Hello community,
here is the log from the commit of package boringssl for openSUSE:Factory checked in at 2019-09-04 09:34:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/boringssl (Old)
and /work/SRC/openSUSE:Factory/.boringssl.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "boringssl"
Wed Sep 4 09:34:23 2019 rev:4 rq:728033 version:20190523
Changes:
--------
--- /work/SRC/openSUSE:Factory/boringssl/boringssl.changes 2019-08-30 14:42:09.849416276 +0200
+++ /work/SRC/openSUSE:Factory/.boringssl.new.7948/boringssl.changes 2019-09-04 09:34:30.174704349 +0200
@@ -1,0 +2,204 @@
+Tue Sep 3 07:15:48 UTC 2019 - Martin Pluskal
+
+- Update to version 20190523:
+ * Disable RDRAND on AMD chips before Zen.
+ * Always store early data tickets.
+ * Align PKCS12_parse closer to OpenSSL.
+ * Support PKCS#12 KeyBags.
+ * Support PKCS#8 blobs using PBES2 with HMAC-SHA256.
+ * Make EVP_PKEY_keygen work for Ed25519.
+ * Sync aesp8-ppc.pl with upstream.
+ * Update generate_build_files.py for SIKE.
+ * Fix the last casts in third_party/sike.
+ * Remove no-op casts around tt1.
+ * Define p503 with crypto_word_t, not uint64_t.
+ * Add support for SIKE/p503 post-quantum KEM
+ * tool: fix speed tests.
+ * Add an option to skip crypto_test_data.cc in GN too.
+ * Save and restore errors when ignoring ssl_send_alert result.
+ * Reject obviously invalid DSA parameters during signing.
+ * Make expect/expected flag and variable names match.
+ * clang-format Flag arrays in test_config.cc.
+ * Rename remnants of ticket_early_data_info.
+ * Enforce the ticket_age parameter for 0-RTT.
+ * Add SSL_get_early_data_reason.
+ * Remove implicit -on-resume for -expect-early-data-accept.
+ * Use weak symbols only on supported platforms
+ * Fix spelling in comments.
+ * Add functions for "raw" EVP_PKEY serializations.
+ * Remove stray underscores.
+ * Add a compatibility EVP_DigestFinalXOF function.
+ * Fix up EVP_DigestSign implementation for Ed25519.
+ * Check for errors when setting up X509_STORE_CTX.
+ * Convert a few more things from int to bool.
+ * Compute the delegated credentials length prefix with CBB.
+ * Convert the rest of ssl_test to GTest.
+ * Check for x18 usage in aarch64 assembly.
+ * Handle errors from close in perlasm scripts.
+ * Hold off flushing NewSessionTicket until write.
+ * Predeclare enums in base.h
+ * Require certificates under name constraints use SANs.
+ * Make X509_verify_cert_error_string thread-safe.
+ * Disable the common name fallback on *any* SAN list.
+ * Silently ignore X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT.
+ * Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT.
+ * Give ENGINE_free a return value.
+ * Output a ClientHello during handoff.
+ * Fix and test EVP_PKEY_CTX copying.
+ * Test copying an EVP_MD_CTX.
+ * Fix EVP_CIPHER_CTX_copy for AES-GCM.
+ * Check key sizes in AES_set_*_key.
+ * Add missing nonce_len check to aead_aes_gcm_siv_asm_open.
+ * Test AES-GCM-SIV with OPENSSL_SMALL.
+ * Handle CBB_cleanup on child CBBs more gracefully.
+ * Update third_party/googletest.
+ * Rename 'md' output parameter to 'out' and add bounds.
+ * Update other build tools.
+ * Update SDE to 8.35.0-2019-03-11.
+ * nit: Update references to draft-ietf-tls-subcerts.
+ * Support get versions with get_{min,max}_proto_version for context
+ * Update ImplDispatchTest for bsaes-x86_64 removal.
+ * Unwind the large_inputs hint in aes_ctr_set_key.
+ * Add an optimized x86_64 vpaes ctr128_f and remove bsaes.
+ * Add 16384 to the default bssl speed sizes.
+ * Rewrite BN_CTX.
+ * Save a temporary in BN_mod_exp_mont's w=1 case.
+ * Reject long inputs in c2i_ASN1_INTEGER.
+ * Harden the lower level parts of crypto/asn1 against overflows.
+ * Remove d2i_ASN1_UINTEGER.
+ * Drop some unused bsaes to aes_nohw dependencies.
+ * Adapt gcm_*_neon to aarch64.
+ * Patch out the aes_nohw fallback in bsaes_cbc_encrypt.
