rpms/openssl/FC-4 openssl-0.9.7f-apps-initialize.patch, NONE, 1.1 openssl-0.9.7f-bn-ppc-div.patch, NONE, 1.1 openssl.spec, 1.57, 1.58
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Oct 12 09:55:46 UTC 2005
- Previous message (by thread): rpms/openssl/FC-4 openssl-0.9.7a-can-2005-2969.patch, NONE, 1.1 openssl-0.9.7a-dsa-consttime.patch, NONE, 1.1 openssl-0.9.7e-ICA_engine-jun142004.patch, NONE, 1.1 openssl.spec, 1.56, 1.57 openssl-0.9.7e-ICA_engine_apr292004.patch, 1.1, NONE
- Next message (by thread): rpms/tomcat5/devel tomcat5.spec,1.49,1.50
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/dist/rpms/openssl/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv9929
Modified Files:
openssl.spec
Added Files:
openssl-0.9.7f-apps-initialize.patch
openssl-0.9.7f-bn-ppc-div.patch
Log Message:
* Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.10
- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which
disables the countermeasure against man in the middle attack in SSLv2
(#169863)
- more fixes for constant time/memory access for DSA signature algorithm
- updated ICA engine patch
- ca-bundle.crt should be config(noreplace)
- add *.so.soversion as symlinks in /lib (#165264)
- remove unpackaged symlinks (#159595)
- fixes from upstream (bn assembler div on ppc arch,
initialize memory on realloc)
openssl-0.9.7f-apps-initialize.patch:
apps.c | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
--- NEW FILE openssl-0.9.7f-apps-initialize.patch ---
openssl/apps/apps.c 1.49.2.32 -> 1.49.2.33
--- openssl/apps/apps.c 2005/06/27 16:00:57 1.49.2.32
+++ openssl/apps/apps.c 2005/07/01 16:13:06 1.49.2.33
@@ -361,10 +361,17 @@
/* The start of something good :-) */
if (num >= arg->count)
{
- arg->count+=20;
- arg->data=(char **)OPENSSL_realloc(arg->data,
- sizeof(char *)*arg->count);
- if (argc == 0) return(0);
+ char **tmp_p;
+ int tlen = arg->count + 20;
+ tmp_p = (char **)OPENSSL_realloc(arg->data,
+ sizeof(char *)*tlen);
+ if (tmp_p == NULL)
+ return 0;
+ arg->data = tmp_p;
+ arg->count = tlen;
+ /* initialize newly allocated data */
+ for (i = num; i < arg->count; i++)
+ arg->data[i] = NULL;
}
arg->data[num++]=p;
openssl-0.9.7f-bn-ppc-div.patch:
ppc.pl | 23 ++++++++++-------------
1 files changed, 10 insertions(+), 13 deletions(-)
--- NEW FILE openssl-0.9.7f-bn-ppc-div.patch ---
openssl/crypto/bn/asm/ppc.pl 1.1.6.1 -> 1.1.6.2
--- openssl/crypto/bn/asm/ppc.pl 2004/12/20 13:15:51 1.1.6.1
+++ openssl/crypto/bn/asm/ppc.pl 2005/07/03 09:24:35 1.1.6.2
@@ -116,7 +116,7 @@
$UDIV= "divwu"; # unsigned divide
$UCMPI= "cmplwi"; # unsigned compare with immediate
$UCMP= "cmplw"; # unsigned compare
- $COUNTZ="cntlzw"; # count leading zeros
+ $CNTLZ= "cntlzw"; # count leading zeros
$SHL= "slw"; # shift left
$SHR= "srw"; # unsigned shift right
$SHRI= "srwi"; # unsigned shift right by immediate
@@ -124,6 +124,7 @@
$CLRU= "clrlwi"; # clear upper bits
$INSR= "insrwi"; # insert right
$ROTL= "rotlwi"; # rotate left by immediate
+ $TR= "tw"; # conditional trap
} elsif ($opf =~ /64\.s/) {
$BITS= 64;
$BNSZ= $BITS/8;
@@ -139,7 +140,7 @@
$UDIV= "divdu"; # unsigned divide
$UCMPI= "cmpldi"; # unsigned compare with immediate
$UCMP= "cmpld"; # unsigned compare
- $COUNTZ="cntlzd"; # count leading zeros
+ $CNTLZ= "cntlzd"; # count leading zeros
$SHL= "sld"; # shift left
$SHR= "srd"; # unsigned shift right
$SHRI= "srdi"; # unsigned shift right by immediate
@@ -147,6 +148,7 @@
$CLRU= "clrldi"; # clear upper bits
$INSR= "insrdi"; # insert right
$ROTL= "rotldi"; # rotate left by immediate
+ $TR= "td"; # conditional trap
} else { die "nonsense $opf"; }
( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
@@ -1710,17 +1712,12 @@
bclr BO_ALWAYS,CR0_LT
Lppcasm_div1:
xor r0,r0,r0 #r0=0
- $COUNTZ r7,r5 #r7 = num leading 0s in d.
