Mon Dec 3 14:09:34 UTC 2007

Author: tmraz

Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9356

Modified Files:
	openssl.spec 
Added Files:
	openssl-0.9.8g-ipv6-apps.patch openssl-0.9.8g-redhat.patch 
	openssl-0.9.8g-soversion.patch 
Removed Files:
	openssl-0.9.7a-ssl-strict-matching.patch 
	openssl-0.9.8a-padlock.patch openssl-0.9.8a-redhat.patch 
	openssl-0.9.8a-use-poll.patch 
	openssl-0.9.8b-aes-cachecol.patch 
	openssl-0.9.8b-block-padding.patch 
	openssl-0.9.8b-bn-threadsafety.patch 
	openssl-0.9.8b-cve-2006-2937.patch 
	openssl-0.9.8b-cve-2006-2940.patch 
	openssl-0.9.8b-cve-2006-3738.patch 
	openssl-0.9.8b-cve-2006-4339.patch 
	openssl-0.9.8b-cve-2006-4343.patch 
	openssl-0.9.8b-cve-2007-3108.patch 
	openssl-0.9.8b-cve-2007-4995.patch 
	openssl-0.9.8b-cve-2007-5135.patch 
	openssl-0.9.8b-enc-bufsize.patch 
	openssl-0.9.8b-ipv6-apps.patch openssl-0.9.8b-pkcs12-fix.patch 
	openssl-0.9.8b-pkcs7-leak.patch openssl-0.9.8b-soversion.patch 
	openssl-0.9.8b-x509-add-dir.patch 
Log Message:
* Mon Nov  3 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8g-1
- update to latest upstream release, SONAME bumped to 7


openssl-0.9.8g-ipv6-apps.patch:

--- NEW FILE openssl-0.9.8g-ipv6-apps.patch ---
diff -up openssl-0.9.8g/apps/s_socket.c.ipv6-apps openssl-0.9.8g/apps/s_socket.c
--- openssl-0.9.8g/apps/s_socket.c.ipv6-apps	2005-06-13 05:21:00.000000000 +0200
+++ openssl-0.9.8g/apps/s_socket.c	2007-12-03 13:28:42.000000000 +0100
@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
 static void ssl_sock_cleanup(void);
 #endif
 static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_server(int *sock, char *port, int type);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
 
@@ -228,60 +226,69 @@ static int ssl_sock_init(void)
 	return(1);
 	}
 
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, char *port, int type)
 	{
-	unsigned char ip[4];
-	short p=0;
-
-	if (!host_ip(host,&(ip[0])))
-		{
-		return(0);
-		}
-	if (p != 0) port=p;
-	return(init_client_ip(sock,ip,port,type));
-	}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-	{
-	unsigned long addr;
-	struct sockaddr_in them;
-	int s,i;
+	struct addrinfo *res, *res0, hints;
+	char * failed_call = NULL;
+	int s;
+	int e;
 
 	if (!ssl_sock_init()) return(0);
 
-	memset((char *)&them,0,sizeof(them));
-	them.sin_family=AF_INET;
-	them.sin_port=htons((unsigned short)port);
-	addr=(unsigned long)
-		((unsigned long)ip[0]<<24L)|
-		((unsigned long)ip[1]<<16L)|
-		((unsigned long)ip[2]<< 8L)|
-		((unsigned long)ip[3]);
-	them.sin_addr.s_addr=htonl(addr);
-
-	if (type == SOCK_STREAM)
-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-	else /* ( type == SOCK_DGRAM) */
-		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-			
-	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+	memset(&hints, '\0', sizeof(hints));
+	hints.ai_socktype = type;
+	hints.ai_flags = AI_ADDRCONFIG;
+
+	e = getaddrinfo(host, port, &hints, &res);
+	if (e)
+	{
+		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+		if (e == EAI_SYSTEM)
+			perror("getaddrinfo");
+		return (0);
+		}
 
