Re: [CVS] OpenPKG: openpkg-src/openssl/ openssl.patch
On Wed, Oct 17, 2007, Ralf S. Engelschall wrote: OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 17-Oct-2007 10:01:05 Branch: HEAD Handle: 2007101709010400 Modified files: openpkg-src/openssl openssl.patch Log: fix patching Thanks! (was just building a fixed version but you has been faster ;) Do you fix openpkg as well? -cs __ OpenPKG http://openpkg.org Developer Communication List openpkg-dev@openpkg.org
Re: [CVS] OpenPKG: openpkg-src/openssl/ openssl.patch
On Wed, Oct 17, 2007, Christoph Schug wrote: On Wed, Oct 17, 2007, Ralf S. Engelschall wrote: OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 17-Oct-2007 10:01:05 Branch: HEAD Handle: 2007101709010400 Modified files: openpkg-src/openssl openssl.patch Log: fix patching Thanks! (was just building a fixed version but you has been faster ;) Do you fix openpkg as well? Thanks, fixed openpkg just appeared on my radar as well -cs __ OpenPKG http://openpkg.org Developer Communication List openpkg-dev@openpkg.org
Re: [CVS] OpenPKG: openpkg-src/openssl/ openssl.patch
On Wed, Oct 17, 2007, Christoph Schug wrote: On Wed, Oct 17, 2007, Christoph Schug wrote: On Wed, Oct 17, 2007, Ralf S. Engelschall wrote: OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 17-Oct-2007 10:01:05 Branch: HEAD Handle: 2007101709010400 Modified files: openpkg-src/openssl openssl.patch Log: fix patching Thanks! (was just building a fixed version but you has been faster ;) Do you fix openpkg as well? Thanks, fixed openpkg just appeared on my radar as well But it was still broken as today I seem unable to create correct patches. Now fixed. Should be available online in about 5 minutes. Then you can retry with the fixed bootstrap package. Sorry for the inconveniences... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ OpenPKG http://openpkg.org Developer Communication List openpkg-dev@openpkg.org
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 18-Mar-2004 09:23:42 Branch: HEAD Handle: 2004031808234101 Modified files: openpkg-src/openssl openssl.patch openssl.spec Log: SA-2004.007-openssl; CAN-2004-0079, CAN-2004-0112 Summary: RevisionChanges Path 1.14+0 -48 openpkg-src/openssl/openssl.patch 1.52+2 -2 openpkg-src/openssl/openssl.spec patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.patch $ cvs diff -u -r1.13 -r1.14 openssl.patch --- openpkg-src/openssl/openssl.patch 1 Oct 2003 20:12:19 - 1.13 +++ openpkg-src/openssl/openssl.patch 18 Mar 2004 08:23:41 - 1.14 @@ -22,51 +22,3 @@ =head1 DESCRIPTION -Index: doc/crypto/ui.pod doc/crypto/ui.pod.orig 2001-10-25 18:55:17.0 +0200 -+++ doc/crypto/ui.pod2003-10-01 22:07:42.0 +0200 -@@ -5,7 +5,7 @@ - UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, - UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, - UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, --UI_add_error_string, UI_dup_error_string, UI_construct_prompt -+UI_add_error_string, UI_dup_error_string, UI_construct_prompt, - UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, - UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, - UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface -Index: doc/crypto/EVP_DigestInit.pod doc/crypto/EVP_DigestInit.pod.orig 2002-07-18 20:55:04.0 +0200 -+++ doc/crypto/EVP_DigestInit.pod2003-10-01 22:08:09.0 +0200 -@@ -4,7 +4,7 @@ - - EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, - EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, --EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, - EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, - EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, - EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - -Index: Makefile.ssl Makefile.ssl.orig2003-09-30 14:38:13.0 +0200 -+++ Makefile.ssl 2003-10-01 22:06:50.0 +0200 -@@ -834,7 +834,7 @@ - fi; \ - fi - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig --chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig -+chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc - - install_docs: - @$(PERL) $(TOP)/util/mkdir-p.pl \ -Index: Makefile.org Makefile.org.orig2003-08-11 11:37:17.0 +0200 -+++ Makefile.org 2003-10-01 22:06:50.0 +0200 -@@ -832,7 +832,7 @@ - fi; \ - fi - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig --chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig -+chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc - - install_docs: - @$(PERL) $(TOP)/util/mkdir-p.pl \ @@ . patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.spec $ cvs diff -u -r1.51 -r1.52 openssl.spec --- openpkg-src/openssl/openssl.spec 7 Feb 2004 17:57:18 - 1.51 +++ openpkg-src/openssl/openssl.spec 18 Mar 2004 08:23:42 - 1.52 @@ -33,8 +33,8 @@ Class:CORE Group:Cryptography License: BSD-style -Version: 0.9.7c -Release: 20040207 +Version: 0.9.7d +Release: 20040318 # package options %option with_zlib no @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 30-Sep-2003 14:44:31
Branch: HEAD Handle: 2003093013442902
Modified files:
openpkg-src/openssl openssl.patch openssl.spec
openpkg-web news.txt
Log:
SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
Summary:
RevisionChanges Path
1.12+66 -0 openpkg-src/openssl/openssl.patch
1.47+1 -1 openpkg-src/openssl/openssl.spec
1.6790 +1 -0 openpkg-web/news.txt
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.patch
$ cvs diff -u -r1.11 -r1.12 openssl.patch
--- openpkg-src/openssl/openssl.patch 6 Aug 2003 08:52:45 - 1.11
+++ openpkg-src/openssl/openssl.patch 30 Sep 2003 12:44:31 - 1.12
@@ -9,3 +9,69 @@
{
next loop if (($p%$primes[$i]) == 0);
}
+
+-
+
+Security Bugfixes
+OpenPKG-SA-2003.044-openssl
+http://www.openssl.org/news/secadv_20030930.txt
+CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
+
+--- crypto/asn1/asn1_lib.c Sun Sep 28 14:20:55 2003
crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003
+@@ -104,10 +104,12 @@
+ l=7L;
+ l|= *(p++)0x7f;
+ if (--max == 0) goto err;
++if (l (INT_MAX 7L)) goto err;
+ }
+ l=7L;
+ l|= *(p++)0x7f;
+ tag=(int)l;
++if (--max == 0) goto err;
+ }
+ else
+ {
+--- crypto/asn1/tasn_dec.c Sun Sep 28 14:20:55 2003
crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003
+@@ -691,6 +691,7 @@
+
+ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
*free_cont, const ASN1_ITEM *it)
+ {
++ASN1_VALUE **opval = NULL;
+ ASN1_STRING *stmp;
+ ASN1_TYPE *typ = NULL;
+ int ret = 0;
+@@ -705,6 +706,7 @@
+ *pval = (ASN1_VALUE *)typ;
+ } else typ = (ASN1_TYPE *)*pval;
+ if(utype != typ-type) ASN1_TYPE_set(typ, utype, NULL);
++opval = pval;
+ pval = (ASN1_VALUE **)typ-value.ptr;
+ }
+ switch(utype) {
+@@ -796,7 +798,12 @@
+
+ ret = 1;
+ err:
+-if(!ret) ASN1_TYPE_free(typ);
++if(!ret)
++{
++ASN1_TYPE_free(typ);
++if (opval)
++*opval = NULL;
++}
+ return ret;
+ }
+
+--- crypto/x509/x509_vfy.c Sun Sep 28 14:20:55 2003
crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003
+@@ -674,7 +674,7 @@
+ ok=(*cb)(0,ctx);
+ if (!ok) goto end;
+ }
+-if (X509_verify(xs,pkey) = 0)
++else if (X509_verify(xs,pkey) = 0)
+ /* XXX For the final trusted self-signed cert,
+ * this is a waste of time. That check should
+ * optional so that e.g. 'openssl x509' can be
@@ .
