[openssl] new upstream release 1.0.1h
Tomáš Mráz
tmraz at fedoraproject.org
Thu Jun 5 13:05:13 UTC 2014
commit 360a4bb67c524b4c6992af3132b9219933ba9caa
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Thu Jun 5 15:05:17 2014 +0200
new upstream release 1.0.1h
.gitignore | 1 +
openssl-1.0.1e-manfix.patch | 555 --------------------
openssl-1.0.1g-ssl-op-all.patch | 21 -
...v6-apps.patch => openssl-1.0.1h-ipv6-apps.patch | 59 ++-
openssl-1.0.1h-manfix.patch | 135 +++++
openssl.spec | 13 +-
sources | 2 +-
7 files changed, 180 insertions(+), 606 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 097821a..ded4230 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1e-usa.tar.xz
/openssl-1.0.1e-hobbled.tar.xz
/openssl-1.0.1g-hobbled.tar.xz
+/openssl-1.0.1h-hobbled.tar.xz
diff --git a/openssl-1.0.1c-ipv6-apps.patch b/openssl-1.0.1h-ipv6-apps.patch
similarity index 86%
rename from openssl-1.0.1c-ipv6-apps.patch
rename to openssl-1.0.1h-ipv6-apps.patch
index 41e0b36..db6b543 100644
--- a/openssl-1.0.1c-ipv6-apps.patch
+++ b/openssl-1.0.1h-ipv6-apps.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
---- openssl-1.0.1c/apps/s_apps.h.ipv6-apps 2012-07-11 22:46:02.409221206 +0200
-+++ openssl-1.0.1c/apps/s_apps.h 2012-07-11 22:46:02.451222165 +0200
+diff -up openssl-1.0.1h/apps/s_apps.h.ipv6-apps openssl-1.0.1h/apps/s_apps.h
+--- openssl-1.0.1h/apps/s_apps.h.ipv6-apps 2014-06-05 14:33:38.515668750 +0200
++++ openssl-1.0.1h/apps/s_apps.h 2014-06-05 14:33:38.540669335 +0200
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
@@ -23,10 +23,10 @@ diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
-diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
---- openssl-1.0.1c/apps/s_client.c.ipv6-apps 2012-07-11 22:46:02.433221754 +0200
-+++ openssl-1.0.1c/apps/s_client.c 2012-07-11 22:46:02.452222187 +0200
-@@ -563,7 +563,7 @@ int MAIN(int argc, char **argv)
+diff -up openssl-1.0.1h/apps/s_client.c.ipv6-apps openssl-1.0.1h/apps/s_client.c
+--- openssl-1.0.1h/apps/s_client.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
++++ openssl-1.0.1h/apps/s_client.c 2014-06-05 14:33:38.540669335 +0200
+@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
@@ -35,7 +35,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
-@@ -664,13 +664,12 @@ int MAIN(int argc, char **argv)
+@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
@@ -51,7 +51,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
-@@ -1253,7 +1252,7 @@ bad:
+@@ -1267,7 +1266,7 @@ bad:
re_start:
@@ -60,10 +60,10 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
-diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
---- openssl-1.0.1c/apps/s_server.c.ipv6-apps 2012-07-11 22:46:02.434221777 +0200
-+++ openssl-1.0.1c/apps/s_server.c 2012-07-11 22:46:02.453222210 +0200
-@@ -929,7 +929,7 @@ int MAIN(int argc, char *argv[])
+diff -up openssl-1.0.1h/apps/s_server.c.ipv6-apps openssl-1.0.1h/apps/s_server.c
+--- openssl-1.0.1h/apps/s_server.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
++++ openssl-1.0.1h/apps/s_server.c 2014-06-05 14:33:38.541669358 +0200
+@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
@@ -72,7 +72,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
-@@ -1000,8 +1000,7 @@ int MAIN(int argc, char *argv[])
+@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
@@ -82,7 +82,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
}
else if (strcmp(*argv,"-verify") == 0)
{
-@@ -1878,9 +1877,9 @@ bad:
+@@ -1892,9 +1891,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
@@ -94,9 +94,9 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
print_stats(bio_s_out,ctx);
ret=0;
end:
-diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
---- openssl-1.0.1c/apps/s_socket.c.ipv6-apps 2011-12-02 15:39:40.000000000 +0100
-+++ openssl-1.0.1c/apps/s_socket.c 2012-07-11 22:49:05.411400450 +0200
