[openssl] use version-release in .hmac suffix to avoid overwrite during upgrade

Tomáš Mráz tmraz at fedoraproject.org
Mon Sep 2 13:02:32 UTC 2013 

commit 850ca72b9a0005d89d334eed2a68dd40892ce29c
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Mon Sep 2 15:02:18 2013 +0200

    use version-release in .hmac suffix to avoid overwrite during upgrade

 openssl-1.0.1e-fips-ctor.patch |   27 ++++++++++++++++++++-------
 openssl.spec                   |   16 ++++++++++------
 2 files changed, 30 insertions(+), 13 deletions(-)
---
diff --git a/openssl-1.0.1e-fips-ctor.patch b/openssl-1.0.1e-fips-ctor.patch
index 71205fd..093a7f4 100644
--- a/openssl-1.0.1e-fips-ctor.patch
+++ b/openssl-1.0.1e-fips-ctor.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/fips.c
---- openssl-1.0.1e/crypto/fips/fips.c.fips-ctor	2013-08-27 15:44:08.000000000 +0200
-+++ openssl-1.0.1e/crypto/fips/fips.c	2013-08-29 11:13:04.279245656 +0200
+--- openssl-1.0.1e/crypto/fips/fips.c.fips-ctor	2013-09-02 14:20:26.853925144 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c	2013-09-02 14:22:18.082370680 +0200
 @@ -60,6 +60,8 @@
  #include <dlfcn.h>
  #include <stdio.h>
@@ -10,7 +10,20 @@ diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/
  #include "fips_locl.h"
  
  #ifdef OPENSSL_FIPS
-@@ -341,6 +343,32 @@ end:
+@@ -198,8 +200,10 @@ bin2hex(void *buf, size_t len)
+ 	return hex;
+ }
+ 
+-#define HMAC_PREFIX "." 
+-#define HMAC_SUFFIX ".hmac" 
++#define HMAC_PREFIX "."
++#ifndef HMAC_SUFFIX
++#define HMAC_SUFFIX ".hmac"
++#endif
+ #define READ_BUFFER_LENGTH 16384
+ 
+ static char *
+@@ -341,6 +345,32 @@ end:
  	return 1;	
  }
  
@@ -44,8 +57,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/
      {
      int ret = 0;
 diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ctor openssl-1.0.1e/crypto/fips/fips.h
---- openssl-1.0.1e/crypto/fips/fips.h.fips-ctor	2013-08-27 15:44:08.000000000 +0200
-+++ openssl-1.0.1e/crypto/fips/fips.h	2013-08-29 11:41:04.233049349 +0200
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ctor	2013-09-02 14:20:26.857925232 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-09-02 14:20:26.915926507 +0200
 @@ -74,6 +74,7 @@ struct hmac_ctx_st;
  
  int FIPS_module_mode_set(int onoff, const char *auth);
@@ -55,8 +68,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ctor openssl-1.0.1e/crypto/fips/
  int FIPS_selftest(void);
  int FIPS_selftest_failed(void);
 diff -up openssl-1.0.1e/crypto/o_init.c.fips-ctor openssl-1.0.1e/crypto/o_init.c
---- openssl-1.0.1e/crypto/o_init.c.fips-ctor	2013-08-27 15:44:09.000000000 +0200
-+++ openssl-1.0.1e/crypto/o_init.c	2013-08-29 11:39:37.760101734 +0200
+--- openssl-1.0.1e/crypto/o_init.c.fips-ctor	2013-09-02 14:20:26.894926046 +0200
++++ openssl-1.0.1e/crypto/o_init.c	2013-09-02 14:20:26.916926529 +0200
 @@ -73,6 +73,10 @@ static void init_fips_mode(void)
  	char buf[2] = "0";
  	int fd;
diff --git a/openssl.spec b/openssl.spec
index d62858e..cf908ed 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 18%{?dist}
+Release: 19%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -255,7 +255,7 @@ sslarch=linux-ppc64
 # marked as not requiring an executable stack.
 # Also add -DPURIFY to make using valgrind with openssl easier as we do not
 # want to depend on the uninitialized memory as a source of entropy anyway.
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY -DHMAC_SUFFIX=\\\".%{version}-%{release}.hmac\\\""
 make depend
 make all
 
@@ -290,10 +290,10 @@ make -C test apps tests
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
     %{__os_install_post} \
-    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
-    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
-    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
-    ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
+    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.%{version}-%{release}.hmac \
+    ln -sf .libcrypto.so.%{version}.%{version}-%{release}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.%{version}-%{release}.hmac \
+    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.%{version}-%{release}.hmac \
+    ln -sf .libssl.so.%{version}.%{version}-%{release}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.%{version}-%{release}.hmac \
 %{nil}
 
 %define __provides_exclude_from %{_libdir}/openssl
@@ -468,6 +468,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
 
 %changelog
+* Mon Sep  2 2013 Tomas Mraz <tmraz at redhat.com> 1.0.1e-19
+- use version-release in .hmac suffix to avoid overwrite
+  during upgrade
+
 * Thu Aug 29 2013 Tomas Mraz <tmraz at redhat.com> 1.0.1e-18
 - allow deinitialization of the FIPS mode

More information about the scm-commits mailing list