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.spec
$ cvs diff -u -r1.46 -r1.47 openssl.spec
--- openpkg-src/openssl/openssl.spec 6 Aug 2003 08:52:45 - 1.46
+++ openpkg-src/openssl/openssl.spec 30 Sep 2003 12:44:31 - 1.47
@@ -33,7 +33,7 @@
Group:Cryptography
License: BSD-style
Version: 0.9.7b
-Release: 20030806
+Release: 20030930
# package options
%option with_zlib no
@@ .
patch -p0 '@@ .'
Index: openpkg-web/news.txt
$ cvs diff -u -r1.6789 -r1.6790 news.txt
--- openpkg-web/news.txt 29 Sep 2003 19:09:19 - 1.6789
+++ openpkg-web/news.txt 30 Sep 2003 12:44:29 - 1.6790
@@ -1,3 +1,4 @@
+30-Sep-2003: Upgraded package: Popenssl-0.9.7b-20030930
29-Sep-2003: New package: Pvile-9.4-20030929
29-Sep-2003: Upgraded package: Paegis-4.12-20030929
29-Sep-2003: Upgraded package: Pperl-xml-20030929-20030929
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 06-Aug-2003 10:52:45
Branch: HEAD Handle: 2003080609524302
Added files:
openpkg-src/openssl openssl.patch
Modified files:
openpkg-src/openssl openssl.spec
openpkg-web news.txt
Log:
not all platform like zero modulus operations, so fix the loop
Summary:
RevisionChanges Path
1.11+11 -0 openpkg-src/openssl/openssl.patch
1.46+3 -1 openpkg-src/openssl/openssl.spec
1.6052 +1 -0 openpkg-web/news.txt
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.patch
$ cvs diff -u -r0 -r1.11 openssl.patch
--- /dev/null 2003-08-06 10:52:45.0 +0200
+++ openssl.patch 2003-08-06 10:52:45.0 +0200
@@ -0,0 +1,11 @@
+--- crypto/bn/bn_prime.pl.orig Wed Feb 16 14:24:06 2000
crypto/bn/bn_prime.plWed Aug 6 10:49:34 2003
+@@ -11,7 +11,7 @@
+ $p+=2;
+ $s=int(sqrt($p));
+
+-for ($i=0; $primes[$i]=$s; $i++)
++for ($i=0; defined($primes[$i]) $primes[$i]=$s; $i++)
+ {
+ next loop if (($p%$primes[$i]) == 0);
+ }
@@ .
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.spec
$ cvs diff -u -r1.45 -r1.46 openssl.spec
--- openpkg-src/openssl/openssl.spec 23 Jul 2003 13:32:09 - 1.45
+++ openpkg-src/openssl/openssl.spec 6 Aug 2003 08:52:45 - 1.46
@@ -33,7 +33,7 @@
Group:Cryptography
License: BSD-style
Version: 0.9.7b
-Release: 20030723
+Release: 20030806
# package options
%option with_zlib no
@@ -42,6 +42,7 @@
# list of sources
Source0: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
+Patch0: openssl.patch
# build information
Prefix: %{l_prefix}
@@ -62,6 +63,7 @@
%prep
%setup -q
+%patch -p0
%{l_shtool} subst \
-e 's;-m486;-march=i486;g' \
-e 's;-DZLIB;%{l_cppflags} -DZLIB;' \
@@ .
patch -p0 '@@ .'