+diff -up openssl-1.0.1h/apps/s_socket.c.ipv6-apps openssl-1.0.1h/apps/s_socket.c
+--- openssl-1.0.1h/apps/s_socket.c.ipv6-apps 2014-06-05 11:44:33.000000000 +0200
++++ openssl-1.0.1h/apps/s_socket.c 2014-06-05 14:39:53.226442195 +0200
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
@@ -108,7 +108,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
-@@ -234,57 +232,70 @@ static int ssl_sock_init(void)
+@@ -234,57 +232,71 @@ static int ssl_sock_init(void)
return(1);
}
@@ -178,7 +178,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
{
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-- if (i < 0) { perror("keepalive"); return(0); }
+- if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
+ int i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
+ (char *)&i,sizeof(i));
@@ -207,6 +207,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
+ res = res->ai_next;
+ }
+ freeaddrinfo(res0);
++ closesocket(s);
+
+ perror(failed_call);
+ return(0);
@@ -216,7 +217,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
{
int sock;
char *name = NULL;
-@@ -322,33 +333,50 @@ int do_server(int port, int type, int *r
+@@ -322,33 +334,50 @@ int do_server(int port, int type, int *r
}
}
@@ -288,7 +289,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
-@@ -356,35 +384,49 @@ static int init_server_long(int *sock, i
+@@ -356,35 +385,49 @@ static int init_server_long(int *sock, i
(void *) &j, sizeof j);
}
#endif
@@ -355,7 +356,16 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
int len;
/* struct linger ling; */
-@@ -431,135 +473,58 @@ redoit:
+@@ -424,145 +467,66 @@ redoit:
+ ling.l_onoff=1;
+ ling.l_linger=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+- if (i < 0) { perror("linger"); return(0); }
++ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
+ i=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+- if (i < 0) { perror("keepalive"); return(0); }
++ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
*/
if (host == NULL) goto end;
@@ -384,6 +394,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
{
perror("OPENSSL_malloc");
+ closesocket(ret);
return(0);
}
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
@@ -392,11 +403,13 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
- if (h2 == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
+- closesocket(ret);
- return(0);
- }
- if (h2->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+- closesocket(ret);
- return(0);
- }
+ strcpy(*host, buffer);
diff --git a/openssl-1.0.1h-manfix.patch b/openssl-1.0.1h-manfix.patch
new file mode 100644
index 0000000..836f58f
--- /dev/null
+++ b/openssl-1.0.1h-manfix.patch
@@ -0,0 +1,135 @@
+diff -up openssl-1.0.1h/doc/apps/ec.pod.manfix openssl-1.0.1h/doc/apps/ec.pod
+--- openssl-1.0.1h/doc/apps/ec.pod.manfix 2014-06-05 11:41:31.000000000 +0200
++++ openssl-1.0.1h/doc/apps/ec.pod 2014-06-05 14:41:11.501274915 +0200
+@@ -93,10 +93,6 @@ prints out the public, private key compo
+
+ this option prevents output of the encoded version of the key.
+
+-=item B<-modulus>
+-
+-this option prints out the value of the public key component of the key.
+-
+ =item B<-pubin>
+
+ by default a private key is read from the input file: with this option a
+diff -up openssl-1.0.1h/doc/apps/openssl.pod.manfix openssl-1.0.1h/doc/apps/openssl.pod
+--- openssl-1.0.1h/doc/apps/openssl.pod.manfix 2014-06-05 11:41:31.000000000 +0200
++++ openssl-1.0.1h/doc/apps/openssl.pod 2014-06-05 14:41:11.501274915 +0200
+@@ -163,7 +163,7 @@ Create or examine a netscape certificate
+
+ Online Certificate Status Protocol utility.
+
+-=item L<B<passwd>|passwd(1)>
++=item L<B<passwd>|sslpasswd(1)>
+
+ Generation of hashed passwords.
+
+@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
+
+ Public key algorithm cryptographic operation utility.