+ * Patch out the aes_nohw fallback in bsaes_ctr32_encrypt_blocks.
+ * Implement sk_find manually.
+ * Make vpaes-armv8.pl compatible with XOM.
+ * Support three-argument instructions on x86-64.
+ * Correct outdated comments
+ * Remove SSL_get_structure_sizes.
+ * Prefer vpaes over bsaes in AES-GCM-SIV and AES-CCM.
+ * Tell ASan about the OPENSSL_malloc prefix.
+ * modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings.
+ * Enable vpaes for aarch64, with CTR optimizations.
+ * Check in vpaes-armv8.pl from OpenSSL unused and unmodified.
+ * silence unused variable warnings when using OPENSSL_clear_free
+ * Handle NULL public key in |EC_KEY_set_public_key|.
+ * Add a 32-bit SSSE3 GHASH implementation.
+ * Also include abi_test.cc in ssl_test_files.
+ * Don't pull abi_test.cc into non-GTest targets.
+ * Update *_set_cert_cb documentation regarding resumption
+ * Add a reference for Linux ARM ABI.
+ * Remove __ARM_ARCH__ guard on gcm_*_v8.
+ * Fix bsaes-armv7.pl getting disabled by accident.
+ * Add an option to configure bssl speed chunk size.
+ * Appease GCC's uninitialized value warning.
+ * Set VPAES flags in x86-64 code.
+ * Enable vpaes for AES_* functions.
+ * Avoid double-dispatch with AES_* vs aes_nohw_*.
+ * Add uint64_t support in CBS and CBB.
+ * Clear out a bunch of -Wextra-semi warnings.
+ * Add compiled python files to .gitignore.
+ * Fix x86_64-xlate.pl comment regex.
+ * Add go 1.11 to go.mod.
+ * Remove STRICT_ALIGNMENT code from modes.
+ * Remove non-STRICT_ALIGNMENT code from xts.c.
+ * Patch XTS out of ARMv7 bsaes too.
+ * Remove stray prototype.
+ * Always define GHASH.
+ * Update delegated credentials to draft-03
+ * Use Windows symbol APIs in the unwind tester.
+ * Unwind RDRAND functions correctly on Windows.
+ * Patch out unused aesni-x86_64 functions.
+ * Add ABI tests for aesni-gcm-x86_64.pl.
+ * Add ABI tests for x86_64-mont5.pl.
+ * sync EVP_get_cipherbyname with EVP_do_all_sorted
+ * Hyperlink DOI to preferred resolver
+ * Remove stray semicolons.
+ * Remove separate default group list for servers.
+ * Enable all curves (inc CECPQ2) during fuzzing.
+ * Implement ABI testing for aarch64.
+ * Fix ABI error in bn_mul_mont on aarch64.
+ * Implement ABI testing for ARM.
+ * Fix the order of Windows unwind codes.
+ * Implement unwind testing for Windows.
+ * Tolerate spaces when parsing .type directives.
+ * runner: Don't generate an RSA key on startup.
+ * Don't use bsaes over vpaes for CTR-DRBG.
+ * perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata.
+ * Add instructions for debugging on Android with gdb.
+ * Enforce key usage for RSA keys in TLS 1.2.
+ * Remove infra/config folder in master branch.
+ * Avoid SCT/OCSP extensions in SH on {Omit|Empty}Extensions
+ * Test and fix an ABI issue with small parameters.
+ * Add RSAZ ABI tests.
+ * Better document RSAZ and tidy up types.
+ * Add ABI testing for 32-bit x86.
+ * Add a very roundabout EC keygen API.
+ * Add some Node compatibility functions.
+ * Implement server support for delegated credentials.
+ * Add a constant-time pshufb-based GHASH implementation.
+ * Tweak some slightly fragile tests.
+ * Make 256-bit ciphers a preference for CECPQ2, not a requirement.
+ * Update comments around JDK11 workaround.
+ * Add a RelWithAsserts build configuration.
+ * Remove union from |SHA512_CTX|.
+ * Avoid unwind tests on libc functions.
+ * Don't pass NULL,0 to qsort.
+ * Fix signed left-shifts in curve25519.c.
+ * Add an option to build with UBSan.
+ * Fix undefined pointer casts in SHA-512 code.
+ * HRSS: flatten sample distribution.
+ * Add test of assembly code dispatch.
+ * Simplify HRSS mod3 circuits.
+ * Add SSL_OP_NO_RENEGOTIATION
+ * Rename Fiat include files to end in .h
+ * Switch to new fiat pipeline.
+ * Don't look for libunwind if cross-compiling.
+ * Mark some unmarked array sizes in curve25519.c.
