | 2 +-
doc/ssl/SSL_shutdown.pod | 4 ++--
doc/ssl/SSL_write.pod | 2 +-
21 files changed, 53 insertions(+), 45 deletions(-)
doc/apps/cms.pod | 12 ++++++------
doc/apps/smime.pod | 12 ++++++------
doc/apps/ts.pod | 6 +++---
doc/crypto/OPENSSL_ia32cap.pod | 4 ++++
doc/crypto/rand.pod | 14 +++++++-------
doc/ssl/SSL_COMP_add_compression_method.pod | 4 ++--
doc/ssl/SSL_CTX_add_session.pod | 4 ++--
doc/ssl/SSL_CTX_load_verify_locations.pod | 4 ++--
doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 ++--
doc/ssl/SSL_CTX_set_session_id_context.pod | 4 ++--
doc/ssl/SSL_CTX_set_ssl_version.pod | 4 ++--
doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 2 +-
doc/ssl/SSL_accept.pod | 4 ++--
doc/ssl/SSL_clear.pod | 4 ++--
doc/ssl/SSL_connect.pod | 4 ++--
doc/ssl/SSL_do_handshake.pod | 4 ++--
doc/ssl/SSL_read.pod | 2 +-
doc/ssl/SSL_session_reused.pod | 4 ++--
doc/ssl/SSL_set_fd.pod | 4 ++--
doc/ssl/SSL_set_session.pod | 4 ++--
doc/ssl/SSL_set_shutdown.pod | 2 +-
doc/ssl/SSL_shutdown.pod | 6 +++---
doc/ssl/SSL_write.pod | 2 +-
23 files changed, 59 insertions(+), 55 deletions(-)
Index: openssl-1.0.1e/doc/apps/cms.pod
Index: openssl-1.0.1f/doc/apps/cms.pod
===================================================================
--- openssl-1.0.1e.orig/doc/apps/cms.pod
+++ openssl-1.0.1e/doc/apps/cms.pod
--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/cms.pod 2014-01-09 23:42:30.000000000 +0000
@@ -450,28 +450,28 @@ remains DER.
=over 4
@ -96,10 +98,10 @@ Index: openssl-1.0.1e/doc/apps/cms.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1e/doc/apps/smime.pod
Index: openssl-1.0.1f/doc/apps/smime.pod
===================================================================
--- openssl-1.0.1e.orig/doc/apps/smime.pod
+++ openssl-1.0.1e/doc/apps/smime.pod
--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/smime.pod 2014-01-09 23:42:31.000000000 +0000
@@ -308,28 +308,28 @@ remains DER.
=over 4
@ -135,10 +137,37 @@ Index: openssl-1.0.1e/doc/apps/smime.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1e/doc/crypto/OPENSSL_ia32cap.pod
Index: openssl-1.0.1f/doc/apps/ts.pod
===================================================================
--- openssl-1.0.1e.orig/doc/crypto/OPENSSL_ia32cap.pod
+++ openssl-1.0.1e/doc/crypto/OPENSSL_ia32cap.pod
--- openssl-1.0.1f.orig/doc/apps/ts.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/ts.pod 2014-01-09 23:45:03.000000000 +0000
@@ -58,19 +58,19 @@ time. Here is a brief description of the
=over 4
-=item 1.
+=item Z<>1.
The TSA client computes a one-way hash value for a data file and sends
the hash to the TSA.
-=item 2.
+=item Z<>2.
The TSA attaches the current date and time to the received hash value,
signs them and sends the time stamp token back to the client. By
creating this token the TSA certifies the existence of the original
data file at the time of response generation.
-=item 3.
+=item Z<>3.
