[openssl] correct openssl cms help output (#636266) more tolerant starttls detection in XMPP protocol (#608239

Tomáš Mráz tmraz at fedoraproject.org
Tue Jul 26 11:02:31 UTC 2011 

commit 0ed17c065246e0f0e33ce311790c7329b5e42a74
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Tue Jul 26 13:02:17 2011 +0200

    correct openssl cms help output (#636266)
    more tolerant starttls detection in XMPP protocol (#608239)

 openssl-1.0.0d-cms-keyid.patch     |   12 ++++++++++++
 openssl-1.0.0d-xmpp-starttls.patch |   12 ++++++++++++
 openssl.spec                       |   10 +++++++++-
 3 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/openssl-1.0.0d-cms-keyid.patch b/openssl-1.0.0d-cms-keyid.patch
new file mode 100644
index 0000000..9fe9358
--- /dev/null
+++ b/openssl-1.0.0d-cms-keyid.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.0.0d/apps/cms.c.keyid openssl-1.0.0d/apps/cms.c
+--- openssl-1.0.0d/apps/cms.c.keyid	2009-10-18 16:42:26.000000000 +0200
++++ openssl-1.0.0d/apps/cms.c	2011-07-26 12:56:48.000000000 +0200
+@@ -618,7 +618,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-certsout file certificate output file\n");
+ 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
+ 		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
+-		BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
++		BIO_printf (bio_err, "-keyid         use subject key identifier\n");
+ 		BIO_printf (bio_err, "-in file       input file\n");
+ 		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+ 		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
diff --git a/openssl-1.0.0d-xmpp-starttls.patch b/openssl-1.0.0d-xmpp-starttls.patch
new file mode 100644
index 0000000..b3999cc
--- /dev/null
+++ b/openssl-1.0.0d-xmpp-starttls.patch
@@ -0,0 +1,12 @@
+diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c
+--- openssl-1.0.0d.old/apps/s_client.c	2011-07-17 21:05:19.934181169 +0200
++++ openssl-1.0.0d/apps/s_client.c	2011-07-17 21:11:42.747824990 +0200
+@@ -1186,7 +1186,7 @@
+ 		    "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ 		seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ 		mbuf[seen] = 0;
+-		while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
++		while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+ 			{
+ 			if (strstr(mbuf, "/stream:features>"))
+ 				goto shut;
diff --git a/openssl.spec b/openssl.spec
index 7f9d669..cb550c8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.0d
-Release: 6%{?dist}
+Release: 7%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
 Source: openssl-%{version}-usa.tar.bz2
@@ -48,6 +48,7 @@ Patch23: openssl-1.0.0-beta4-default-paths.patch
 Patch24: openssl-0.9.8j-bad-mime.patch
 Patch25: openssl-1.0.0a-manfix.patch
 Patch26: openssl-1.0.0a-load-certs.patch
+Patch27: openssl-1.0.0d-cms-keyid.patch
 # Functionality changes
 Patch32: openssl-0.9.8g-ia64.patch
 Patch33: openssl-1.0.0-beta4-ca-dir.patch
@@ -75,6 +76,7 @@ Patch59: openssl-1.0.0c-pkcs12-fips-default.patch
 Patch60: openssl-1.0.0d-apps-dgst.patch
 Patch61: openssl-1.0.0d-cavs.patch
 Patch62: openssl-1.0.0-fips-aesni.patch
+Patch63: openssl-1.0.0d-xmpp-starttls.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.0d-padlock64.patch
 
@@ -144,6 +146,7 @@ popd
 %patch24 -p1 -b .bad-mime
 %patch25 -p1 -b .manfix
 %patch26 -p1 -b .load-certs
+%patch27 -p1 -b .keyid
 
 %patch32 -p1 -b .ia64
 %patch33 -p1 -b .ca-dir
@@ -171,6 +174,7 @@ popd
 %patch60 -p1 -b .dgst
 %patch61 -p1 -b .cavs
 %patch62 -p1 -b .fips-aesni
+%patch63 -p1 -b .starttls
 
 %patch81 -p1 -b .padlock64
 
@@ -434,6 +438,10 @@ popd
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Jul 26 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-7
+- correct openssl cms help output (#636266)
+- more tolerant starttls detection in XMPP protocol (#608239)
+
 * Wed Jul 20 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-6
 - add support for newest Intel acceleration improvements backported
   from upstream by Intel in form of a separate engine

More information about the scm-commits mailing list