+	res0 = res;
+	while (res)
+		{
+		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+		if (s == INVALID_SOCKET)
+			{
+			failed_call = "socket";
+			goto nextres;
+			}
 #ifndef OPENSSL_SYS_MPE
 	if (type == SOCK_STREAM)
 		{
-		i=0;
-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-		if (i < 0) { perror("keepalive"); return(0); }
+			int i=0;
+			i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
+				(char *)&i,sizeof(i));
+			if (i < 0) {
+				failed_call = "keepalive";
+				goto nextres;
+				}
 		}
 #endif
-
-	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-		{ close(s); perror("connect"); return(0); }
+		if (connect(s,(struct sockaddr *)res->ai_addr,
+			res->ai_addrlen) == 0)
+			{
+			freeaddrinfo(res0);
 	*sock=s;
 	return(1);
 	}
+		failed_call = "socket";
+nextres:
+		if (s != INVALID_SOCKET)
+			close(s);
+		res = res->ai_next;
+		}
+	freeaddrinfo(res0);
 
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+	perror(failed_call);
+	return(0);
+	}
+
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
 	{
 	int sock;
 	char *name = NULL;
@@ -319,33 +326,38 @@ int do_server(int port, int type, int *r
 		}
 	}
 
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server(int *sock, char *port, int type)
 	{
-	int ret=0;
-	struct sockaddr_in server;
-	int s= -1,i;
+	struct addrinfo *res, *res0, hints;
+	char * failed_call = NULL;
+	char port_name[8];
+	int s;
+	int e;
 
 	if (!ssl_sock_init()) return(0);
 
-	memset((char *)&server,0,sizeof(server));
-	server.sin_family=AF_INET;
-	server.sin_port=htons((unsigned short)port);
-	if (ip == NULL)
-		server.sin_addr.s_addr=INADDR_ANY;
-	else
-/* Added for T3E, address-of fails on bit field (beckman at acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
-		memcpy(&server.sin_addr.s_addr,ip,4);
-#else
-		memcpy(&server.sin_addr,ip,4);
-#endif
+	memset(&hints, '\0', sizeof(hints));
+	hints.ai_socktype = type;
+	hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
 	
-		if (type == SOCK_STREAM)
-			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-		else /* type == SOCK_DGRAM */
-			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+	e = getaddrinfo(NULL, port, &hints, &res);
+	if (e)
+		{
+		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+		if (e == EAI_SYSTEM)
+			perror("getaddrinfo");
+		return (0);
+		}
 
-	if (s == INVALID_SOCKET) goto err;
+	res0 = res;
+	while (res)
+		{
+		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+		if (s == INVALID_SOCKET)
+			{
+			failed_call = "socket";
+			goto nextres;
+			}
 #if defined SOL_SOCKET && defined SO_REUSEADDR
 		{
 		int j = 1;
@@ -353,36 +365,39 @@ static int init_server_long(int *sock, i
 			   (void *) &j, sizeof j);
 		}
 #endif
-	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+
+		if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
 		{
-#ifndef OPENSSL_SYS_WINDOWS
-		perror("bind");
-#endif
-		goto err;
+			failed_call = "bind";
+			goto nextres;
 		}
-	/* Make it 128 for linux */
-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
-	i=0;
-	*sock=s;
-	ret=1;
-err:
-	if ((ret == 0) && (s != -1))
+		if (type==SOCK_STREAM && listen(s,128) == -1)
 		{
-		SHUTDOWN(s);
+			failed_call = "listen";
+			goto nextres;
 		}
-	return(ret);
+
+		*sock=s;
+		return(1);
+
+nextres:
+		if (s != INVALID_SOCKET)
+			close(s);
+		res = res->ai_next;
 	}
+	freeaddrinfo(res0);
 
-static int init_server(int *sock, int port, int type)
-	{
-	return(init_server_long(sock, port, NULL, type));
+	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+	perror(failed_call);
+	return(0);
 	}
 
 static int do_accept(int acc_sock, int *sock, char **host)
 	{
-	int ret,i;
-	struct hostent *h1,*h2;
-	static struct sockaddr_in from;
+	static struct sockaddr_storage from;
+	char buffer[NI_MAXHOST];
+	int ret;
 	int len;
 /*	struct linger ling; */
 
@@ -427,137 +442,62 @@ redoit:
 	if (i < 0) { perror("keepalive"); return(0); }
 */
 
-	if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
-	/* I should use WSAAsyncGetHostByName() under windows */
-	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
-		sizeof(from.sin_addr.s_addr),AF_INET);
-#else
-	h1=gethostbyaddr((char *)&from.sin_addr,
-		sizeof(struct in_addr),AF_INET);
-#endif
-	if (h1 == NULL)
-		{
-		BIO_printf(bio_err,"bad gethostbyaddr\n");
-		*host=NULL;
-		/* return(0); */
-		}
-	else
+	if (host == NULL)
 		{
-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
-			{
-			perror("OPENSSL_malloc");
+		*sock=ret;
 			return(0);
 			}
-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
 
-		h2=GetHostByName(*host);
-		if (h2 == NULL)
+	if (getnameinfo((struct sockaddr *)&from, sizeof(from),
+		buffer, sizeof(buffer),
+		NULL, 0, 0))
 			{
-			BIO_printf(bio_err,"gethostbyname failure\n");
+		BIO_printf(bio_err,"getnameinfo failed\n");
+		*host=NULL;
 			return(0);
 			}
-		i=0;
-		if (h2->h_addrtype != AF_INET)
+	else
 			{
-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+			{
+			perror("OPENSSL_malloc");
 			return(0);
 			}
-		}
-end:
+		strcpy(*host, buffer);
 	*sock=ret;
 	return(1);
 	}
+	}
 
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-	     short *port_ptr)
+int extract_host_port(char *str, char **host_ptr, 
+	     char **port_ptr)
 	{
-	char *h,*p;
+	char *h,*p,*x;
 
-	h=str;
-	p=strchr(str,':');
+	x=h=str;
+	if (*h == '[')
+		{
+		h++;
+		p=strchr(h,']');
 	if (p == NULL)
 		{
-		BIO_printf(bio_err,"no port defined\n");
+			BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
 		return(0);
 		}
 	*(p++)='\0';
-
-	if ((ip != NULL) && !host_ip(str,ip))
-		goto err;
-	if (host_ptr != NULL) *host_ptr=h;
-
-	if (!extract_port(p,port_ptr))
-		goto err;
-	return(1);
-err:
-	return(0);
+		x = p;
 	}
-
-static int host_ip(char *str, unsigned char ip[4])
-	{
-	unsigned int in[4]; 
-	int i;
-
-	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-		{
-		for (i=0; i<4; i++)
-			if (in[i] > 255)
-				{
-				BIO_printf(bio_err,"invalid IP address\n");
-				goto err;
-				}
-		ip[0]=in[0];
-		ip[1]=in[1];
-		ip[2]=in[2];
-		ip[3]=in[3];
-		}
-	else
-		{ /* do a gethostbyname */
-		struct hostent *he;
-
-		if (!ssl_sock_init()) return(0);
-
-		he=GetHostByName(str);
-		if (he == NULL)
-			{
-			BIO_printf(bio_err,"gethostbyname failure\n");
-			goto err;
-			}
-		/* cast to short because of win16 winsock definition */
-		if ((short)he->h_addrtype != AF_INET)
+	p=strchr(x,':');
+	if (p == NULL)
 			{
-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-			return(0);
-			}
-		ip[0]=he->h_addr_list[0][0];
-		ip[1]=he->h_addr_list[0][1];
-		ip[2]=he->h_addr_list[0][2];
-		ip[3]=he->h_addr_list[0][3];
-		}
-	return(1);
-err:
+		BIO_printf(bio_err,"no port defined\n");
 	return(0);
 	}
+	*(p++)='\0';
 
-int extract_port(char *str, short *port_ptr)
-	{
-	int i;
-	struct servent *s;
+	if (host_ptr != NULL) *host_ptr=h;
+	if (port_ptr != NULL) *port_ptr=p;
 
