rpms/openssl/devel openssl-0.9.8k-fipscheck-hmac.patch, NONE, 1.1 openssl-0.9.8k-use-fipscheck.patch, NONE, 1.1 openssl-0.9.8k-x509-name-cmp.patch, NONE, 1.1 .cvsignore, 1.17, 1.18 openssl.spec, 1.125, 1.126 sources, 1.19, 1.20 openssl-0.9.8b-x509-name-cmp.patch, 1.2, NONE openssl-0.9.8j-fipscheck-hmac.patch, 1.1, NONE openssl-0.9.8j-use-fipscheck.patch, 1.2, NONE

[Tomáš Mráz]

Author: tmraz

Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15015

Modified Files:
	.cvsignore openssl.spec sources 
Added Files:
	openssl-0.9.8k-fipscheck-hmac.patch 
	openssl-0.9.8k-use-fipscheck.patch 
	openssl-0.9.8k-x509-name-cmp.patch 
Removed Files:
	openssl-0.9.8b-x509-name-cmp.patch 
	openssl-0.9.8j-fipscheck-hmac.patch 
	openssl-0.9.8j-use-fipscheck.patch 
Log Message:
* Thu Mar 25 2009 Tomas Mraz <tmraz at redhat.com> 0.9.8k-1
- update to new upstream release (minor bug fixes, security
  fixes and machine code optimizations only)


openssl-0.9.8k-fipscheck-hmac.patch:

--- NEW FILE openssl-0.9.8k-fipscheck-hmac.patch ---
diff -up openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac openssl-0.9.8k/fips/sha/Makefile
--- openssl-0.9.8k/fips/sha/Makefile.fipscheck-hmac	2008-10-26 19:42:05.000000000 +0100
+++ openssl-0.9.8k/fips/sha/Makefile	2009-03-25 20:18:08.000000000 +0100
@@ -46,7 +46,7 @@ lib:	$(LIBOBJ)
 	@echo $(LIBOBJ) > lib
 
 ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
-	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
+	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
 	$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
 
 files:
diff -up openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac openssl-0.9.8k/fips/sha/fips_standalone_sha1.c
--- openssl-0.9.8k/fips/sha/fips_standalone_sha1.c.fipscheck-hmac	2009-01-15 13:34:54.000000000 +0100
+++ openssl-0.9.8k/fips/sha/fips_standalone_sha1.c	2009-03-25 20:18:08.000000000 +0100
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
 
 #ifdef OPENSSL_FIPS
 
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
 		      const char *key)
     {
     size_t len=strlen(key);
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
 
     if (len > SHA_CBLOCK)
 	{
-	SHA1_Init(md_ctx);
-	SHA1_Update(md_ctx,key,len);
-	SHA1_Final(keymd,md_ctx);
-	len=20;
+	SHA256_Init(md_ctx);
+	SHA256_Update(md_ctx,key,len);
+	SHA256_Final(keymd,md_ctx);
+	len=SHA256_DIGEST_LENGTH;
 	}
     else
 	memcpy(keymd,key,len);
@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
 
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x36^keymd[i];
-    SHA1_Init(md_ctx);
-    SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+    SHA256_Init(md_ctx);
+    SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
 
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x5c^keymd[i];
-    SHA1_Init(o_ctx);
-    SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+    SHA256_Init(o_ctx);
+    SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
     }
 
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
     {
-    unsigned char buf[20];
+    unsigned char buf[SHA256_DIGEST_LENGTH];
 
-    SHA1_Final(buf,md_ctx);
-    SHA1_Update(o_ctx,buf,sizeof buf);
-    SHA1_Final(md,o_ctx);
+    SHA256_Final(buf,md_ctx);
+    SHA256_Update(o_ctx,buf,sizeof buf);
+    SHA256_Final(md,o_ctx);
     }
 
