diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-03-02 23:02:45 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-03-02 23:02:45 +0000 |
| commit | 3ca6f2829a0c830dfd11021879745700444a3c16 (patch) | |
| tree | 58434dbd3ff50c2a90ccdf785478626386b40554 | |
| parent | 74067752dde25f72c3a5418561836991a3223a7e (diff) | |
| download | krb5-3ca6f2829a0c830dfd11021879745700444a3c16.tar.gz krb5-3ca6f2829a0c830dfd11021879745700444a3c16.tar.xz krb5-3ca6f2829a0c830dfd11021879745700444a3c16.zip | |
- add a workaround to build with OpenSSL 1.0, which changed the signaturekrb5-1_6_3-26_fc11
of EVP_PKEY_decrypt()
| -rw-r--r-- | krb5-1.7-openssl-1.0.patch | 17 | ||||
| -rw-r--r-- | krb5.spec | 4 |
2 files changed, 21 insertions, 0 deletions
diff --git a/krb5-1.7-openssl-1.0.patch b/krb5-1.7-openssl-1.0.patch new file mode 100644 index 0000000..19aa774 --- /dev/null +++ b/krb5-1.7-openssl-1.0.patch @@ -0,0 +1,17 @@ +This isn't a proper fix (it doesn't actually switch to using the new API), +but it'll do for now. +diff -up src/plugins/preauth/pkinit/pkinit_crypto_openssl.c src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +--- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c.openssl-1.0 2009-01-23 01:51:03.000000000 -0500 ++++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-08-24 11:19:35.000000000 -0400 +@@ -3652,7 +3652,11 @@ decode_data(unsigned char **out_data, un + if (buf == NULL) + goto cleanup; + ++#if OPENSSL_VERSION_NUMBER < 0x10000000L + retval = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey); ++#else ++ retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey); ++#endif + if (retval <= 0) { + pkiDebug("unable to decrypt received data (len=%d)\n", data_len); + goto cleanup; @@ -109,6 +109,7 @@ Patch82: krb5-CVE-2009-0844-0845-2.patch Patch83: krb5-CVE-2009-0846.patch Patch84: krb5-CVE-2009-0847.patch Patch85: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt +Patch86: krb5-1.7-openssl-1.0.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -243,6 +244,8 @@ certificate. %changelog * Tue Mar 2 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-26 - fix a regression (not labeling a kdb database lock file correctly, #569902) +- add a workaround to build with OpenSSL 1.0, which changed the signature + of EVP_PKEY_decrypt() * Fri Jan 22 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-25 - use portreserve correctly -- portrelease takes the basename of the file @@ -1447,6 +1450,7 @@ popd %patch83 -p1 -b .CVE-2009-0846 %patch84 -p1 -b .CVE-2009-0847 %patch85 -p0 -b .2009-004 +%patch86 -p0 -b .openssl-1.0 cp src/krb524/README README.krb524 gzip doc/*.ps |