The TSA client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
===================================================================
--- openssl-1.0.1f.orig/doc/crypto/OPENSSL_ia32cap.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod 2014-01-09 23:42:31.000000000 +0000
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
crypto library behaviour. For the moment of this writing six bits are
significant, namely:
@ -157,10 +186,65 @@ Index: openssl-1.0.1e/doc/crypto/OPENSSL_ia32cap.pod
For example, clearing bit #26 at run-time disables high-performance
SSE2 code present in the crypto library. You might have to do this if
target OpenSSL application is executed on SSE2 capable CPU, but under
Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
Index: openssl-1.0.1f/doc/crypto/rand.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-1.0.1f.orig/doc/crypto/rand.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/crypto/rand.pod 2014-01-09 23:43:46.000000000 +0000
@@ -74,16 +74,16 @@ First up I will state the things I belie
=over 4
-=item 1
+=item Z<>1
A good hashing algorithm to mix things up and to convert the RNG 'state'
to random numbers.
-=item 2
+=item Z<>2
An initial source of random 'state'.
-=item 3
+=item Z<>3
The state should be very large. If the RNG is being used to generate
4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
@@ -93,13 +93,13 @@ carried away on this last point but it d
a bad idea to keep quite a lot of RNG state. It should be easier to
break a cipher than guess the RNG seed data.
-=item 4
+=item Z<>4
Any RNG seed data should influence all subsequent random numbers
generated. This implies that any random seed data entered will have
an influence on all subsequent random numbers generated.
-=item 5
+=item Z<>5
When using data to seed the RNG state, the data used should not be
extractable from the RNG state. I believe this should be a
@@ -108,12 +108,12 @@ data would be a private key or a passwor
not be disclosed by either subsequent random numbers or a
'core' dump left by a program crash.
-=item 6
+=item Z<>6
Given the same initial 'state', 2 systems should deviate in their RNG state
(and hence the random numbers generated) over time if at all possible.
-=item 7
+=item Z<>7
Given the random number output stream, it should not be possible to determine
the RNG state or the next random number.
Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-09 23:42:31.000000000 +0000
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
=over 4
@ -175,10 +259,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
The operation failed. Check the error queue to find out the reason.
Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-01-09 23:42:31.000000000 +0000
@@ -52,13 +52,13 @@ The following values are returned by all
=over 4
@ -195,10 +279,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
The operation succeeded.
Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-09 23:42:31.000000000 +0000
@@ -100,13 +100,13 @@ The following return values can occur:
=over 4
@ -215,10 +299,30 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
The operation succeeded.
Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-09 23:42:31.000000000 +0000
@@ -66,13 +66,13 @@ values:
=over 4
-=item 0
+=item Z<>0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-09 23:42:31.000000000 +0000
@@ -64,13 +64,13 @@ return the following values:
=over 4
@ -235,10 +339,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
The operation succeeded.
Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-09 23:42:31.000000000 +0000
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
=over 4
@ -253,20 +357,11 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
The operation succeeded.
Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_
Return values from the server callback are interpreted as follows:
+=over 4
+
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -94,9 +96,11 @@ data to B<psk> and return the length of
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-09 23:44:18.000000000 +0000
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
connection will fail with decryption_error before it will be finished
completely.
@ -275,14 +370,30 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
+=back
+
=cut
Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod
Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod
+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-01-09 23:42:31.000000000 +0000
@@ -44,13 +44,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-01-09 23:42:31.000000000 +0000
@@ -56,12 +56,12 @@ The following return values can occur:
=over 4
@ -298,10 +409,50 @@ Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod
The SSL_clear() operation was successful.
Index: openssl-1.0.1e/doc/ssl/SSL_read.pod
Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod
+++ openssl-1.0.1e/doc/ssl/SSL_read.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-01-09 23:42:31.000000000 +0000
@@ -41,13 +41,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-01-09 23:42:31.000000000 +0000
@@ -45,13 +45,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-01-09 23:42:31.000000000 +0000
@@ -86,7 +86,7 @@ The following return values can occur:
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
@ -311,10 +462,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_read.pod
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod
+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-01-09 23:42:31.000000000 +0000
@@ -27,11 +27,11 @@ The following return values can occur:
=over 4
@ -329,10 +480,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
A session was reused.
Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod
+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-01-09 23:42:31.000000000 +0000
@@ -35,11 +35,11 @@ The following return values can occur:
=over 4
@ -347,10 +498,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
The operation succeeded.
Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod
Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod
+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-01-09 23:42:31.000000000 +0000
@@ -37,11 +37,11 @@ The following return values can occur:
=over 4
@ -365,10 +516,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod
The operation succeeded.
Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod
Index: openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod
+++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_shutdown.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod 2014-01-09 23:42:31.000000000 +0000
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection
=over 4
@ -378,121 +529,14 @@ Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod
No shutdown setting, yet.
Index: openssl-1.0.1e/doc/ssl/SSL_write.pod
Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod
+++ openssl-1.0.1e/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item Z<>0
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,
Index: openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
===================================================================
--- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl
an application specific error. This will never be returned unless explicitly
set by an application.
+=back
+
=head1 NOTES
The above functions should be used instead of directly referencing the fields
Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,11 +66,11 @@ values:
=over 4
-=item 1
+=item Z<>1
The operation succeeded.
-=item 0
+=item Z<>0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
Index: openssl-1.0.1e/doc/ssl/SSL_accept.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod
@@ -44,12 +44,12 @@ The following return values can occur:
=over 4
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
Index: openssl-1.0.1e/doc/ssl/SSL_connect.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod
@@ -41,12 +41,12 @@ The following return values can occur:
=over 4
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
Index: openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
@@ -45,12 +45,12 @@ The following return values can occur:
=over 4
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-01-09 23:42:31.000000000 +0000
@@ -92,19 +92,19 @@ The following return values can occur:
=over 4
-=item 1
+=item Z<>1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item 0
+=item Z<>0
@ -501,8 +545,27 @@ Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item 1
+=item Z<>1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item -1
+=item Z<>-1
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-01-09 23:42:31.000000000 +0000
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item Z<>0
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,

34
openssl.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Sat Jan 11 08:42:54 UTC 2014 - shchang@suse.com
- Remove GCC option "-O3" for compiliation issue of ARM version
Modify: openssl.spec
-------------------------------------------------------------------
Fri Jan 10 14:43:20 UTC 2014 - shchang@suse.com
- Adjust the installation path( libopenssl/hmac into /lib or /lib64)
Modify files: README-FIPS.txt openssl.spec
-------------------------------------------------------------------
Thu Jan 9 23:08:29 UTC 2014 - andreas.stieger@gmx.de
- 1.0.1f:
* Fix for TLS record tampering bug CVE-2013-4353
- already included:
* Fix for TLS version checking bug CVE-2013-6449
* Fix for DTLS retransmission bug CVE-2013-6450
- removed patches:
* CVE-2013-6449.patch, committed upstream
* CVE-2013-6450.patch, committed upstream
* SSL_get_certificate-broken.patch, committed upstream
* openssl-1.0.1e-bnc822642.patch, committed upstream
- modified patches:
* openssl-1.0.1e-fips.patch, adjust for upstream changes
* openssl-fix-pod-syntax.diff, adjust for upstream changes
-------------------------------------------------------------------
Wed Jan 8 22:01:36 UTC 2014 - andreas.stieger@gmx.de
- add a gpg keyring for source tarball
-------------------------------------------------------------------
Wed Jan 8 10:57:24 UTC 2014 - shchang@suse.com

100
openssl.keyring Normal file
View File

@ -0,0 +1,100 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<style type="text/css">
/*<![CDATA[*/
.uid { color: green; text-decoration: underline; }
.warn { color: red; font-weight: bold; }
/*]]>*/
</style></head><body><h1>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</h1>
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: pgp.mit.edu
mQENAzZz6nwAAAEIAMo0phUn+IyEMv4v4gN7ANsdksYAwsrN+3XutOrNlJIJ1HSKVxlgzU7N
6XkYvFH+fSMaHE1+SRREyCO2MVBXWDrSAGCYETcKY+KM2gzSEB2pMxNdewZDFM5ayUHMCVjv
ROanLr5KfjEcA6uibwLcq+tvKGTq16kba3COgYElM5LR1vHx7EZB3PHAonHfgggM/MmKZw30
61PG+xfAvJZFyOojVLcGGqa510ctnoqLBhCceRQbQEaEO+1KIxJ+qf3BGyl5i1Ldz04252Wx
ANVlEyVhqaVLFwY7jAcaeqWK+CxOyK0HjJnQZpygIJgWMaaS2UN1/2nzB0kMotKbe/KVx1kA
BRG0MURyIFN0ZXBoZW4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5jby51az6I
RgQQEQIABgUCRFyrXAAKCRCL2C5vMLlLXKlsAKCUWipHE16bE8yRsxiLikjx0fO84wCfTGSi
DknIYZWFa5bKJ1KY4uIEqhSIRgQQEQIABgUCRsddmgAKCRAQN5GDEzHzW2w6AJ0SqqSEuEGj
MH31xtwQQDEjVou2tACdHqASE+VZRLdzJHoZN7V0err0zP2JARUDBRNDwVDootKbe/KVx1kB
AUljB/9ilmpYqqMFIMFrOB3hlIQMao6ZkHPqsrMeePUvAX9oa3p7uXloDm3aQggc9SFeNIoo
pZPCQpR+5LcP5ybbYJb3NQOR1KuCRaBwt5e/49uBYpH14B74RddOZS/UThUXPSQ5fVY4Bs9I
zNp4rMydpr3fEIXgW8CGzRussLKUj5f93o7S4pzvucTw8Z5lWhvtUmA6VqvZvK26FklkhVB0
vPGSMHgE7y6eHPKjAZoGvgiuf7L65YOTceQcTPlW34vqel8YtJpBdIM8Ju7Zdx8hfD/HScVY
r+RBzEOM6nPzKj3vFCUhFeq6ywj1yCAF3J3bkeU6voJnT9Ad15f88t5w45hMiQIcBBABAgAG
BQJPtt+IAAoJECx8HnpWTIi8QAIQALBqDaLOJICo3x9bkULIq49Ly1zUbKKbnqXQmv11KCHT
UsLK4Wj0ztEza8kT99Of6IaB0hLAn4qZQFx9LeiX4QruiXB9ti86LHrLypFR3XgTIvdULcBz
/kQmAwB6eXW5Zqw/5SJ8F90B/XvtADpBnHnZNOmFOesnJSX7Urho2002Ep3beUR1zvtdJf5l
F+enFPZ/cOnQvJNPaDbh+WoXfWVRz5aYR4TbNsT0Fetsvi6unO/GWHv04rlWiRCwbpEDem60
54KiDYxXZR5Gh29ivap6KeX3Sdy8T4aeBnxb1asY66EUAge5GGF3mYJJ5+Jaqro47SYe3NzK
kbYURUKeTLOCik16tYhI2TgKBDePi69nE8dORRkzm+1S2LVZKX4D/P/zbkB3Fc/Kp0f0nneK
rfn5bwWF79r71Z6xHh6E8bv51b9eb3ODAObRSGWYv5NNqSSAN+7CXeplVjXXeB8S/e1RE5J4
TScWVJ+rMSWzodktA72d4rTFkMmLscAht6HCGNG8hQQ6EB5Pgr5JbVu5vv56cwO9wczZttSD
ZPxCu4Ww+cf9x40s0xrsYr9sDaXsRPiC+UjUe5h3pkJgXFWUNdBqCob5G92Z7RYcQ63IfAzb
Ufu+xWpDDoyO6Gb/NZzQapMn8cq+1cIftjSbBG4dN+LkErroD58Fby26ODoHFKeztDNEciBT
IE4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5kZW1vbi5jby51az6IRgQQEQIA
BgUCQkCrkAAKCRAYWdAfZ3uh7BT0AJ9moE8PhFPA7kFkBO2mLRhBdTzpGACfW5yvlfyaJTnH
DhXTA4CeHdl+F8CIRgQQEQIABgUCQkCrswAKCRCBwvfr4hO2kkX9AJwMfPm8dq5Bmpeoq26/
8cqU/j+98gCfYC/nxPtcV2ubDUmMZPJFtL17E72IRgQQEQIABgUCQkCr4QAKCRBrcOzZXcP0
c6kIAJ90icvg9nDJ+A+jRcY1zO3rH/n7UgCgtKTJsi75aUqGjA3gc+1CnCyNtwyIRgQQEQIA
BgUCQojbUgAKCRCL2C5vMLlLXEUXAJ9HkA1nXtU2nw2jSHIY0wISde0x/QCgiUz2QjlojUI7
niTTgV4lQNGmItCIRgQQEQIABgUCRsddqAAKCRAQN5GDEzHzW8Q1AKCknK1tOm4tnWbTX2ry
+HN7e28SXwCgpIDDVI1+oH3FFmeCbRDY0UO0anyIlQMFE0Grc8DurUz9SaVj2QEBSb8EAJnV
6oeLEWO/d96dvLRHYHbR9F9efQZjLnTeDMLy4kIkPuMAJk1L7mvnrcIA+DcHl80rNMhQVJUP
zYZ5Rq77VuBf20C14Az4rLgoOgcAU7pI61C0L7eygX/P8nZQu87JeFf1A/ussXDtqA/1KWSl
tVRwFX3dCmSgYG1LjzEa2AVxiQEVAwUQNnPqfKLSm3vylcdZAQFBuQgApiGtXIxJPtCvF3zS
ZYk1HOF1u9Qg05s4AdeGvQG6Gmx0MK4SRRUt4MYX8nvQ0VwZRQnvPIRfWixWnEBzpujC+sC9
fqgStj7bG+Uy4YQ1JNph5y6I/75TT0/z0pRAC7Jlwet5+PWrYa9m9rKqyaZVCw5IUSrcjkTo
/gjBLmrxVme+O8e6dF4Te0SIjFrvnNeA3B1TI0tDusxlHkKyJ3jEUf9Mu3Vx+fAukmiWUCTH
52QXZPcLP2V5Ud9X0mS+N2mTVi3rPK8wVhTiu93cXEqhTHoIEPOlLW0J/1n8x8kngGgX/TiE
G8Hd13SOh+YembJVaV7JlYAISdEgCj6JdPSsc4kCHAQQAQIABgUCQkCsCwAKCRCq4+bOZqFE
aO5vEACsZZZeb8TZBeuT4YCopBenHLl+hS1mVqDf4Qy8L5wxXnRwCAugwKf0j8T0KZQodRKI
iTWI2Oe3dDBUDE5CS1wyyku7QMsi22mUPOwLL3VddITEa8c3JJmU1ec86c5rEB4xIV8Rcgqw
CCPeyam+nwyoVKRuijbFJyj0pymTbhpqmGi7oQw0IwVsFKMmgVXiSPdC6MpIOD8+wrc9Sfno
CW+jgfcJLu/k/WEgw7qpj5cOwbFvBRzs7VO4RwU9jzXpZdouRRIZhrNwQYmBKRXC5Aa0o8gd
aN0hWlS+KQ+S73m/XFabGtCyMPU5HX5g2EtvP61+ovqRYvHseBpKwjTTgWthw40IQxIkRU+Y
PxiEXM9yMcBvs2F25zDw9g3SGLleFqizhUyLAyvY3T1IJgWCU3BFCXy0XJuguQM5znFNDZZ4
TZnEAKddhf/v/3AOHg0RFzNgMsA8H7MaJey50vOiqn4mFiy+nXA+ILI8Pz+UaJKihs8KutFG
YEuXiMPn+9vbKdAK/wYzUmilM1xei30E4/bFPt+nwOHF/4ghuKM4KyaImOCijAnkbOaPUBT+
9qPua+AO15DfAEVoGLIDOMIx2CNqKaOsYadUq3wnFTs/erc/sz/3a1pFYATz3G1jh4kk163q
zZpEfewFgAB1mynkXA4vBqKNarwApBTgZ4kR9XYXpIkCHAQQAQIABgUCT7bfiAAKCRAsfB56
VkyIvBV9EACET5QEw0RdpgU5BVVRBnz4XCWXmPUX7/YSfZUQt2sDzKKHYB+yc0h6DnbMenw6
9YnIg2l8v7hKguLAIxbg21T6y/rne5CtEAzysEIDncqEnxDSMGXlFdMHzRWBKjASqzfxkD8+
K2no0VMNr/nK+iScfn64FLuH/D0+NEghrx/Vx1dU7ewYGcY5OybfOmBrrSGNwOKfKnRbxTbo
avBnREnBeY/6xgadwZt0gwoHLEgLotQzLkchJiSfBZcK54nZ1y+NqKfLg+8etXbBDFhgS/OP
dBmthi5Gt9gKj4u+t1Tjqvrcni203CdXv5HPL5zBc7ZQX+XzwODnAk2+OE28ql+DR3X5SYru