Index: openpkg-web/news.txt
$ cvs diff -u -r1.6051 -r1.6052 news.txt
--- openpkg-web/news.txt 6 Aug 2003 07:13:45 - 1.6051
+++ openpkg-web/news.txt 6 Aug 2003 08:52:43 - 1.6052
@@ -1,3 +1,4 @@
+06-Aug-2003: Upgraded package: Popenssl-0.9.7b-20030806
06-Aug-2003: Upgraded package: Pdelegate-8.5.9-20030806
06-Aug-2003: Upgraded package: Ppgadmin-0.8.0.20030806-20030806
06-Aug-2003: Upgraded package: Ppv-0.6.2-20030806
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 20-Mar-2003 20:54:08
Branch: HEAD Handle: 2003032019540701
Modified files:
openpkg-src/openssl openssl.patch openssl.spec
openpkg-web news.txt
Log:
include OpenSSL security fix (OpenPKG-SA-2003.026-openssl)
Summary:
RevisionChanges Path
1.9 +56 -0 openpkg-src/openssl/openssl.patch
1.40+1 -1 openpkg-src/openssl/openssl.spec
1.3748 +1 -0 openpkg-web/news.txt
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.patch
$ cvs diff -u -r1.8 -r1.9 openssl.patch
--- openpkg-src/openssl/openssl.patch 17 Mar 2003 14:30:21 - 1.8
+++ openpkg-src/openssl/openssl.patch 20 Mar 2003 19:54:08 - 1.9
@@ -75,3 +75,59 @@
}
void RSA_set_default_method(const RSA_METHOD *meth)
+Index: ssl/s3_srvr.c
+
+$ cvs diff -u -r1.104 -r1.105 s3_srvr.c
+--- ssl/s3_srvr.c28 Feb 2003 15:37:10 - 1.104
ssl/s3_srvr.c19 Mar 2003 19:19:53 - 1.105
+@@ -1684,7 +1684,7 @@
+ if (i != SSL_MAX_MASTER_KEY_LENGTH)
+ {
+ al=SSL_AD_DECODE_ERROR;
+-
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
++/*
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
+ }
+
+ if ((al == -1) !((p[0] == (s-client_version8)) (p[1] ==
(s-client_version 0xff
+@@ -1700,30 +1700,29 @@
+ (p[0] == (s-version8)) (p[1] == (s-version
0xff
+ {
+ al=SSL_AD_DECODE_ERROR;
+-
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+-goto f_err;
++/*
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
++
++/* The Klima-Pokorny-Rosa extension of
Bleichenbacher's attack
++ * (http://eprint.iacr.org/2003/052/) exploits the
version
++ * number check as a bad version oracle -- an alert
would
++ * reveal that the plaintext corresponding to some
ciphertext
++ * made up by the adversary is properly formatted
except
++ * that the version number is wrong. To avoid such
attacks,
++ * we should treat this just like any other decryption
error. */
++p[0] = (char)(int) CAN-2003-0131 patch 2003-03-20;
+ }
+ }
+
+ if (al != -1)
+ {
+-#if 0
+-goto f_err;
+-#else
+ /* Some decryption failure -- use random value instead as
countermeasure
+ * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
+- * (see RFC 2246, section 7.4.7.1).
+- * But note that due to length and protocol version checking,
the
+- * attack is impractical anyway (see section 5 in D.
Bleichenbacher:
+- * Chosen Ciphertext Attacks Against Protocols Based on the
RSA
+- * Encryption Standard PKCS #1, CRYPTO '98, LNCS 1462, pp.
1-12).
+- */
++ * (see RFC 2246, section 7.4.7.1). */
+ ERR_clear_error();
+ i = SSL_MAX_MASTER_KEY_LENGTH;
+ p[0] = s-client_version 8;
+ p[1] = s-client_version 0xff;
+ RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we
cannot work around a failure */
+-#endif
+ }
+
+ s-session-master_key_length=
@@ .
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.spec
$ cvs diff -u -r1.39 -r1.40 openssl.spec
--- openpkg-src/openssl/openssl.spec 17 Mar 2003 14:30:21 - 1.39
+++ openpkg-src/openssl/openssl.spec 20 Mar 2003 19:54:08 - 1.40
@@ -33,7 +33,7 @@
Group:Cryptography
License: BSD-style
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 17-Mar-2003 15:30:22
Branch: HEAD Handle: 2003031714302001
Added files:
openpkg-src/openssl openssl.patch
Modified files:
openpkg-src/openssl openssl.spec
openpkg-web news.txt
Log:
apply official OpenSSL RSA blinding security patch
Summary:
RevisionChanges Path
1.8 +77 -0 openpkg-src/openssl/openssl.patch
1.39+3 -1 openpkg-src/openssl/openssl.spec
1.3708 +1 -0 openpkg-web/news.txt
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.patch
$ cvs diff -u -r0 -r1.8 openssl.patch
--- /dev/null 2003-03-17 15:30:22.0 +0100
+++ openssl.patch 2003-03-17 15:30:22.0 +0100
@@ -0,0 +1,77 @@
+Index: crypto/rsa/rsa_eay.c
+===
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.28.2.3
+diff -u -r1.28.2.3 rsa_eay.c
+--- crypto/rsa/rsa_eay.c 30 Jan 2003 17:37:46 - 1.28.2.3
crypto/rsa/rsa_eay.c 16 Mar 2003 10:34:13 -
+@@ -195,6 +195,25 @@
+ return(r);
+ }
+
++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
++{
++int ret = 1;
++CRYPTO_w_lock(CRYPTO_LOCK_RSA);
++/* Check again inside the lock - the macro's check is racey */
++if(rsa-blinding == NULL)
++ret = RSA_blinding_on(rsa, ctx);
++CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
++return ret;
++}
++
++#define BLINDING_HELPER(rsa, ctx, err_instr) \
++do { \
++if(((rsa)-flags RSA_FLAG_BLINDING) \
++((rsa)-blinding == NULL) \
++!rsa_eay_blinding(rsa, ctx)) \
++err_instr \
++} while(0)
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+@@ -239,8 +258,8 @@
+ goto err;
+ }
+
+-if ((rsa-flags RSA_FLAG_BLINDING) (rsa-blinding == NULL))
+-RSA_blinding_on(rsa,ctx);
++BLINDING_HELPER(rsa, ctx, goto err;);
++
+ if (rsa-flags RSA_FLAG_BLINDING)
+ if (!BN_BLINDING_convert(f,rsa-blinding,ctx)) goto err;
+
+@@ -318,8 +337,8 @@
+ goto err;
+ }
+
+-if ((rsa-flags RSA_FLAG_BLINDING) (rsa-blinding == NULL))
+-RSA_blinding_on(rsa,ctx);
++BLINDING_HELPER(rsa, ctx, goto err;);
++
+ if (rsa-flags RSA_FLAG_BLINDING)
+ if (!BN_BLINDING_convert(f,rsa-blinding,ctx)) goto err;
+
+Index: crypto/rsa/rsa_lib.c
+===
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
+retrieving revision 1.30.2.2
+diff -u -r1.30.2.2 rsa_lib.c
+--- crypto/rsa/rsa_lib.c 30 Jan 2003 17:37:46 - 1.30.2.2
crypto/rsa/rsa_lib.c 16 Mar 2003 10:34:13 -
+@@ -72,7 +72,13 @@
+
+ RSA *RSA_new(void)
+ {
+-return(RSA_new_method(NULL));
++RSA *r=RSA_new_method(NULL);
++
++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
++r-flags|=RSA_FLAG_BLINDING;
++#endif
++
++return r;
+ }
+
+ void RSA_set_default_method(const RSA_METHOD *meth)
@@ .
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.spec
$ cvs diff -u -r1.38 -r1.39 openssl.spec
--- openpkg-src/openssl/openssl.spec 19 Feb 2003 14:03:47 - 1.38
+++ openpkg-src/openssl/openssl.spec 17 Mar 2003 14:30:21 - 1.39
@@ -33,10 +33,11 @@
Group:Cryptography
License: BSD-style
Version: 0.9.7a
-Release: 20030219
+Release: 20030317
# list of sources
Source0: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
+Patch0: openssl.patch
# build information
Prefix: %{l_prefix}
@@ -57,6 +58,7 @@
%prep
%setup -q
+%patch -p0
%{l_shtool} subst -e 's;-m486;-march=i486;g' Configure
%{l_shtool} subst -e 's;test $OSTYPE = msdosdjgpp;true;' util/point.sh
@@ .
patch -p0 '@@ .'
