public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: apply properly revert SSL_read() behavior change - patch from upstream (#1394677)
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 3a8593870afda41424d6753c313bc0252090a248
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2016-11-30T14:29:59+01:00
Stats : +31/-2 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/3a8593870afda41424d6753c313bc0252090a248?branch=rebase_40beta
Log:
apply properly revert SSL_read() behavior change - patch from upstream (#1394677)
- fix behavior on client certificate request in renegotiation (#1393579)
---
diff --git a/openssl-1.1.0-cert-req.patch b/openssl-1.1.0-cert-req.patch
new file mode 100644
index 0000000..f448af0
--- /dev/null
+++ b/openssl-1.1.0-cert-req.patch
@@ -0,0 +1,21 @@
+diff -up openssl-1.1.0c/ssl/statem/statem.c.certreq openssl-1.1.0c/ssl/statem/statem.c
+--- openssl-1.1.0c/ssl/statem/statem.c.certreq 2016-11-10 15:03:46.000000000 +0100
++++ openssl-1.1.0c/ssl/statem/statem.c 2016-11-30 14:23:14.274758723 +0100
+@@ -361,6 +361,8 @@ static int state_machine(SSL *s, int ser
+ */
+ s->ctx->stats.sess_accept_renegotiate++;
+ }
++
++ s->s3->tmp.cert_request = 0;
+ } else {
+ s->ctx->stats.sess_connect++;
+
+@@ -368,7 +370,7 @@ static int state_machine(SSL *s, int ser
+ memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+ s->hit = 0;
+
+- s->s3->tmp.cert_request = 0;
++ s->s3->tmp.cert_req = 0;
+
+ if (SSL_IS_DTLS(s)) {
+ st->use_timer = 1;
diff --git a/openssl.spec b/openssl.spec
index 065f9f3..bb7d0ba 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.0c
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -60,6 +60,8 @@ Patch41: openssl-1.1.0-system-cipherlist.patch
Patch42: openssl-1.1.0-fips.patch
Patch43: openssl-1.1.0-afalg-eventfd2.patch
# Backported fixes including security fixes
+Patch60: openssl-1.1.0-sslread-revert.patch
+Patch61: openssl-1.1.0-cert-req.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -159,6 +161,9 @@ cp %{SOURCE13} test/
%patch42 -p1 -b .fips
%patch43 -p1 -b .eventfd2
+%patch60 -p1 -b .sslread-revert
+%patch61 -p1 -b .cert-req
+
%build
# Figure out which flags we want to use.
# default
@@ -425,8 +430,11 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
-* Tue Nov 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-2
+* Wed Nov 30 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-3
- revert SSL_read() behavior change - patch from upstream (#1394677)
+- fix behavior on client certificate request in renegotiation (#1393579)
+
+* Tue Nov 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-2
- EC curve NIST P-224 is now allowed, still kept disabled in TLS due
to less than optimal security
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: apply properly revert SSL_read() behavior change - patch from upstream (#1394677) Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox