[packages/openssl] - updated to 1.1.1d (fixes CVE-2019-1547 CVE-2019-1549 CVE-2019-1563) - added no-win32 patch (don't
qboosh
qboosh at pld-linux.org
Fri Sep 27 18:22:03 CEST 2019
commit f160409676983ef0adfbbc274f3b889815113912
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Fri Sep 27 18:25:09 2019 +0200
- updated to 1.1.1d (fixes CVE-2019-1547 CVE-2019-1549 CVE-2019-1563)
- added no-win32 patch (don't require Win32-specific perl module for unix installs)
- added zlib-fix patch (bugfix from git)
openssl-no-win32.patch | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++
openssl-zlib-fix.patch | 57 +++++++++++++++++++++++++++++++++++
openssl.spec | 13 ++++----
3 files changed, 144 insertions(+), 6 deletions(-)
---
diff --git a/openssl.spec b/openssl.spec
index 550621a..8900821 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -17,21 +17,22 @@ Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднан
Name: openssl
# Version 1.1.1 is LTS, supported until 2023-09-11.
# https://www.openssl.org/about/releasestrat.html
-Version: 1.1.1c
+Version: 1.1.1d
Release: 1
License: Apache-like
Group: Libraries
Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 15e21da6efe8aa0e0768ffd8cd37a5f6
+# Source0-md5: 3be209000dbc7e1b95bcdf47980a3baa
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch1: %{name}-optflags.patch
-
+# https://github.com/openssl/openssl/commit/4245d63be73402df5917bbd099178ba56c136e13.patch
+Patch2: %{name}-zlib-fix.patch
Patch3: %{name}-man-namespace.patch
Patch5: %{name}-ca-certificates.patch
-
+Patch6: %{name}-no-win32.patch
Patch7: %{name}-find.patch
Patch8: pic.patch
@@ -258,11 +259,11 @@ RC4, RSA и SSL. Включает статические библиотеки д
%endif
%patch1 -p1
-
+%patch2 -p1
%patch3 -p1
%patch5 -p1
-
+%patch6 -p1
%patch7 -p1
%patch8 -p1
diff --git a/openssl-no-win32.patch b/openssl-no-win32.patch
new file mode 100644
index 0000000..a54af8b
--- /dev/null
+++ b/openssl-no-win32.patch
@@ -0,0 +1,80 @@
+--- openssl-1.1.1d/Configurations/unix-Makefile.tmpl.orig 2019-09-27 15:57:40.580222104 +0200
++++ openssl-1.1.1d/Configurations/unix-Makefile.tmpl 2019-09-27 16:03:43.774921176 +0200
+@@ -201,77 +201,6 @@
+ "" -}
+ # Do not edit these manually. Use Configure with --prefix or --openssldir
+ # to change this! Short explanation in the top comment in Configure
+-INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
+- #
+- use File::Spec::Win32;
+- my $prefix_default = "$mingw_installroot/OpenSSL";
+- our $prefix =
+- File::Spec::Win32->canonpath($config{prefix}
+- || $prefix_default);
+- our ($prefix_dev, $prefix_dir, $prefix_file) =
+- File::Spec::Win32->splitpath($prefix, 1);
+- $prefix =~ s|\\|/|g;
+- $prefix_dir =~ s|\\|/|g;
+- $prefix_dev -}
+-INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir);
+- $x =~ s|\\|/|g;
+- $x -}
+-OPENSSLDIR_dev={- #
+- # The logic here is that if no --openssldir was given,
+- # OPENSSLDIR will get the value "$mingw_commonroot/SSL".
+- # If --openssldir was given and the value is an absolute
+- # path, OPENSSLDIR will get its value without change.
+- # If the value from --openssldir is a relative path,
+- # OPENSSLDIR will get $prefix with the --openssldir
+- # value appended as a subdirectory.
+- #
+- use File::Spec::Win32;
+- our $openssldir =
+- $config{openssldir} ?
+- (File::Spec::Win32->file_name_is_absolute($config{openssldir}) ?