+ * Revert "Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos"
+ * Add ABI tests for GCM.
+ * Fix SSL_R_TOO_MUCH_READ_EARLY_DATA.
+ * Test CRYPTO_gcm128_tag in gcm_test.cc.
+ * Remove pointer cast in P-256 table.
+ * Ignore new fields in forthcoming Wycheproof tests.
+ * Fix RSAZ's OPENSSL_cleanse.
+ * Allow configuring QUIC method per-connection
+ * Fix header file for _byteswap_ulong and _byteswap_uint64 from MSVC CRT
+ * Add ABI tests for HRSS assembly.
+ * Add AES ABI tests.
+ * Move aes_nohw, bsaes, and vpaes prototypes to aes/internal.h.
+ * Add direction flag checking to CHECK_ABI.
+ * Add ABI tests for ChaCha20_ctr32.
+ * Add ABI tests for MD5.
+ * Refresh fuzzer corpus.
+ * Delete the variants/draft code.
+ * Update tools.
+ * Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos
+ * Use handshake parameters to decide if cert/key are available
+ * Add ABI tests for bn_mul_mont.
+ * Add ABI tests for SHA*.
+ * Make pkg-config optional.
+ * Add DEPS rules to checkout Windows SDE.
+ * Add ABI tests for rdrand.
+ * Set NIDs for Blowfish and CAST.
+ * Add a CFI tester to CHECK_ABI.
+ * Fix some size_t to long casts.
+ * Add EVP_CIPHER support for Blowfish and CAST to decrepit.
+ * Be less clever with CHECK_ABI.
+ * Update SDE and add the Windows version.
+ * Remove pooling of PRNG state.
+ * Add EC_KEY_key2buf for OpenSSL compatibility
+ * Remove bundled copy of android-cmake.
+ * Clarify build requirements.
+ * Add EC_GROUP_order_bits for OpenSSL compatibility
+ * Annotate leaf functions with .cfi_{startproc,endproc}
+ * Fix beeu_mod_inverse_vartime CFI annotations and preamble.
+ * Fix CFI annotations in p256-x86_64-asm.pl.
+ * Add a comment about ecp_nistz256_point_add_affine's limitations.
+ * Refresh p256-x86_64_tests.txt.
++++ 7 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/boringssl/boringssl.changes
++++ and /work/SRC/openSUSE:Factory/.boringssl.new.7948/boringssl.changes
Old:
----
boringssl-20181228.tar.xz
New:
----
boringssl-20190523.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ boringssl.spec ++++++
--- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.198704123 +0200
+++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.202704122 +0200
@@ -16,10 +16,10 @@
#
-%define sover 0
+%define sover 1
%define libname libboringssl%{sover}
Name: boringssl
-Version: 20181228
+Version: 20190523
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
@@ -28,9 +28,12 @@
Source: %{name}-%{version}.tar.xz
Patch0: add-soversion-option.patch
Patch1: 0001-crypto-Fix-aead_test-build-on-aarch64.patch
-BuildRequires: cmake
+BuildRequires: cmake >= 3.0
BuildRequires: gcc-c++
BuildRequires: go
+BuildRequires: libunwind-devel
+BuildRequires: ninja
+ExclusiveArch: %{ix86} x86_64
%description
BoringSSL is an implementation of the Secure Sockets Layer (SSL) and
@@ -62,10 +65,11 @@
%build
%define _lto_cflags %{nil}
+%define __builder ninja
%cmake \
-DCMAKE_C_FLAGS="%{optflags} -pthread" \
-DCMAKE_CXX_FLAGS="%{optflags} -pthread" \
- -DSOVERSION=1
+ -DSOVERSION=%{sover}
%cmake_build
%install
++++++ 0001-crypto-Fix-aead_test-build-on-aarch64.patch ++++++
--- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.222704118 +0200
+++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.222704118 +0200
@@ -30,10 +30,10 @@
crypto/cipher_extra/aead_test.cc | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
-diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
-index fff7d4397..906a5acc0 100644
---- a/crypto/cipher_extra/aead_test.cc
-+++ b/crypto/cipher_extra/aead_test.cc
+Index: boringssl-20190523/crypto/cipher_extra/aead_test.cc
+===================================================================
+--- boringssl-20190523.orig/crypto/cipher_extra/aead_test.cc
++++ boringssl-20190523/crypto/cipher_extra/aead_test.cc
@@ -29,6 +29,12 @@
#include "../test/test_util.h"
#include "../test/wycheproof_util.h"
@@ -89,6 +89,3 @@
OPENSSL_memset(key, 'K', sizeof(key));
bssl::ScopedEVP_AEAD_CTX ctx;
---
-2.21.0
-
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.262704109 +0200
+++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.266704108 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://boringssl.googlesource.com/boringssl</param>
- <param name="changesrevision">8e8f250422663106d478f6927beefba289a95b37</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">2e0d354690064c90ee245c715b92e2bb32492571</param></service></servicedata>
\ No newline at end of file
++++++ add-soversion-option.patch ++++++
--- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.278704105 +0200
+++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.278704105 +0200
@@ -18,11 +18,11 @@
ssl/CMakeLists.txt | 6 ++++++
5 files changed, 29 insertions(+)
-diff --git a/BUILDING.md b/BUILDING.md
-index 924f6c924..69cecefc4 100644
---- a/BUILDING.md
-+++ b/BUILDING.md
-@@ -71,6 +71,9 @@ Windows, where functions need to be tagged with `dllimport` when coming from a
+Index: boringssl-20190523/BUILDING.md
+===================================================================
+--- boringssl-20190523.orig/BUILDING.md
++++ boringssl-20190523/BUILDING.md
+@@ -79,6 +79,9 @@ Windows, where functions need to be tagg
shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s
the BoringSSL headers.