-	i=atoi(str);
-	if (i != 0)
-		*port_ptr=(unsigned short)i;
-	else
-		{
-		s=getservbyname(str,"tcp");
-		if (s == NULL)
-			{
-			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
-			return(0);
-			}
-		*port_ptr=ntohs((unsigned short)s->s_port);
-		}
 	return(1);
 	}
 
diff -up openssl-0.9.8g/apps/s_server.c.ipv6-apps openssl-0.9.8g/apps/s_server.c
--- openssl-0.9.8g/apps/s_server.c.ipv6-apps	2007-08-23 14:16:02.000000000 +0200
+++ openssl-0.9.8g/apps/s_server.c	2007-12-03 13:31:14.000000000 +0100
@@ -592,7 +592,7 @@ int MAIN(int argc, char *argv[])
 	{
 	X509_STORE *store = NULL;
 	int vflags = 0;
-	short port=PORT;
+	char *port_str = PORT_STR;
 	char *CApath=NULL,*CAfile=NULL;
 	unsigned char *context = NULL;
 	char *dhfile = NULL;
@@ -662,8 +662,7 @@ int MAIN(int argc, char *argv[])
 			 (strcmp(*argv,"-accept") == 0))
 			{
 			if (--argc < 1) goto bad;
-			if (!extract_port(*(++argv),&port))
-				goto bad;
+			port_str= *(++argv);
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
@@ -1332,9 +1331,9 @@ bad:
 		}
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
-		do_server(port,socket_type,&accept_socket,www_body, context);
+		do_server(port_str,socket_type,&accept_socket,www_body, context);
 	else
-		do_server(port,socket_type,&accept_socket,sv_body, context);
+		do_server(port_str,socket_type,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
diff -up openssl-0.9.8g/apps/s_client.c.ipv6-apps openssl-0.9.8g/apps/s_client.c
--- openssl-0.9.8g/apps/s_client.c.ipv6-apps	2007-08-23 14:20:56.000000000 +0200
+++ openssl-0.9.8g/apps/s_client.c	2007-12-03 13:28:42.000000000 +0100
@@ -285,7 +285,7 @@ int MAIN(int argc, char **argv)
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
-	short port=PORT;
+	char *port_str = PORT_STR;
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-port") == 0)
 			{
 			if (--argc < 1) goto bad;
-			port=atoi(*(++argv));
-			if (port == 0) goto bad;
+			port_str= *(++argv);
 			}
 		else if (strcmp(*argv,"-connect") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if (!extract_host_port(*(++argv),&host,NULL,&port))
+			if (!extract_host_port(*(++argv),&host,&port_str))
 				goto bad;
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
@@ -739,7 +738,7 @@ bad:
 
 re_start:
 
-	if (init_client(&s,host,port,sock_type) == 0)
+	if (init_client(&s,host,port_str,sock_type) == 0)
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
diff -up openssl-0.9.8g/apps/s_apps.h.ipv6-apps openssl-0.9.8g/apps/s_apps.h
--- openssl-0.9.8g/apps/s_apps.h.ipv6-apps	2007-12-03 13:28:42.000000000 +0100
+++ openssl-0.9.8g/apps/s_apps.h	2007-12-03 13:28:42.000000000 +0100
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok, 
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
 int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
 
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);

openssl-0.9.8g-redhat.patch:

--- NEW FILE openssl-0.9.8g-redhat.patch ---
diff -up openssl-0.9.8g/Configure.redhat openssl-0.9.8g/Configure
--- openssl-0.9.8g/Configure.redhat	2007-09-16 14:24:17.000000000 +0200
+++ openssl-0.9.8g/Configure	2007-12-03 13:16:08.000000000 +0100
@@ -313,28 +313,28 @@ my %table=(
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 #### IA-32 targets...
 "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 ####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc64",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64",	"gcc:-DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 #### SPARC Linux setups
 # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -348,8 +348,8 @@ my %table=(
 #
 #					<appro at fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
 

openssl-0.9.8g-soversion.patch:

--- NEW FILE openssl-0.9.8g-soversion.patch ---
Define and use a soname -- because we have to care about binary
compatibility, we have to increment the soname in order to allow
this version to co-exist with another versions and have everything
work right.