+
+-=item L<B<rand>|rand(1)>
++=item L<B<rand>|sslrand(1)>
+
+ Generate pseudo-random bytes.
+
+@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
+ L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
+ L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+-L<passwd(1)|passwd(1)>,
++L<sslpasswd(1)|sslpasswd(1)>,
+ L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
++L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+ L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+ L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+diff -up openssl-1.0.1h/doc/apps/s_client.pod.manfix openssl-1.0.1h/doc/apps/s_client.pod
+--- openssl-1.0.1h/doc/apps/s_client.pod.manfix 2014-06-05 14:41:11.445273605 +0200
++++ openssl-1.0.1h/doc/apps/s_client.pod 2014-06-05 14:41:11.501274915 +0200
+@@ -33,9 +33,14 @@ B<openssl> B<s_client>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-bugs>]
+ [B<-cipher cipherlist>]
+ [B<-starttls protocol>]
+@@ -45,6 +50,7 @@ B<openssl> B<s_client>
+ [B<-sess_out filename>]
+ [B<-sess_in filename>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+
+ =head1 DESCRIPTION
+
+@@ -188,7 +194,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+@@ -249,6 +255,17 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a list of
++comma-separated protocol names that the client should advertise
++support for. The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++Empty list of protocols is treated specially and will cause the client to
++advertise support for the TLS extension but disconnect just after
++reciving ServerHello with a list of server supported protocols.
++
+ =back
+
+ =head1 CONNECTED COMMANDS
+diff -up openssl-1.0.1h/doc/apps/s_server.pod.manfix openssl-1.0.1h/doc/apps/s_server.pod
+--- openssl-1.0.1h/doc/apps/s_server.pod.manfix 2014-06-05 11:41:31.000000000 +0200
++++ openssl-1.0.1h/doc/apps/s_server.pod 2014-06-05 14:41:11.502274939 +0200
+@@ -55,6 +55,7 @@ B<openssl> B<s_server>
+ [B<-no_ticket>]
+ [B<-id_prefix arg>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+
+ =head1 DESCRIPTION
+
+@@ -207,7 +208,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+@@ -282,6 +283,14 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a
++comma-separated list of supported protocol names.
++The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++
+ =back
+
+ =head1 CONNECTED COMMANDS
diff --git a/openssl.spec b/openssl.spec
index 3179494..7e808d3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,8 +22,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.1g
-Release: 2%{?dist}
+Version: 1.0.1h
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -57,8 +57,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
Patch36: openssl-1.0.0e-doc-noeof.patch
-Patch38: openssl-1.0.1g-ssl-op-all.patch
-Patch39: openssl-1.0.1c-ipv6-apps.patch
+Patch39: openssl-1.0.1h-ipv6-apps.patch
Patch40: openssl-1.0.1g-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
@@ -74,7 +73,7 @@ Patch66: openssl-1.0.1-pkgconfig-krb5.patch
Patch68: openssl-1.0.1e-secure-getenv.patch
Patch69: openssl-1.0.1c-dh-1024.patch
Patch70: openssl-1.0.1e-fips-ec.patch
-Patch71: openssl-1.0.1e-manfix.patch
+Patch71: openssl-1.0.1h-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch
Patch74: openssl-1.0.1e-no-md5-verify.patch
@@ -179,7 +178,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch34 -p1 -b .x509
%patch35 -p1 -b .version-add-engines
%patch36 -p1 -b .doc-noeof
-%patch38 -p1 -b .op-all
%patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .fips
%patch45 -p1 -b .env-zlib
@@ -474,6 +472,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Jun 5 2014 Tomáš Mráz <tmraz at redhat.com> 1.0.1h-1
+- new upstream release 1.0.1h
+
* Sat May 31 2014 Peter Robinson <pbrobinson at fedoraproject.org> 1.0.1g-2
- Drop obsolete and irrelevant docs
- Move devel docs to appropriate package
diff --git a/sources b/sources
index 30690e0..5c377fa 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3de4f91702dfa545d577912a065fb250 openssl-1.0.1g-hobbled.tar.xz
+4ea0f231c61b9c66642176cdc033b386 openssl-1.0.1h-hobbled.tar.xz
More information about the scm-commits
mailing list