@@ -32,19 +32,19 @@
In order to serve environments where code-size is important as well as those
where performance is the overriding concern, `OPENSSL_SMALL` can be defined to
remove some code that is especially large.
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 1f18782f3..b8ea82c08 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
+Index: boringssl-20190523/CMakeLists.txt
+===================================================================
+--- boringssl-20190523.orig/CMakeLists.txt
++++ boringssl-20190523/CMakeLists.txt
@@ -1,5 +1,7 @@
cmake_minimum_required(VERSION 2.8.11)
-+set(boringssl_SOVERSION 0)
++set(boringssl_SOVERSION 1)
+
# Report AppleClang separately from Clang. Their version numbers are different.
# https://cmake.org/cmake/help/v3.0/policy/CMP0025.html
if(POLICY CMP0025)
-@@ -503,6 +505,12 @@ endif()
+@@ -546,6 +548,12 @@ endif()
# Add minimal googletest targets. The provided one has many side-effects, and
# googletest has a very straightforward build.
add_library(boringssl_gtest third_party/googletest/src/gtest-all.cc)
@@ -57,11 +57,11 @@
target_include_directories(boringssl_gtest PRIVATE third_party/googletest)
include_directories(third_party/googletest/include)
-diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
-index 863591020..31e1c2b96 100644
---- a/crypto/CMakeLists.txt
-+++ b/crypto/CMakeLists.txt
-@@ -404,6 +404,12 @@ add_library(
+Index: boringssl-20190523/crypto/CMakeLists.txt
+===================================================================
+--- boringssl-20190523.orig/crypto/CMakeLists.txt
++++ boringssl-20190523/crypto/CMakeLists.txt
+@@ -419,6 +419,12 @@ add_library(
${CRYPTO_ARCH_SOURCES}
${CRYPTO_FIPS_OBJECTS}
)
@@ -74,10 +74,10 @@
add_dependencies(crypto global_target)
-diff --git a/decrepit/CMakeLists.txt b/decrepit/CMakeLists.txt
-index 1cb5e11f7..26d1a6dc9 100644
---- a/decrepit/CMakeLists.txt
-+++ b/decrepit/CMakeLists.txt
+Index: boringssl-20190523/decrepit/CMakeLists.txt
+===================================================================
+--- boringssl-20190523.orig/decrepit/CMakeLists.txt
++++ boringssl-20190523/decrepit/CMakeLists.txt
@@ -21,6 +21,12 @@ add_library(
x509/x509_decrepit.c
xts/xts.c
@@ -91,10 +91,10 @@
add_dependencies(decrepit global_target)
-diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
-index d6c1294f1..102e015fd 100644
---- a/ssl/CMakeLists.txt
-+++ b/ssl/CMakeLists.txt
+Index: boringssl-20190523/ssl/CMakeLists.txt
+===================================================================
+--- boringssl-20190523.orig/ssl/CMakeLists.txt
++++ boringssl-20190523/ssl/CMakeLists.txt
@@ -40,6 +40,12 @@ add_library(
tls13_enc.cc
tls13_server.cc
@@ -108,6 +108,3 @@
add_dependencies(ssl global_target)
---
-2.21.0
-
++++++ boringssl-20181228.tar.xz -> boringssl-20190523.tar.xz ++++++
/work/SRC/openSUSE:Factory/boringssl/boringssl-20181228.tar.xz /work/SRC/openSUSE:Factory/.boringssl.new.7948/boringssl-20190523.tar.xz differ: char 26, line 1