[openssl] correct openssl cms help output (#636266) more tolerant starttls detection in XMPP protocol (#608239
Tomáš Mráz
tmraz at fedoraproject.org
Tue Jul 26 11:02:31 UTC 2011
commit 0ed17c065246e0f0e33ce311790c7329b5e42a74
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue Jul 26 13:02:17 2011 +0200
correct openssl cms help output (#636266)
more tolerant starttls detection in XMPP protocol (#608239)
openssl-1.0.0d-cms-keyid.patch | 12 ++++++++++++
openssl-1.0.0d-xmpp-starttls.patch | 12 ++++++++++++
openssl.spec | 10 +++++++++-
3 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/openssl-1.0.0d-cms-keyid.patch b/openssl-1.0.0d-cms-keyid.patch
new file mode 100644
index 0000000..9fe9358
--- /dev/null
+++ b/openssl-1.0.0d-cms-keyid.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.0.0d/apps/cms.c.keyid openssl-1.0.0d/apps/cms.c
+--- openssl-1.0.0d/apps/cms.c.keyid 2009-10-18 16:42:26.000000000 +0200
++++ openssl-1.0.0d/apps/cms.c 2011-07-26 12:56:48.000000000 +0200
+@@ -618,7 +618,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-certsout file certificate output file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+- BIO_printf (bio_err, "-skeyid use subject key identifier\n");
++ BIO_printf (bio_err, "-keyid use subject key identifier\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
diff --git a/openssl-1.0.0d-xmpp-starttls.patch b/openssl-1.0.0d-xmpp-starttls.patch
new file mode 100644
index 0000000..b3999cc
--- /dev/null
+++ b/openssl-1.0.0d-xmpp-starttls.patch
@@ -0,0 +1,12 @@
+diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c
+--- openssl-1.0.0d.old/apps/s_client.c 2011-07-17 21:05:19.934181169 +0200
++++ openssl-1.0.0d/apps/s_client.c 2011-07-17 21:11:42.747824990 +0200
+@@ -1186,7 +1186,7 @@
+ "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+- while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
++ while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+ {
+ if (strstr(mbuf, "/stream:features>"))
+ goto shut;
diff --git a/openssl.spec b/openssl.spec
index 7f9d669..cb550c8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0d
-Release: 6%{?dist}
+Release: 7%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@@ -48,6 +48,7 @@ Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-0.9.8j-bad-mime.patch
Patch25: openssl-1.0.0a-manfix.patch
Patch26: openssl-1.0.0a-load-certs.patch
+Patch27: openssl-1.0.0d-cms-keyid.patch
# Functionality changes
Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch
@@ -75,6 +76,7 @@ Patch59: openssl-1.0.0c-pkcs12-fips-default.patch
Patch60: openssl-1.0.0d-apps-dgst.patch
Patch61: openssl-1.0.0d-cavs.patch
Patch62: openssl-1.0.0-fips-aesni.patch
+Patch63: openssl-1.0.0d-xmpp-starttls.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.0d-padlock64.patch
@@ -144,6 +146,7 @@ popd
%patch24 -p1 -b .bad-mime
%patch25 -p1 -b .manfix
%patch26 -p1 -b .load-certs
+%patch27 -p1 -b .keyid
%patch32 -p1 -b .ia64
%patch33 -p1 -b .ca-dir
@@ -171,6 +174,7 @@ popd
%patch60 -p1 -b .dgst
%patch61 -p1 -b .cavs
%patch62 -p1 -b .fips-aesni
+%patch63 -p1 -b .starttls
%patch81 -p1 -b .padlock64
@@ -434,6 +438,10 @@ popd
%postun -p /sbin/ldconfig
%changelog
+* Tue Jul 26 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-7
+- correct openssl cms help output (#636266)
+- more tolerant starttls detection in XMPP protocol (#608239)
+
* Wed Jul 20 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-6
- add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine
More information about the scm-commits
mailing list