o355/fUUZgGNpi043+uL6xjZPFARiDc25vqSuY/KQUjFknMgYSm5aw7a7ZM5WiyLO4AdnvX4
UhRLcXyWqHbpGCQXJr6itJx26JKyQ7sSABrZ/Vj9MOmc3kjcoEW+wcJTKthOpZ3HfB8xreWJ
IKj+593sqjlStz9kEDMwTmA66B/QVhRx9jPZrbTkQR1DQJ4dOUcBweJ1XF7oP4+Zk++qVZsV
ez38JptDYqd8+rdQyw3xFfy4iur32oEA92nUdtcs2eIrgGhR96Fuah9wB090hZwPDsiYB1wR
+7HeDl/XSdiisIWZk8V75oJuSuzoYqFhWQeWQK/2fUNx7bQ6RHIgU3RlcGhlbiBIZW5zb24g
PHN0ZXBoZW4uaGVuc29uQG9wZW5uZXR3b3Jrc2VjdXJpdHkuY29tPohGBBARAgAGBQJEXKtf
AAoJEIvYLm8wuUtcd9UAnjmdDad6Qxwun/i0dbZbLjXE0KTzAJ9b49qIv1RTSled84xjp8LI
GzaZaohGBBARAgAGBQJGx12oAAoJEBA3kYMTMfNblFkAmwTFV2BtA4bTJgwZzbqP57yt9hJS
AJ9bVKWTmWRbKGltql/VwUXvTms3TYkBFQMFE0PBUKmi0pt78pXHWQEBa1YH/14MRmPhcl8r
6nlqhJUuPFB1FOI9Epy1sP+FaIGRmBxq63nN7pLLor6wzTQ7LEMnC4OkXQIaylYYC8uOGW7L
FCFBGnqLHwVUTxWc9Y0r/fdVYGwKn7f134RVSCFfIzr210ogX/e9CHsX+jhRSNG1IrG7t62l
uyMz2GIrz5+tDgRJJT3MraEIprW0jiB8ZMHhI41u6a1DGUcmbVFS0oRkFHpCJjeFglcG0ZFo
Lle6QqFgtOQ742JuB6d+ccHVRadQOGnyxv5jQf2PMGr+USEuJFEU7VUDi8ja/WYdTdJD+g8r
qrkzYofsmngrU0ZfxfaDG3esnN7qqEXsf1wXE1KfCFSJAhwEEAECAAYFAk+234gACgkQLHwe
elZMiLxCgQ/+IicQEYoNtf9VgmiGAFtoRKD+bZhQtTP4mrAplqZBXSo+Ro2EM+3Z0nUe52I1
Ydsd8/ofYY2jhCzOkKpD5asH7+jondeVs7G4PdaiAIsrMwQAbU1S1rgnWB9KrLB+RWvIHsDT
JNEuJQO/2+etNoYsEBp+xl7Tx0uwQdueHg1TrjCAOMImJjGAwOXDS4wD8DPnpaqJnIkwNMXa
Kaxsz0Kybqh+eYkIibvj04R3K+Zoh2i1Fr/MFPP8F7UrGWOQZkjtg30m3nSTVgsLwTWTbcZ/
bRNZu9h5lkeqktH8BDHPSjDh5VzeM1G9zP+5/gBXzH2R9NohzYHjnsM6JyXTMGKiErqhRfPw
shiteXN9xTglw3P2GCdYzO9cp7y2YA3/BJtKweZV19qtRk5NxRdVnUP+DeYc4Fl7vICQ6wVO
VMJ765SDkHaGx7fIKHNs9LlMNDC0PHvT+Ta1tCTv1qJl6uYao6rwlXAk+OO2dNndYkV8kIN2
g7o5xRUx4n2wIOGQFHk3/PQGYaoeIahy1wl2cnq2kjQdhhbex6lUc4s9alMOz8HN9zn4e4cz
rDK7MEQcEUcjMVk9ATnmf3UKblgQGsod1BvrXo3lpt+CSUdtYO+IrqWaC+cUpYmfoXjxBTZH
gm838LRUnA/P+cb+taZBysUrxDthEtKNKZNCpZ541EIFvzE=
=DUIo
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</body></html>

46
openssl.spec
View File

@ -29,14 +29,16 @@ Provides: ssl
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
Version: 1.0.1e
Version: 1.0.1f
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
Group: Productivity/Networking/Security
Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz
Source42: http://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc
Url: https://www.openssl.org/
Source: https://www.%{name}.org/source/%{name}-%{version}.tar.gz
Source42: https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc
# https://www.openssl.org/about/
Source43: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring
# to get mtime of file:
Source1: openssl.changes
Source2: baselibs.conf
@ -54,8 +56,6 @@ Patch7: compression_methods_switch.patch
Patch8: 0005-libssl-Hide-library-private-symbols.patch
Patch9: openssl-1.0.1c-default-paths.patch
Patch10: openssl-pkgconfig.patch
