21240304 Upgrade OpenSSL version to 1.0.1o s11u2-sru
authorRon Jordan <ron.jordan@oracle.com>
Tue, 23 Jun 2015 09:14:23 -0700
branchs11u2-sru
changeset 4529 a1c54f9eb8de
parent 4528 30be54ba3f0e
child 4534 058d7630f55f
21240304 Upgrade OpenSSL version to 1.0.1o 21240415 problem in LIBRARY/OPENSSL 21240436 problem in LIBRARY/OPENSSL 21240446 problem in LIBRARY/OPENSSL 21240457 problem in LIBRARY/OPENSSL 21240467 problem in LIBRARY/OPENSSL 21240488 problem in LIBRARY/OPENSSL
components/openssl/openssl-1.0.1-fips-140/Makefile
components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m
components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch
components/openssl/openssl-1.0.1/Makefile
components/openssl/openssl-1.0.1/openssl-1.0.1.p5m
components/openssl/openssl-1.0.1/patches/33_cert_chain.patch
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile	Wed Jun 17 14:13:59 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile	Tue Jun 23 09:14:23 2015 -0700
@@ -29,14 +29,14 @@
 COMPONENT_NAME =	openssl-fips-140
 # Note that this is the OpenSSL version that is used to build FIPS-140 certified
 # libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION =	1.0.1m
+COMPONENT_VERSION =	1.0.1o
 IPS_COMPONENT_VERSION = 2.0.6
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC_NAME =	openssl
 COMPONENT_SRC =		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74
+    sha256:16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
 
--- a/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m	Wed Jun 17 14:13:59 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m	Tue Jun 23 09:14:23 2015 -0700
@@ -34,7 +34,7 @@
 set name=pkg.human-version value=$(COMPONENT_VERSION)
 set name=com.oracle.info.description \
     value="the FIPS 140-2 Capable OpenSSL libraries"
-set name=com.oracle.info.tpno value=21965 
+set name=com.oracle.info.tpno value=23126 
 set name=info.classification value=org.opensolaris.category.2008:System/Security
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch	Wed Jun 17 14:13:59 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch	Tue Jun 23 09:14:23 2015 -0700
@@ -199,12 +199,12 @@
 $ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
 --- openssl/apps/apps.c    4 Dec 2012 17:26:04 -0000    1.133.2.11.2.6.2.3
 +++ openssl/apps/apps.c    14 Dec 2012 14:30:45 -0000    1.133.2.11.2.6.2.4
[email protected]@ -2238,6 +2238,8 @@
[email protected]@ -2240,6 +2240,8 @@
          flags |= X509_V_FLAG_NOTIFY_POLICY;
      else if (!strcmp(arg, "-check_ss_sig"))
          flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
 +    else if (!strcmp(arg, "-partial_chain"))
 +        flags |= X509_V_FLAG_PARTIAL_CHAIN;
+     else if (!strcmp(arg, "-no_alt_chains"))
+         flags |= X509_V_FLAG_NO_ALT_CHAINS;
      else
-         return 0;
- 
--- a/components/openssl/openssl-1.0.1/Makefile	Wed Jun 17 14:13:59 2015 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile	Tue Jun 23 09:14:23 2015 -0700
@@ -28,15 +28,15 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.1m
+COMPONENT_VERSION =	1.0.1o
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.1.13
+IPS_COMPONENT_VERSION = 1.0.1.15
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74
+    sha256:16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13
 
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
--- a/components/openssl/openssl-1.0.1/openssl-1.0.1.p5m	Wed Jun 17 14:13:59 2015 -0700
+++ b/components/openssl/openssl-1.0.1/openssl-1.0.1.p5m	Tue Jun 23 09:14:23 2015 -0700
@@ -30,7 +30,7 @@
     value="OpenSSL is a full-featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library."
 set name=pkg.human-version value=$(COMPONENT_VERSION)
 set name=com.oracle.info.description value=OpenSSL
-set name=com.oracle.info.tpno value=21965 
+set name=com.oracle.info.tpno value=23126 
 set name=info.classification value=org.opensolaris.category.2008:System/Security
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
--- a/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch	Wed Jun 17 14:13:59 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch	Tue Jun 23 09:14:23 2015 -0700
@@ -199,12 +199,12 @@
 $ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
 --- openssl/apps/apps.c    4 Dec 2012 17:26:04 -0000    1.133.2.11.2.6.2.3
 +++ openssl/apps/apps.c    14 Dec 2012 14:30:45 -0000    1.133.2.11.2.6.2.4
[email protected]@ -2238,6 +2238,8 @@
[email protected]@ -2240,6 +2240,8 @@
          flags |= X509_V_FLAG_NOTIFY_POLICY;
      else if (!strcmp(arg, "-check_ss_sig"))
          flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
 +    else if (!strcmp(arg, "-partial_chain"))
 +        flags |= X509_V_FLAG_PARTIAL_CHAIN;
+     else if (!strcmp(arg, "-no_alt_chains"))
+         flags |= X509_V_FLAG_NO_ALT_CHAINS;
      else
-         return 0;
-