public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: - listen on ipv6 wildcard in s_server so we accept connections
Date: Tue, 09 Jun 2026 12:42:21 GMT [thread overview]
Message-ID: <178100894179.1.11150845118675742279.rpms-openssl-09127ac54a2e@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 09127ac54a2e1983a9a0e5c91d9335475b5f3162
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2011-01-24T17:41:43+01:00
Stats : +162/-1 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/09127ac54a2e1983a9a0e5c91d9335475b5f3162?branch=rebase_40beta
Log:
- listen on ipv6 wildcard in s_server so we accept connections
from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
with FIPS allowed ciphers
---
diff --git a/openssl-1.0.0c-apps-ipv6listen.patch b/openssl-1.0.0c-apps-ipv6listen.patch
new file mode 100644
index 0000000..7c3d4a0
--- /dev/null
+++ b/openssl-1.0.0c-apps-ipv6listen.patch
@@ -0,0 +1,57 @@
+diff -up openssl-1.0.0c/apps/s_socket.c.ipv6listen openssl-1.0.0c/apps/s_socket.c
+--- openssl-1.0.0c/apps/s_socket.c.ipv6listen 2011-01-24 16:44:18.000000000 +0100
++++ openssl-1.0.0c/apps/s_socket.c 2011-01-24 16:56:25.000000000 +0100
+@@ -335,15 +335,16 @@ int do_server(char *port, int type, int
+
+ static int init_server(int *sock, char *port, int type)
+ {
+- struct addrinfo *res, *res0, hints;
++ struct addrinfo *res, *res0 = NULL, hints;
+ char * failed_call = NULL;
+- char port_name[8];
+ int s;
+ int e;
+
+ if (!ssl_sock_init()) return(0);
+
+ memset(&hints, '\0', sizeof(hints));
++ hints.ai_family = AF_INET6;
++tryipv4:
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+
+@@ -365,6 +366,12 @@ static int init_server(int *sock, char *
+ failed_call = "socket";
+ goto nextres;
+ }
++ if (hints.ai_family == AF_INET6)
++ {
++ int j = 0;
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++ (void *) &j, sizeof j);
++ }
+ #if defined SOL_SOCKET && defined SO_REUSEADDR
+ {
+ int j = 1;
+@@ -392,9 +399,19 @@ nextres:
+ close(s);
+ res = res->ai_next;
+ }
+- freeaddrinfo(res0);
++ if (res0)
++ freeaddrinfo(res0);
+
+- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++ if (s == INVALID_SOCKET)
++ {
++ if (hints.ai_family == AF_INET6)
++ {
++ hints.ai_family = AF_INET;
++ goto tryipv4;
++ }
++ perror("socket");
++ return(0);
++ }
+
+ perror(failed_call);
+ return(0);
diff --git a/openssl-1.0.0c-speed-fips.patch b/openssl-1.0.0c-speed-fips.patch
new file mode 100644
index 0000000..048d673
--- /dev/null
+++ b/openssl-1.0.0c-speed-fips.patch
@@ -0,0 +1,94 @@
+diff -up openssl-1.0.0c/apps/speed.c.spfips openssl-1.0.0c/apps/speed.c
+--- openssl-1.0.0c/apps/speed.c.spfips 2010-11-18 14:22:26.000000000 +0100
++++ openssl-1.0.0c/apps/speed.c 2011-01-24 17:25:32.000000000 +0100
+@@ -100,6 +100,9 @@
+ #include <openssl/err.h>
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ #if !defined(OPENSSL_SYS_MSDOS)
+ #include OPENSSL_UNISTD
+ #endif
+@@ -908,7 +911,12 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_RSA
+ if (strcmp(*argv,"rsa") == 0)
+ {
++#ifdef OPENSSL_FIPS
++ if (!FIPS_mode())
++#endif
++ {
+ rsa_doit[R_RSA_512]=1;
++ }
+ rsa_doit[R_RSA_1024]=1;
+ rsa_doit[R_RSA_2048]=1;
+ rsa_doit[R_RSA_4096]=1;
+@@ -918,7 +926,12 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_DSA
+ if (strcmp(*argv,"dsa") == 0)
+ {
++#ifdef OPENSSL_FIPS
++ if (!FIPS_mode())
++#endif
++ {
+ dsa_doit[R_DSA_512]=1;
++ }
+ dsa_doit[R_DSA_1024]=1;
+ dsa_doit[R_DSA_2048]=1;
+ }
+@@ -1193,30 +1206,54 @@ int MAIN(int argc, char **argv)
+ AES_set_encrypt_key(key32,256,&aes_ks3);
+ #endif
+ #ifndef OPENSSL_NO_CAMELLIA
++ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML])
++ {
+ Camellia_set_key(key16,128,&camellia_ks1);
+ Camellia_set_key(ckey24,192,&camellia_ks2);
+ Camellia_set_key(ckey32,256,&camellia_ks3);
++ }
+ #endif
+ #ifndef OPENSSL_NO_IDEA
++ if (doit[D_CBC_IDEA])
++ {
+ idea_set_encrypt_key(key16,&idea_ks);
++ }
+ #endif
+ #ifndef OPENSSL_NO_SEED
++ if (doit[D_CBC_SEED])
++ {
+ SEED_set_key(key16,&seed_ks);
++ }
+ #endif
+ #ifndef OPENSSL_NO_RC4
++ if (doit[D_RC4])
++ {
+ RC4_set_key(&rc4_ks,16,key16);
++ }
+ #endif
+ #ifndef OPENSSL_NO_RC2
++ if (doit[D_CBC_RC2])
++ {
+ RC2_set_key(&rc2_ks,16,key16,128);
++ }
+ #endif
+ #ifndef OPENSSL_NO_RC5
++ if (doit[D_CBC_RC5])
++ {
+ RC5_32_set_key(&rc5_ks,16,key16,12);
++ }
+ #endif
+ #ifndef OPENSSL_NO_BF
++ if (doit[D_CBC_BF])
++ {
+ BF_set_key(&bf_ks,16,key16);
++ }
+ #endif
+ #ifndef OPENSSL_NO_CAST
++ if (doit[D_CBC_CAST])
++ {
+ CAST_set_key(&cast_ks,16,key16);
++ }
+ #endif
+ #ifndef OPENSSL_NO_RSA
+ memset(rsa_c,0,sizeof(rsa_c));
diff --git a/openssl.spec b/openssl.spec
index 0d07c4e..97b7fec 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0c
-Release: 1%{?dist}
+Release: 2%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@@ -62,6 +62,8 @@ Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
Patch51: openssl-1.0.0c-version.patch
Patch52: openssl-1.0.0b-aesni.patch
Patch53: openssl-1.0.0-name-hash.patch
+Patch54: openssl-1.0.0c-speed-fips.patch
+Patch55: openssl-1.0.0c-apps-ipv6listen.patch
# Backported fixes including security fixes
License: OpenSSL
@@ -144,6 +146,8 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch51 -p1 -b .version
%patch52 -p1 -b .aesni
%patch53 -p1 -b .name-hash
+%patch54 -p1 -b .spfips
+%patch55 -p1 -b .ipv6listen
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -393,6 +397,12 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Mon Jan 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0c-2
+- listen on ipv6 wildcard in s_server so we accept connections
+ from both ipv4 and ipv6 (#601612)
+- fix openssl speed command so it can be used in the FIPS mode
+ with FIPS allowed ciphers
+
* Fri Dec 3 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0c-1
- new upstream version fixing CVE-2010-4180
reply other threads:[~2026-06-09 12:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100894179.1.11150845118675742279.rpms-openssl-09127ac54a2e@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox