From fba756feb1835908424c5499de2bdb7313a2aa05 Mon Sep 17 00:00:00 2001
From: Tomáš Mráz <tmraz@fedoraproject.org>
Date: Dec 11 2006 19:46:13 +0000
Subject: - detect duplicates in add_dir properly (#206346)


---

diff --git a/openssl-0.9.8b-x509-add-dir.patch b/openssl-0.9.8b-x509-add-dir.patch
new file mode 100644
index 0000000..02c2dc6
--- /dev/null
+++ b/openssl-0.9.8b-x509-add-dir.patch
@@ -0,0 +1,33 @@
+--- openssl-0.9.8b/crypto/x509/by_dir.c.add-dir	2005-07-03 15:15:53.000000000 +0200
++++ openssl-0.9.8b/crypto/x509/by_dir.c	2006-10-03 15:14:06.000000000 +0200
+@@ -189,7 +189,7 @@
+ 
+ 	s=dir;
+ 	p=s;
+-	for (;;)
++	for (;;p++)
+ 		{
+ 		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
+ 			{
+@@ -198,8 +198,11 @@
+ 			len=(int)(p-ss);
+ 			if (len == 0) continue;
+ 			for (j=0; j<ctx->num_dirs; j++)
+-				if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+-					continue;
++				if (strlen(ctx->dirs[j]) == len &&
++				    strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
++					break;
++			if (j<ctx->num_dirs)
++				continue;
+ 			if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
+ 				{
+ 				ctx->num_dirs_alloced+=10;
+@@ -231,7 +234,6 @@
+ 			ctx->num_dirs++;
+ 			}
+ 		if (*p == '\0') break;
+-		p++;
+ 		}
+ 	return(1);
+ 	}
diff --git a/openssl.spec b/openssl.spec
index b1db21e..7a55561 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: The OpenSSL toolkit
 Name: openssl
 Version: 0.9.8b
-Release: 11%{?dist}
+Release: 12%{?dist}
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -62,6 +62,7 @@ Patch59: openssl-0.9.8b-cve-2006-3738.patch
 Patch60: openssl-0.9.8b-cve-2006-4343.patch
 Patch61: openssl-0.9.8b-aliasing-bug.patch
 Patch62: openssl-0.9.8b-x509-name-cmp.patch
+Patch63: openssl-0.9.8b-x509-add-dir.patch
 
 License: BSDish
 Group: System Environment/Libraries
@@ -133,6 +134,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch60 -p0 -b .client-dos
 %patch61 -p1 -b .aliasing-bug
 %patch62 -p1 -b .name-cmp
+%patch63 -p1 -b .add-dir
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -367,6 +369,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
 %postun -p /sbin/ldconfig
 
 %changelog
+* Mon Dec 11 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-12
+- detect duplicates in add_dir properly (#206346)
+
 * Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-11
 - the previous change still didn't make X509_NAME_cmp transitive