public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: - a few fixes from upstream CVS
Date: Tue, 09 Jun 2026 12:42:09 GMT [thread overview]
Message-ID: <178100892959.1.13727064746013912423.rpms-openssl-3bdf494b4f2e@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 3bdf494b4f2ebdadfb5eade264aaf273a6cc42be
Author : Tomáš Mráz <tmraz@fedoraproject.org>
Date : 2010-04-09T15:25:39+00:00
Stats : +155/-7 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/3bdf494b4f2ebdadfb5eade264aaf273a6cc42be?branch=rebase_40beta
Log:
- a few fixes from upstream CVS
- move libcrypto to /lib (#559953)
---
diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch
new file mode 100644
index 0000000..99518cd
--- /dev/null
+++ b/openssl-1.0.0-dtls1-backports.patch
@@ -0,0 +1,53 @@
+diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
+--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100
++++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200
+@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
+ timeleft->tv_usec += 1000000;
+ }
+
++ /* If remaining time is less than 15 ms, set it to 0
++ * to prevent issues because of small devergences with
++ * socket timeouts.
++ */
++ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
++ {
++ memset(timeleft, 0, sizeof(struct timeval));
++ }
++
++
+ return timeleft;
+ }
+
+diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
+--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200
++++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200
+@@ -667,14 +667,14 @@ again:
+ if (rr->length == 0) goto again;
+
+ /* If this record is from the next epoch (either HM or ALERT),
+- * buffer it since it cannot be processed at this time. Records
+- * from the next epoch are marked as received even though they
+- * are not processed, so as to prevent any potential resource
+- * DoS attack */
++ * and a handshake is currently in progress, buffer it since it
++ * cannot be processed at this time. */
+ if (is_next_epoch)
+ {
+- dtls1_record_bitmap_update(s, bitmap);
+- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
++ if (SSL_in_init(s) || s->in_handshake)
++ {
++ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
++ }
+ rr->length = 0;
+ s->packet_length = 0;
+ goto again;
+@@ -809,7 +809,7 @@ start:
+ * buffer the application data for later processing rather
+ * than dropping the connection.
+ */
+- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
++ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
+ rr->length = 0;
+ goto start;
+ }
diff --git a/openssl-1.0.0-init-sha256.patch b/openssl-1.0.0-init-sha256.patch
new file mode 100644
index 0000000..115722c
--- /dev/null
+++ b/openssl-1.0.0-init-sha256.patch
@@ -0,0 +1,79 @@
+diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod
+--- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100
++++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200
+@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori
+
+ =head1 DESCRIPTION
+
+-SSL_library_init() registers the available ciphers and digests.
++SSL_library_init() registers the available SSL/TLS ciphers and digests.
+
+ OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
+ for SSL_library_init().
+@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant.
+
+ =head1 WARNING
+
+-SSL_library_init() only registers ciphers. Another important initialization
+-is the seeding of the PRNG (Pseudo Random Number Generator), which has to
+-be performed separately.
++SSL_library_init() adds ciphers and digests used directly and indirectly by
++SSL/TLS.
+
+ =head1 EXAMPLES
+
+ A typical TLS/SSL application will start with the library initialization,
+-will provide readable error messages and will seed the PRNG.
++and provide readable error messages.
+
+ SSL_load_error_strings(); /* readable error messages */
+ SSL_library_init(); /* initialize library */
+- actions_to_seed_PRNG();
+
+ =head1 RETURN VALUES
+
+ SSL_library_init() always returns "1", so it is safe to discard the return
+ value.
+
++=head1 NOTES
++
++OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
++Applications which need to use SHA2 in earlier versions of OpenSSL should call
++OpenSSL_add_all_algorithms() as well.
++
+ =head1 SEE ALSO
+
+ L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
+diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c
+--- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200
++++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200
+@@ -111,6 +111,14 @@ int SSL_library_init(void)
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+ #endif
++#ifndef OPENSSL_NO_SHA256
++ EVP_add_digest(EVP_sha224());
++ EVP_add_digest(EVP_sha256());
++#endif
++#ifndef OPENSSL_NO_SHA512
++ EVP_add_digest(EVP_sha384());
++ EVP_add_digest(EVP_sha512());
++#endif
+ #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+@@ -148,6 +156,14 @@ int SSL_library_init(void)
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+ #endif
++#ifndef OPENSSL_NO_SHA256
++ EVP_add_digest(EVP_sha224());
++ EVP_add_digest(EVP_sha256());
++#endif
++#ifndef OPENSSL_NO_SHA512
++ EVP_add_digest(EVP_sha384());
++ EVP_add_digest(EVP_sha512());
++#endif
+ #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/openssl.spec b/openssl.spec
index 20e028e..bae51c1 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0
-Release: 2%{?dist}
+Release: 3%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@@ -62,6 +62,8 @@ Patch51: openssl-1.0.0-version.patch
Patch52: openssl-1.0.0-beta4-aesni.patch
Patch53: openssl-1.0.0-name-hash.patch
# Backported fixes including security fixes
+Patch60: openssl-1.0.0-dtls1-backports.patch
+Patch61: openssl-1.0.0-init-sha256.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -143,6 +145,8 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch52 -p1 -b .aesni
%patch53 -p1 -b .name-hash
+%patch60 -p1 -b .dtls1
+%patch61 -p1 -b .sha256
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -228,8 +232,8 @@ make -C test apps tests
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
- crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
- ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
+ crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{version} >$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{version}.hmac \
+ ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{soversion}.hmac \
crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil}
@@ -244,11 +248,17 @@ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
+mkdir $RPM_BUILD_ROOT/%{_lib}
+mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} $RPM_BUILD_ROOT/%{_lib}
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
chmod 755 ${lib}
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
-
+done
+for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
+ chmod 755 ${lib}
+ ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
+ ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
done
# Install a makefile for generating keys and self-signed certs, and a script
@@ -355,9 +365,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) %{_bindir}/openssl
-%attr(0755,root,root) %{_libdir}/*.so.%{version}
-%attr(0755,root,root) %{_libdir}/*.so.%{soversion}
-%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
+%attr(0755,root,root) /%{_lib}/libcrypto.so.%{version}
+%attr(0755,root,root) /%{_lib}/libcrypto.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
+%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion}
+%attr(0644,root,root) /%{_lib}/.libcrypto.so.*.hmac
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
%attr(0755,root,root) %{_libdir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
@@ -387,6 +399,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Fri Apr 9 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-3
+- a few fixes from upstream CVS
+- move libcrypto to /lib (#559953)
+
* Tue Apr 6 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
- set UTC timezone on pod2man run (#578842)
- make X509_NAME_hash_old work in FIPS mode
reply other threads:[~2026-06-09 12:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100892959.1.13727064746013912423.rpms-openssl-3bdf494b4f2e@fedoraproject.org \
--to=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox