[rpms/openssl] rebase_40beta: - oops wrong patch removed

[rpms/openssl] rebase_40beta: - oops wrong patch removed

[@ 2026-06-09 12:42 UTC (permalink / raw)]

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : 03d2622327dff9b00ed2a7c9c371abd8c8f7a677
Author : Tomáš Mráz <tmraz@fedoraproject.org>
Date   : 2010-06-04T14:16:25+00:00
Stats  : +22/-53 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/03d2622327dff9b00ed2a7c9c371abd8c8f7a677?branch=rebase_40beta

Log:
- oops wrong patch removed

---
diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch
deleted file mode 100644
index 99518cd..0000000
--- a/openssl-1.0.0-dtls1-backports.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
---- openssl-1.0.0/ssl/d1_lib.c.dtls1	2009-12-08 12:38:17.000000000 +0100
-+++ openssl-1.0.0/ssl/d1_lib.c	2010-04-09 16:29:49.000000000 +0200
-@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
- 		timeleft->tv_usec += 1000000;
- 		}
- 
-+	/* If remaining time is less than 15 ms, set it to 0
-+	 * to prevent issues because of small devergences with
-+	 * socket timeouts.
-+	 */
-+	if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
-+		{
-+		memset(timeleft, 0, sizeof(struct timeval));
-+		}
-+	
-+
- 	return timeleft;
- 	}
- 
-diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
---- openssl-1.0.0/ssl/d1_pkt.c.dtls1	2009-10-04 18:52:35.000000000 +0200
-+++ openssl-1.0.0/ssl/d1_pkt.c	2010-04-09 16:30:49.000000000 +0200
-@@ -667,14 +667,14 @@ again:
- 	if (rr->length == 0) goto again;
- 
- 	/* If this record is from the next epoch (either HM or ALERT),
--	 * buffer it since it cannot be processed at this time. Records
--	 * from the next epoch are marked as received even though they
--	 * are not processed, so as to prevent any potential resource
--	 * DoS attack */
-+	 * and a handshake is currently in progress, buffer it since it
-+	 * cannot be processed at this time. */
- 	if (is_next_epoch)
- 		{
--		dtls1_record_bitmap_update(s, bitmap);
--		dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
-+		if (SSL_in_init(s) || s->in_handshake)
-+			{
-+			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
-+			}
- 		rr->length = 0;
- 		s->packet_length = 0;
- 		goto again;
-@@ -809,7 +809,7 @@ start:
- 		 * buffer the application data for later processing rather
- 		 * than dropping the connection.
- 		 */
--		dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
-+		dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
- 		rr->length = 0;
- 		goto start;
- 		}

diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch
new file mode 100644
index 0000000..9098c0a
--- /dev/null
+++ b/openssl-1.0.0-name-hash.patch
@@ -0,0 +1,22 @@
+diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c
+--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash	2010-01-12 18:27:10.000000000 +0100
++++ openssl-1.0.0/crypto/x509/x509_cmp.c	2010-04-06 16:44:52.000000000 +0200
+@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA
+ 	{
+ 	unsigned long ret=0;
+ 	unsigned char md[16];
++	EVP_MD_CTX ctx; 
+ 
+ 	/* Make sure X509_NAME structure contains valid cached encoding */
+ 	i2d_X509_NAME(x,NULL);
+-	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
++
++	EVP_MD_CTX_init(&ctx);
++	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
++        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)
++		&& EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length)
++		&& EVP_DigestFinal_ex(&ctx, md, NULL);
++	EVP_MD_CTX_cleanup(&ctx);
+ 
+ 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+ 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)