Index: openpkg-web/news.txt
$ cvs diff -u -r1.3707 -r1.3708 news.txt
--- openpkg-web/news.txt 17 Mar 2003 12:46:33 - 1.3707
+++
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 31-Dec-2002 10:56:24
Branch: HEAD Handle: 2002123109562301
Modified files:
openpkg-src/openssl openssl.spec
openpkg-web news.txt
Removed files:
openpkg-src/openssl openssl.patch
Log:
Upgrade to OpenSSL 0.9.7!
This is not a small upgrade as with the 0.9.6x versions, hence I
performed a full rebuild-test of all packages which depend on openssl.
The result is promising:
1. packages which failed (I'll investigate):
- w3m/w3m.spec (https://www.openssl.org/ - Segmentation fault (core dumped))
- curl/curl.spec (conflicting types for `ENGINE')
- imapd/imapd.spec ( Cannot continue without libsasl2. because of DES API
changes in OpenSSL and hence sasl)
- rdesktop/rdesktop.spec (/cw/include/openssl/bn.h:234: parse error before
BN_ULONG)
2. packages which failed, but not because of OpenSSL:
. cadaver/cadaver.spec (multiple definition of `optarg')
. cpu/cpu.spec (undefined reference to `ldap_init')
. dsniff/dsniff.spec (`ETH_H' undeclared (first use in this function)
3. packages which compiles correctly:
+ apache/apache.spec
+ bind/bind.spec
+ c-client/c-client.spec
+ cfengine/cfengine.spec
+ easysoap/easysoap.spec
+ ethereal/ethereal.spec
+ exim/exim.spec (but: tls-openssl.c:343: warning: assignment from incompatible
pointer type)
+ fetchmail/fetchmail.spec
+ inn/inn.spec
+ linc/linc.spec
+ links/links.spec
+ lynx/lynx.spec
+ mozilla/mozilla.spec
+ mutt/mutt.spec
+ neon/neon.spec
+ openldap/openldap.spec
+ openssh/openssh.spec
+ openvpn/openvpn.spec
+ perl-ssl/perl-ssl.spec
+ postfix/postfix.spec
+ postgresql/postgresql.spec
+ qpopper/qpopper.spec
+ samba/samba.spec
+ sasl/sasl.spec
+ scanssh/scanssh.spec
+ sendmail/sendmail.spec
+ siege/siege.spec
+ sitecopy/sitecopy.spec
+ snmp/snmp.spec
+ socat/socat.spec
+ stunnel/stunnel.spec
+ subversion/subversion.spec
+ sysmon/sysmon.spec
+ tcpdump/tcpdump.spec
+ wget/wget.spec
Summary:
RevisionChanges Path
1.7 +0 -31 openpkg-src/openssl/openssl.patch
1.35+7 -7 openpkg-src/openssl/openssl.spec
1.2475 +1 -0 openpkg-web/news.txt
rm -f openpkg-src/openssl/openssl.patch '@@ .'
Index: openpkg-src/openssl/openssl.patch
[NO CHANGE SUMMARY BECAUSE FILE AS A WHOLE IS JUST REMOVED]
@@ .
patch -p0 '@@ .'
Index: openpkg-src/openssl/openssl.spec
$ cvs diff -u -r1.34 -r1.35 openssl.spec
--- openpkg-src/openssl/openssl.spec 30 Dec 2002 22:05:39 - 1.34
+++ openpkg-src/openssl/openssl.spec 31 Dec 2002 09:56:24 - 1.35
@@ -32,18 +32,17 @@
Distribution: OpenPKG [CORE]
Group:Cryptography
License: BSD-style
-Version: 0.9.6h
-Release: 20021209
+Version: 0.9.7
+Release: 20021231
# list of sources
Source0: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
-Patch0: openssl.patch
# build information
Prefix: %{l_prefix}
BuildRoot:%{l_buildroot}
-BuildPreReq: OpenPKG, openpkg = 20020206, perl, make, gcc
-PreReq: OpenPKG, openpkg = 20020206
+BuildPreReq: OpenPKG, openpkg = 20021230, perl, make, gcc
+PreReq: OpenPKG, openpkg = 20021230
AutoReq: no
AutoReqProv: no
@@ -60,8 +59,8 @@
%prep
%setup -q
-%patch0 -p0
%{l_shtool} subst -e 's;-m486;-march=i486;g' Configure
+%{l_shtool} subst -e 's;test $OSTYPE = msdosdjgpp;true;' util/point.sh
%build
%{l_prefix}/bin/perl util/perlpath.pl %{l_prefix}/bin/perl
@@ -91,7 +90,8 @@
done )
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
-'%config %{l_prefix}/etc/openssl/openssl.cnf'
+'%config %{l_prefix}/etc/openssl/openssl.cnf' \
+'%not %dir %{l_prefix}/lib/pkgconfig'
%files -f files
@@ .