 #endif
@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
 int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
-    static char key[]="etaonrishdlcupfm";
+    static char key[]="orboDeJITITejsirpADONivirpUkvarP";
     int n,binary=0;
 
     if(argc < 2)
@@ -125,8 +125,8 @@ int main(int argc,char **argv)
     for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
-	SHA_CTX md_ctx,o_ctx;
-	unsigned char md[20];
+	SHA256_CTX md_ctx,o_ctx;
+	unsigned char md[SHA256_DIGEST_LENGTH];
 	int i;
 
 	if(!f)
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
 		else
 		    break;
 		}
-	    SHA1_Update(&md_ctx,buf,l);
+	    SHA256_Update(&md_ctx,buf,l);
 	    }
 	hmac_final(md,&md_ctx,&o_ctx);
 
 	if (binary)
 	    {
-	    fwrite(md,20,1,stdout);
+	    fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
 	    break;	/* ... for single(!) file */
 	    }
 
-	printf("HMAC-SHA1(%s)= ",argv[n]);
-	for(i=0 ; i < 20 ; ++i)
+/*	printf("HMAC-SHA1(%s)= ",argv[n]); */
+	for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
 	    printf("%02x",md[i]);
 	printf("\n");
 	}

openssl-0.9.8k-use-fipscheck.patch:

--- NEW FILE openssl-0.9.8k-use-fipscheck.patch ---
diff -up openssl-0.9.8k/test/Makefile.use-fipscheck openssl-0.9.8k/test/Makefile
--- openssl-0.9.8k/test/Makefile.use-fipscheck	2009-03-25 11:59:22.000000000 +0100
+++ openssl-0.9.8k/test/Makefile	2009-03-25 20:14:10.000000000 +0100
@@ -401,9 +401,6 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$
 	fi; \
 	if [ "$(FIPSCANLIB)" = "libfips" ]; then \
 		LIBRARIES="-L$(TOP) -lfips"; \
-	elif [ -n "$(FIPSCANLIB)" ]; then \
-		FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-		LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
 	else \
 		LIBRARIES="$(LIBCRYPTO)"; \
 	fi; \
@@ -416,9 +413,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if 
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
-	if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
-		FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-	fi; \
 	[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
 		CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
diff -up openssl-0.9.8k/Makefile.org.use-fipscheck openssl-0.9.8k/Makefile.org
--- openssl-0.9.8k/Makefile.org.use-fipscheck	2009-03-25 20:10:37.000000000 +0100
+++ openssl-0.9.8k/Makefile.org	2009-03-25 20:10:37.000000000 +0100
@@ -357,10 +357,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA
 			$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
 			$(AR) libcrypto.a fips/fipscanister.o ; \
 		else \
-			if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-				FIPSLD_CC=$(CC); CC=fips/fipsld; \
-				export CC FIPSLD_CC; \
-			fi; \
 			$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
 		fi \
 	else \
@@ -381,9 +377,8 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT
 fips/fipscanister.o:	build_fips
 libfips$(SHLIB_EXT):		fips/fipscanister.o
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
 		$(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			CC=$${CC} LIBNAME=fips THIS=$@ \
+			CC=$(CC) LIBNAME=fips THIS=$@ \
 			LIBEXTRAS=fips/fipscanister.o \
 			LIBDEPS="$(EX_LIBS)" \
 			LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -469,7 +464,7 @@ openssl.pc: Makefile
 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)';\
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
 
 Makefile: Makefile.org Configure config
diff -up openssl-0.9.8k/fips/fips.c.use-fipscheck openssl-0.9.8k/fips/fips.c
--- openssl-0.9.8k/fips/fips.c.use-fipscheck	2008-09-16 12:12:09.000000000 +0200
+++ openssl-0.9.8k/fips/fips.c	2009-03-25 20:10:37.000000000 +0100
@@ -47,6 +47,7 @@
  *
  */
 
+#define _GNU_SOURCE
 
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
@@ -56,6 +57,9 @@
 #include <openssl/rsa.h>
 #include <string.h>
 #include <limits.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
@@ -165,6 +169,7 @@ int FIPS_selftest()
 	&& FIPS_selftest_dsa();
     }
 