diff -up openssl-0.9.8g/Configure.soversion openssl-0.9.8g/Configure
--- openssl-0.9.8g/Configure.soversion	2007-12-03 14:41:19.000000000 +0100
+++ openssl-0.9.8g/Configure	2007-12-03 14:41:19.000000000 +0100
@@ -1371,7 +1371,7 @@ while (<IN>)
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
 		{
diff -up openssl-0.9.8g/Makefile.org.soversion openssl-0.9.8g/Makefile.org
--- openssl-0.9.8g/Makefile.org.soversion	2007-12-03 14:41:19.000000000 +0100
+++ openssl-0.9.8g/Makefile.org	2007-12-03 14:41:19.000000000 +0100
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=
 SHLIB_MINOR=
 SHLIB_EXT=
+SHLIB_SONAMEVER=7
 PLATFORM=dist
 OPTIONS=
 CONFIGURE_ARGS=
@@ -277,10 +278,9 @@ clean-shared:
 link-shared:
 	@ set -e; for i in ${SHLIBDIRS}; do \
 		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			LIBNAME=$$i LIBVERSION=${SHLIB_SONAMEVER} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
 	done
 
 build-shared: do_$(SHLIB_TARGET) link-shared
@@ -291,7 +291,7 @@ do_$(SHLIB_TARGET):
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			LIBNAME=$$i LIBVERSION=${SHLIB_SONAMEVER} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			LIBDEPS="$$libs $(EX_LIBS)" \
 			link_a.$(SHLIB_TARGET); \


Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- openssl.spec	15 Oct 2007 15:20:47 -0000	1.96
+++ openssl.spec	3 Dec 2007 14:09:00 -0000	1.97
@@ -6,7 +6,8 @@
 # 0.9.7a soversion = 4
 # 0.9.7ef soversion = 5
 # 0.9.8ab soversion = 6
-%define soversion 6
+# 0.9.8g soversion = 7
+%define soversion 7
 
 # Number of threads to spawn when testing some threading fixes.
 %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@@ -20,8 +21,8 @@
 
 Summary: The OpenSSL toolkit
 Name: openssl
-Version: 0.9.8b
-Release: 17%{?dist}
+Version: 0.9.8g
+Release: 1%{?dist}
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -33,41 +34,25 @@
 Source9: opensslconf-new.h
 Source10: opensslconf-new-warning.h
 # Build changes
-Patch0: openssl-0.9.8a-redhat.patch
+Patch0: openssl-0.9.8g-redhat.patch
 Patch1: openssl-0.9.8a-defaults.patch
 Patch2: openssl-0.9.8a-link-krb5.patch
-Patch3: openssl-0.9.8b-soversion.patch
+Patch3: openssl-0.9.8g-soversion.patch
 Patch4: openssl-0.9.8a-enginesdir.patch
 Patch5: openssl-0.9.8a-no-rpath.patch
-Patch24: openssl-0.9.8a-padlock.patch
+Patch6: openssl-0.9.8b-test-use-localhost.patch
+# Bug fixes
+Patch21: openssl-0.9.8b-aliasing-bug.patch
+Patch22: openssl-0.9.8b-x509-name-cmp.patch
 # Functionality changes
 Patch32: openssl-0.9.7-beta6-ia64.patch
 Patch33: openssl-0.9.7f-ca-dir.patch
 Patch34: openssl-0.9.6-x509.patch
 Patch35: openssl-0.9.7-beta5-version-add-engines.patch
-Patch36: openssl-0.9.8a-use-poll.patch
 Patch38: openssl-0.9.8a-reuse-cipher-change.patch
-Patch39: openssl-0.9.8b-ipv6-apps.patch
-Patch40: openssl-0.9.8b-enc-bufsize.patch
+Patch39: openssl-0.9.8g-ipv6-apps.patch
 # Backported fixes including security fixes
-Patch51: openssl-0.9.8b-block-padding.patch
-Patch52: openssl-0.9.8b-pkcs12-fix.patch
-Patch53: openssl-0.9.8b-bn-threadsafety.patch
-Patch54: openssl-0.9.8b-aes-cachecol.patch
-Patch55: openssl-0.9.8b-pkcs7-leak.patch
-Patch56: openssl-0.9.8b-cve-2006-4339.patch
-Patch57: openssl-0.9.8b-cve-2006-2937.patch
-Patch58: openssl-0.9.8b-cve-2006-2940.patch
-Patch59: openssl-0.9.8b-cve-2006-3738.patch
-Patch60: openssl-0.9.8b-cve-2006-4343.patch
-Patch61: openssl-0.9.8b-aliasing-bug.patch
-Patch62: openssl-0.9.8b-x509-name-cmp.patch
-Patch63: openssl-0.9.8b-x509-add-dir.patch
-Patch64: openssl-0.9.8b-test-use-localhost.patch
-Patch65: openssl-0.9.8b-cve-2007-3108.patch
-Patch66: openssl-0.9.7a-ssl-strict-matching.patch
-Patch67: openssl-0.9.8b-cve-2007-4995.patch
-Patch68: openssl-0.9.8b-cve-2007-5135.patch
+# None yet
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -116,36 +101,17 @@
 %patch3 -p1 -b .soversion
 %patch4 -p1 -b .enginesdir
 %patch5 -p1 -b .no-rpath
+%patch6 -p1 -b .use-localhost
 