patch -p0 '@@ .'
Index: openpkg-web/news.txt
$ cvs diff -u -r1.2474 -r1.2475 news.txt
--- openpkg-web/news.txt 31 Dec 2002 09:52:11 - 1.2474
+++
[CVS] OpenPKG: openpkg-src/openssl openssl.patch openssl.spec openpkg-...
OpenPKG CVS Repository
http://www.openpkg.org/cvsweb/cvsweb.cgi
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web, openpkg-src Date: 30-Jun-2002 10:21:56
Branch: HEAD Handle: 2002063009215501
Modified files:
openpkg-src/openssl openssl.patch openssl.spec
openpkg-web news.txt
Log:
finally fix support for sparc64-NetBSD
Summary:
RevisionChanges Path
1.3 +1 -1 openpkg-src/openssl/openssl.patch
1.22+1 -1 openpkg-src/openssl/openssl.spec
1.854 +1 -0 openpkg-web/news.txt
Index: openpkg-src/openssl/openssl.patch
$ cvs diff -u -r1.2 -r1.3 openssl.patch
--- openpkg-src/openssl/openssl.patch 29 Jun 2002 07:59:53 - 1.2
+++ openpkg-src/openssl/openssl.patch 30 Jun 2002 08:21:56 - 1.3
@@ -66,7 +66,7 @@
linux-s390x, gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer
-Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
linux-ia64, gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer
-Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK
RC4_CHAR:asm/ia64.o:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
NetBSD-sparc, gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall
-DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX
DES_UNROLL::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
-+NetBSD-sparc64,gcc:-DTERMIOS -O3 -fomit-frame-pointer -m64 -mcpu=v9 -Wall
-DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX
DES_UNROLL::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
++NetBSD-sparc64,gcc:-DTERMIOS -O3 -fomit-frame-pointer -m64 -mcpu=v9 -Wall
-DB_ENDIAN::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR
DES_RISC1::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
NetBSD-m68, gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall
-DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX
DES_UNROLL::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
-NetBSD-x86, gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486
-Wall::(unknown)::BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
-FreeBSD-elf, gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486
-Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
Index: openpkg-src/openssl/openssl.spec
$ cvs diff -u -r1.21 -r1.22 openssl.spec
--- openpkg-src/openssl/openssl.spec 29 Jun 2002 07:59:53 - 1.21
+++ openpkg-src/openssl/openssl.spec 30 Jun 2002 08:21:56 - 1.22
@@ -33,7 +33,7 @@
Group:Cryptography
License: BSD-style
Version: 0.9.6d
-Release: 20020628
+Release: 20020630
# list of sources
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Index: openpkg-web/news.txt
$ cvs diff -u -r1.853 -r1.854 news.txt
--- openpkg-web/news.txt 30 Jun 2002 07:34:49 - 1.853
+++ openpkg-web/news.txt 30 Jun 2002 08:21:55 - 1.854
@@ -1,3 +1,4 @@
+30-Jun-2002: Upgraded package: Popenssl-0.9.6d-20020630
30-Jun-2002: Upgraded package: Pncurses-5.2.20020629-20020630
29-Jun-2002: Upgraded package: Pvim-6.1.117-20020629
29-Jun-2002: New package: Pmhonarc-2.5.8-20020629
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