- subfic r8,r7,$BITS #r8 = BN_num_bits_word(d)
- cmpi 0,0,r8,$BITS #
- bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if (r8==$BITS)
- li r9,1 # r9=1
- $SHL r10,r9,r8 # r9<<=r8
- $UCMP 0,r3,r10 #
- bc BO_IF,CR0_GT,Lppcasm_div2 #or if (h > (1<<r8))
- $UDIV r3,r3,r0 #if not assert(0) divide by 0!
- #that's how we signal overflow
- bclr BO_ALWAYS,CR0_LT #return. NEVER REACHED.
+ li r8,$BITS
+ $CNTLZ. r7,r5 #r7 = num leading 0s in d.
+ bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros
+ subf r8,r7,r8 #r8 = BN_num_bits_word(d)
+ $SHR. r9,r3,r8 #are there any bits above r8'th?
+ $TR 16,r9,r0 #if there're, signal to dump core...
Lppcasm_div2:
$UCMP 0,r3,r5 #h>=d?
bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not
Index: openssl.spec
===================================================================
RCS file: /cvs/dist/rpms/openssl/FC-4/openssl.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- openssl.spec 12 Oct 2005 09:28:32 -0000 1.57
+++ openssl.spec 12 Oct 2005 09:55:40 -0000 1.58
@@ -22,7 +22,7 @@
Summary: The OpenSSL toolkit.
Name: openssl
Version: 0.9.7f
-Release: 7.1
+Release: 7.10
Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -54,6 +54,8 @@
Patch47: openssl-0.9.7f-can-2005-0109.patch
Patch48: openssl-0.9.7a-dsa-consttime.patch
Patch49: openssl-0.9.7a-can-2005-2969.patch
+Patch50: openssl-0.9.7f-bn-ppc-div.patch
+Patch51: openssl-0.9.7f-apps-initialize.patch
License: BSDish
Group: System Environment/Libraries
URL: http://www.openssl.org/
@@ -135,6 +137,11 @@
%patch46 -p1 -b .backport-097g
# CAN-2005-0109
%patch47 -p1 -b .modexp-consttime
+%patch48 -p1 -b .dsa-consttime
+# CAN-2005-2969
+%patch49 -p1 -b .ssl2-rollback
+%patch50 -p1 -b .ppc-div
+%patch51 -p1 -b .apps-initialize
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -237,7 +244,8 @@
for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
chmod 755 ${lib}
ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
- ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
+ ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
+ rm -f $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done
# Install a makefile for generating keys and self-signed certs, and a script
@@ -338,6 +346,8 @@
mv $RPM_BUILD_ROOT/%{_bindir}/libica.so $RPM_BUILD_ROOT/%{_libdir}/libica.so
cp -f include/ica_api.h $RPM_BUILD_ROOT%{_includedir}
popd
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{soversion}
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion}
%endif
%clean
@@ -366,6 +376,7 @@
%attr(0755,root,root) %{_bindir}/openssl
%attr(0755,root,root) /%{_lib}/*.so.%{version}
+%attr(0755,root,root) /%{_lib}/*.so.%{soversion}
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
@@ -398,13 +409,17 @@
%postun -p /sbin/ldconfig
%changelog
-* Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.1
+* Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.10
- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which
disables the countermeasure against man in the middle attack in SSLv2
(#169863)
- more fixes for constant time/memory access for DSA signature algorithm
- updated ICA engine patch
- ca-bundle.crt should be config(noreplace)
+- add *.so.soversion as symlinks in /lib (#165264)
+- remove unpackaged symlinks (#159595)
+- fixes from upstream (bn assembler div on ppc arch,
+ initialize memory on realloc)
* Thu May 19 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7
- fix CAN-2005-0109 - use constant time/memory access mod_exp
- Previous message (by thread): rpms/openssl/FC-4 openssl-0.9.7a-can-2005-2969.patch, NONE, 1.1 openssl-0.9.7a-dsa-consttime.patch, NONE, 1.1 openssl-0.9.7e-ICA_engine-jun142004.patch, NONE, 1.1 openssl.spec, 1.56, 1.57 openssl-0.9.7e-ICA_engine_apr292004.patch, 1.1, NONE
- Next message (by thread): rpms/tomcat5/devel tomcat5.spec,1.49,1.50
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list