-%patch24 -p1 -b .padlock
+%patch21 -p1 -b .aliasing-bug
+%patch22 -p1 -b .name-cmp
 
 %patch32 -p1 -b .ia64
 #patch33 is applied after make test
 %patch34 -p1 -b .x509
 %patch35 -p1 -b .version-add-engines
-%patch36 -p1 -b .use-poll
 %patch38 -p1 -b .cipher-change
 %patch39 -p1 -b .ipv6-apps
-%patch40 -p1 -b .enc-bufsize
-
-%patch51 -p1 -b .block-padding
-%patch52 -p1 -b .pkcs12-fix
-%patch53 -p1 -b .bn-threadsafety
-%patch54 -p1 -b .cachecol
-%patch55 -p1 -b .pkcs7-leak
-%patch56 -p1 -b .short-padding
-%patch57 -p1 -b .asn1-error
-%patch58 -p0 -b .parasitic
-%patch59 -p0 -b .shared-ciphers
-%patch60 -p0 -b .client-dos
-%patch61 -p1 -b .aliasing-bug
-%patch62 -p1 -b .name-cmp
-%patch63 -p1 -b .add-dir
-%patch64 -p1 -b .use-localhost
-%patch65 -p1 -b .no-branch
-%patch66 -p1 -b .strict-matching
-%patch67 -p1 -b .dtls-fixes
-%patch68 -p1 -b .shciphers
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -386,6 +352,9 @@
 %postun -p /sbin/ldconfig
 
 %changelog
+* Mon Nov  3 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8g-1
+- update to latest upstream release, SONAME bumped to 7
+
 * Mon Oct 15 2007 Joe Orton <jorton at redhat.com> 0.9.8b-17
 - update to new CA bundle from mozilla.org
 


--- openssl-0.9.7a-ssl-strict-matching.patch DELETED ---


--- openssl-0.9.8a-padlock.patch DELETED ---


--- openssl-0.9.8a-redhat.patch DELETED ---


--- openssl-0.9.8a-use-poll.patch DELETED ---


--- openssl-0.9.8b-aes-cachecol.patch DELETED ---


--- openssl-0.9.8b-block-padding.patch DELETED ---


--- openssl-0.9.8b-bn-threadsafety.patch DELETED ---


--- openssl-0.9.8b-cve-2006-2937.patch DELETED ---


--- openssl-0.9.8b-cve-2006-2940.patch DELETED ---


--- openssl-0.9.8b-cve-2006-3738.patch DELETED ---


--- openssl-0.9.8b-cve-2006-4339.patch DELETED ---


--- openssl-0.9.8b-cve-2006-4343.patch DELETED ---


--- openssl-0.9.8b-cve-2007-3108.patch DELETED ---


--- openssl-0.9.8b-cve-2007-4995.patch DELETED ---


--- openssl-0.9.8b-cve-2007-5135.patch DELETED ---


--- openssl-0.9.8b-enc-bufsize.patch DELETED ---


--- openssl-0.9.8b-ipv6-apps.patch DELETED ---


--- openssl-0.9.8b-pkcs12-fix.patch DELETED ---


--- openssl-0.9.8b-pkcs7-leak.patch DELETED ---


--- openssl-0.9.8b-soversion.patch DELETED ---


--- openssl-0.9.8b-x509-add-dir.patch DELETED ---