Patch11: SSL_get_certificate-broken.patch
Patch12: openssl-1.0.1e-bnc822642.patch
# From Fedora openssl.
Patch13: openssl-1.0.1c-ipv6-apps.patch
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
@ -63,8 +63,6 @@ Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
Patch15: openssl-1.0.1e-fips.patch
Patch16: openssl-1.0.1e-fips-ec.patch
Patch17: openssl-1.0.1e-fips-ctor.patch
Patch18: CVE-2013-6449.patch
Patch19: CVE-2013-6450.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -164,15 +162,11 @@ this package's base documentation.
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
cp -p %{S:10} .
cp -p %{S:11} .
@ -230,7 +224,7 @@ no-ec2m \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS -O3 -std=gnu99 \
$RPM_OPT_FLAGS -std=gnu99 \
-Wa,--noexecstack \
-fomit-frame-pointer \
-DTERMIO \
@ -383,25 +377,23 @@ find demos -type f -perm /111 -exec chmod 644 {} \;
%{expand:%%global __os_install_post {%__os_install_post
$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \
$RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version} > \
$RPM_BUILD_ROOT/%{_libdir}/.libssl.so.%{num_version}.hmac
$RPM_BUILD_ROOT/%{_lib}/libssl.so.%{num_version} > \
$RPM_BUILD_ROOT/%{_lib}/.libssl.so.%{num_version}.hmac
$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \
$RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version} > \
$RPM_BUILD_ROOT/%{_libdir}/.libcrypto.so.%{num_version}.hmac
$RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{num_version} > \
$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{num_version}.hmac
}}
#process openssllib
mkdir $RPM_BUILD_ROOT/%{_lib}
#mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
#mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/
cd $RPM_BUILD_ROOT%{_libdir}/
ln -sf /%{_libdir}/libssl.so.%{num_version} ./libssl.so
#ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so.%{num_version}
ln -sf /%{_libdir}/libcrypto.so.%{num_version} ./libcrypto.so
#ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so.%{num_version}
ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
for engine in 4758cca atalla nuron sureware ubsec cswift chil aep; do
rm %{buildroot}/%{_lib}/engines/lib$engine.so
@ -420,14 +412,14 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%files -n libopenssl1_0_0
%defattr(-, root, root)
/%{_libdir}/libssl.so.%{num_version}
/%{_libdir}/libcrypto.so.%{num_version}
/%{_lib}/libssl.so.%{num_version}
/%{_lib}/libcrypto.so.%{num_version}
/%{_lib}/engines
%files -n libopenssl1_0_0-hmac
%defattr(-, root, root)
%{_libdir}/.libssl.so.%{num_version}.hmac
%{_libdir}/.libcrypto.so.%{num_version}.hmac
/%{_lib}/.libssl.so.%{num_version}.hmac
/%{_lib}/.libcrypto.so.%{num_version}.hmac
%files -n libopenssl-devel
%defattr(-, root, root)