+#if 0
 extern const void         *FIPS_text_start(),  *FIPS_text_end();
 extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
 unsigned char              FIPS_signature [20] = { 0 };
@@ -243,6 +248,206 @@ int FIPS_check_incore_fingerprint(void)
 
     return 1;
     }
+#else
+/* we implement what libfipscheck does ourselves */
+
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+	Dl_info info;
+	void *dl, *sym;
+	int rv = -1;
+
+        dl = dlopen(libname, RTLD_LAZY);
+        if (dl == NULL) {
+	        return -1;
+        }       
+
+	sym = dlsym(dl, symbolname);
+
+	if (sym != NULL && dladdr(sym, &info)) {
+		strncpy(path, info.dli_fname, pathlen-1);
+		path[pathlen-1] = '\0';
+		rv = 0;
+	}
+
+	dlclose(dl);	
+	
+	return rv;
+}
+
+static const char conv[] = "0123456789abcdef";
+
+static char *
+bin2hex(void *buf, size_t len)
+{
+	char *hex, *p;
+	unsigned char *src = buf;
+	
+	hex = malloc(len * 2 + 1);
+	if (hex == NULL)
+		return NULL;
+
+	p = hex;
+
+	while (len > 0) {
+		unsigned c;
+
+		c = *src;
+		src++;
+
+		*p = conv[c >> 4];
+		++p;
+		*p = conv[c & 0x0f];
+		++p;
+		--len;
+	}
+	*p = '\0';
+	return hex;
+}
+
+#define HMAC_PREFIX "." 
+#define HMAC_SUFFIX ".hmac" 
+#define READ_BUFFER_LENGTH 16384
+
+static char *
+make_hmac_path(const char *origpath)
+{
+	char *path, *p;
+	const char *fn;
+
+	path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
+	if(path == NULL) {
+		return NULL;
+	}
+
+	fn = strrchr(origpath, '/');
+	if (fn == NULL) {
+		fn = origpath;
+	} else {
+		++fn;
+	}
+
+	strncpy(path, origpath, fn-origpath);
+	p = path + (fn - origpath);
+	p = stpcpy(p, HMAC_PREFIX);
+	p = stpcpy(p, fn);
+	p = stpcpy(p, HMAC_SUFFIX);
+
+	return path;
+}
+
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+static int
+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
+{
+	FILE *f = NULL;
+	int rv = -1;
+	unsigned char rbuf[READ_BUFFER_LENGTH];
+	size_t len;
+	unsigned int hlen;
+	HMAC_CTX c;
+
+	HMAC_CTX_init(&c);
+
+	f = fopen(path, "r");
+
+	if (f == NULL) {
+		goto end;
+	}
+
+	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+
+	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+		HMAC_Update(&c, rbuf, len);
+	}
+
+	len = sizeof(rbuf);
+	/* reuse rbuf for hmac */
+	HMAC_Final(&c, rbuf, &hlen);
+
+	*buf = malloc(hlen);
+	if (*buf == NULL) {
+		goto end;
+	}
+
+	*hmaclen = hlen;
+
+	memcpy(*buf, rbuf, hlen);
+
+	rv = 0;
+end:
+	HMAC_CTX_cleanup(&c);
+
+	if (f)
+		fclose(f);
+
+	return rv;
+}
+
+static int
+FIPSCHECK_verify(const char *libname, const char *symbolname)
+{
+	char path[PATH_MAX+1];
+	int rv;
+	FILE *hf;
+	char *hmacpath, *p;
+	char *hmac = NULL;
+	size_t n;
+	
+	rv = get_library_path(libname, symbolname, path, sizeof(path));
+
+	if (rv < 0)
+		return 0;
+
+	hmacpath = make_hmac_path(path);
+
+	hf = fopen(hmacpath, "r");
+	if (hf == NULL) {
+		free(hmacpath);
+		return 0;
+	}
+
+	if (getline(&hmac, &n, hf) > 0) {
+		void *buf;
+		size_t hmaclen;
+		char *hex;
+
+		if ((p=strchr(hmac, '\n')) != NULL)
+			*p = '\0';
+
+		if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
+			rv = -4;
+			goto end;
+		}
+
+		if ((hex=bin2hex(buf, hmaclen)) == NULL) {
+			free(buf);
+			rv = -5;
+			goto end;
+		}
+
+		if (strcmp(hex, hmac) != 0) {
+			rv = -1;
+		}
+		free(buf);
+		free(hex);
+	}
+
+end:
+	free(hmac);
+	free(hmacpath);
+	fclose(hf);
+
+	if (rv < 0)
+		return 0;
+
+	/* check successful */
+	return 1;	
+}
+
+#endif
 
 int FIPS_mode_set(int onoff)
     {
@@ -280,16 +485,17 @@ int FIPS_mode_set(int onoff)
 	    }
 #endif
 