+- File::Spec::Win32->canonpath($config{openssldir})
+- : File::Spec::Win32->catdir($prefix, $config{openssldir}))
+- : File::Spec::Win32->canonpath("$mingw_commonroot/SSL");
+- our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
+- File::Spec::Win32->splitpath($openssldir, 1);
+- $openssldir =~ s|\\|/|g;
+- $openssldir_dir =~ s|\\|/|g;
+- $openssldir_dev -}
+-OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir);
+- $x =~ s|\\|/|g;
+- $x -}
+-LIBDIR={- our $libdir = $config{libdir} || "lib";
+- File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -}
+-ENGINESDIR_dev={- use File::Spec::Win32;
+- our $enginesdir =
+- File::Spec::Win32->catdir($prefix,$libdir,
+- "engines-$sover_dirname");
+- our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
+- File::Spec::Win32->splitpath($enginesdir, 1);
+- $enginesdir =~ s|\\|/|g;
+- $enginesdir_dir =~ s|\\|/|g;
+- $enginesdir_dev -}
+-ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir);
+- $x =~ s|\\|/|g;
+- $x -}
+-# In a Windows environment, $(DESTDIR) is harder to contatenate with other
+-# directory variables, because both may contain devices. What we do here is
+-# to adapt INSTALLTOP, OPENSSLDIR and ENGINESDIR depending on if $(DESTDIR)
+-# has a value or not, to ensure that concatenation will always work further
+-# down.
+-ifneq "$(DESTDIR)" ""
+-INSTALLTOP=$(INSTALLTOP_dir)
+-OPENSSLDIR=$(OPENSSLDIR_dir)
+-ENGINESDIR=$(ENGINESDIR_dir)
+-else
+-INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
+-OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
+-ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
+-endif
+-
+-# $(libdir) is chosen to be compatible with the GNU coding standards
+-libdir={- File::Spec::Win32->file_name_is_absolute($libdir)
+- ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -}
+ {- output_on() if $config{target} !~ /^mingw/; "" -}
+
+ MANDIR=$(INSTALLTOP)/share/man
diff --git a/openssl-zlib-fix.patch b/openssl-zlib-fix.patch
new file mode 100644
index 0000000..afae438
--- /dev/null
+++ b/openssl-zlib-fix.patch
@@ -0,0 +1,57 @@
+From 4245d63be73402df5917bbd099178ba56c136e13 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz at fedoraproject.org>
+Date: Thu, 12 Sep 2019 12:27:36 +0200
+Subject: [PATCH] BIO_f_zlib: Properly handle BIO_CTRL_PENDING and
+ BIO_CTRL_WPENDING calls.
+
+There can be data to write in output buffer and data to read that were
+not yet read in the input stream.
+
+Fixes #9866
+---
+ crypto/comp/c_zlib.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
+index 78219f202d8..3d2c142f004 100644
+--- a/crypto/comp/c_zlib.c
++++ b/crypto/comp/c_zlib.c
+@@ -546,6 +546,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+ int ret, *ip;
+ int ibs, obs;
+ BIO *next = BIO_next(b);
++ z_stream *zin;
+
+ if (next == NULL)
+ return 0;
+@@ -598,6 +599,30 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+ BIO_copy_next_retry(b);
+ break;
+
++ case BIO_CTRL_WPENDING:
++ if (ctx->obuf == NULL)
++ return 0;
++
++ if (ctx->odone) {
++ ret = ctx->ocount;
++ }
++ else {
++ ret = ctx->ocount;
++ if (ret == 0)
++ /* Unknown amount pending but we are not finished */
++ ret = 1;
++ }
++ if (ret == 0)
++ ret = BIO_ctrl(next, cmd, num, ptr);
++ break;
++
++ case BIO_CTRL_PENDING:
++ zin = &ctx->zin;
++ ret = zin->avail_in;
++ if (ret == 0)
++ ret = BIO_ctrl(next, cmd, num, ptr);
++ break;
++
+ default:
+ ret = BIO_ctrl(next, cmd, num, ptr);
+ break;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssl.git/commitdiff/f160409676983ef0adfbbc274f3b889815113912
More information about the pld-cvs-commit
mailing list