-	if(fips_signature_witness() != FIPS_signature)
+	if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
 	    {
-	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
+	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
 	    fips_selftest_fail = 1;
 	    ret = 0;
 	    goto end;
 	    }
 
-	if(!FIPS_check_incore_fingerprint())
+	if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
 	    {
+	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
 	    fips_selftest_fail = 1;
 	    ret = 0;
 	    goto end;
@@ -405,11 +611,13 @@ int fips_clear_owning_thread(void)
 	return ret;
 	}
 
+#if 0
 unsigned char *fips_signature_witness(void)
 	{
 	extern unsigned char FIPS_signature[];
 	return FIPS_signature;
 	}
+#endif
 
 /* Generalized public key test routine. Signs and verifies the data
  * supplied in tbs using mesage digest md and setting option digest
diff -up openssl-0.9.8k/fips/Makefile.use-fipscheck openssl-0.9.8k/fips/Makefile
--- openssl-0.9.8k/fips/Makefile.use-fipscheck	2009-03-25 20:10:37.000000000 +0100
+++ openssl-0.9.8k/fips/Makefile	2009-03-25 20:16:09.000000000 +0100
@@ -62,9 +62,9 @@ testapps:
 
 all:
 	@if [ -z "$(FIPSLIBDIR)" ]; then \
-		$(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
+		$(MAKE) -e subdirs lib; \
 	else \
-		$(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
+		$(MAKE) -e lib; \
 	fi
 
 # Idea behind fipscanister.o is to "seize" the sequestered code between
@@ -109,7 +109,6 @@ fipscanister.o: fips_start.o $(LIBOBJ) $
 		HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
 		*) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
 	esac fi
-	./fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
 
 # If another exception is immediately required, assign approprite
 # site-specific ld command to FIPS_SITE_LD environment variable.
@@ -171,7 +170,7 @@ $(FIPSCANLIB):	$(FIPSCANLOC)
 	$(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
 	@touch lib
 
-shared:	lib subdirs fips_premain_dso$(EXE_EXT)
+shared:	lib subdirs
 
 libs:
 	@target=lib; $(RECURSIVE_MAKE)
@@ -195,17 +194,6 @@ install:
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 	@target=install; $(RECURSIVE_MAKE)
-	for i in $(EXE) ; \
-	do \
-		echo "installing $$i"; \
-		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-		chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-	done
-	cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
-		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
-	chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
 
 lint:
 	@target=lint; $(RECURSIVE_MAKE)
diff -up openssl-0.9.8k/fips/fips_locl.h.use-fipscheck openssl-0.9.8k/fips/fips_locl.h
--- openssl-0.9.8k/fips/fips_locl.h.use-fipscheck	2008-09-16 12:12:10.000000000 +0200
+++ openssl-0.9.8k/fips/fips_locl.h	2009-03-25 20:10:37.000000000 +0100
@@ -63,7 +63,9 @@ int fips_is_owning_thread(void);
 int fips_set_owning_thread(void);
 void fips_set_selftest_fail(void);
 int fips_clear_owning_thread(void);
+#if 0
 unsigned char *fips_signature_witness(void);
+#endif
 
 #define FIPS_MAX_CIPHER_TEST_SIZE	16
 

openssl-0.9.8k-x509-name-cmp.patch:

--- NEW FILE openssl-0.9.8k-x509-name-cmp.patch ---
diff -up openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp openssl-0.9.8k/crypto/x509/x509_cmp.c
--- openssl-0.9.8k/crypto/x509/x509_cmp.c.name-cmp	2009-02-15 13:10:39.000000000 +0100
+++ openssl-0.9.8k/crypto/x509/x509_cmp.c	2009-03-25 20:04:41.000000000 +0100
@@ -282,15 +282,7 @@ int X509_NAME_cmp(const X509_NAME *a, co
 		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
 		j=na->value->type-nb->value->type;
 		if (j)
-			{
-			nabit = ASN1_tag2bit(na->value->type);
-			nbbit = ASN1_tag2bit(nb->value->type);
-			if (!(nabit & STR_TYPE_CMP) ||
-				!(nbbit & STR_TYPE_CMP))
-				return j;
-			if (!asn1_string_memcmp(na->value, nb->value))
-				j = 0;
-			}
+			return j;
 		else if (na->value->type == V_ASN1_PRINTABLESTRING)
 			j=nocase_spacenorm_cmp(na->value, nb->value);
 		else if (na->value->type == V_ASN1_IA5STRING


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/.cvsignore,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- .cvsignore	15 Jan 2009 09:10:25 -0000	1.17
+++ .cvsignore	25 Mar 2009 21:12:41 -0000	1.18
@@ -1 +1 @@
-openssl-0.9.8j-usa.tar.bz2
+openssl-0.9.8k-usa.tar.bz2


Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- openssl.spec	19 Mar 2009 11:03:16 -0000	1.125
+++ openssl.spec	25 Mar 2009 21:12:41 -0000	1.126
@@ -7,7 +7,7 @@
 # 0.9.7ef soversion = 5
 # 0.9.8ab soversion = 6
 # 0.9.8g soversion = 7
-# 0.9.8j + EAP-FAST soversion = 8
+# 0.9.8jk + EAP-FAST soversion = 8
 %define soversion 8
 
 # Number of threads to spawn when testing some threading fixes.
@@ -22,8 +22,8 @@
 
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 0.9.8j
-Release: 10%{?dist}
+Version: 0.9.8k
+Release: 1%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
 Source: openssl-%{version}-usa.tar.bz2
@@ -44,7 +44,7 @@
 Patch7: openssl-0.9.8j-shlib-version.patch
 # Bug fixes
 Patch21: openssl-0.9.8b-aliasing-bug.patch
-Patch22: openssl-0.9.8b-x509-name-cmp.patch
+Patch22: openssl-0.9.8k-x509-name-cmp.patch
 Patch23: openssl-0.9.8g-default-paths.patch
 Patch24: openssl-0.9.8g-no-extssl.patch
 # Functionality changes
@@ -55,8 +55,8 @@
 Patch38: openssl-0.9.8a-reuse-cipher-change.patch
 Patch39: openssl-0.9.8g-ipv6-apps.patch
 Patch40: openssl-0.9.8j-nocanister.patch
-Patch41: openssl-0.9.8j-use-fipscheck.patch
-Patch42: openssl-0.9.8j-fipscheck-hmac.patch
+Patch41: openssl-0.9.8k-use-fipscheck.patch
+Patch42: openssl-0.9.8k-fipscheck-hmac.patch
 Patch43: openssl-0.9.8j-evp-nonfips.patch
 Patch44: openssl-0.9.8j-kernel-fipsmode.patch
 Patch45: openssl-0.9.8j-env-nozlib.patch
@@ -408,6 +408,10 @@
 %postun -p /sbin/ldconfig
 
 %changelog
+* Thu Mar 25 2009 Tomas Mraz <tmraz at redhat.com> 0.9.8k-1
+- update to new upstream release (minor bug fixes, security
+  fixes and machine code optimizations only)
+
 * Thu Mar 19 2009 Tomas Mraz <tmraz at redhat.com> 0.9.8j-10
 - move libraries to /usr/lib (#239375)
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/sources,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- sources	15 Jan 2009 09:10:25 -0000	1.19
+++ sources	25 Mar 2009 21:12:41 -0000	1.20
@@ -1 +1 @@
-573353d8cb4330b71e9985cea4785d61  openssl-0.9.8j-usa.tar.bz2
+de4f31dd6546e8e11b4ffd4332b3c162  openssl-0.9.8k-usa.tar.bz2


--- openssl-0.9.8b-x509-name-cmp.patch DELETED ---


--- openssl-0.9.8j-fipscheck-hmac.patch DELETED ---


--- openssl-0.9.8j-use-fipscheck.patch DELETED ---