Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2013-11-30 17:59:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2013-11-29 07:03:10.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2013-11-30 18:01:22.000000000 +0100 @@ -2,7 +1,0 @@ -Sat Nov 23 08:23:59 UTC 2013 - shchang@suse.com - -- Patches for OpenSSL FIPS-140-2/3 certification - Add patch files: openssl-1.0.1e-fips.patch, openssl-1.0.1e-fips-ec.patch, - openssl-1.0.1e-fips-ctor.patch - -------------------------------------------------------------------- Old: ---- openssl-1.0.1e-fips-ctor.patch openssl-1.0.1e-fips-ec.patch openssl-1.0.1e-fips.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.jxpxcJ/_old 2013-11-30 18:01:23.000000000 +0100 +++ /var/tmp/diff_new_pack.jxpxcJ/_new 2013-11-30 18:01:23.000000000 +0100 @@ -58,10 +58,6 @@ # From Fedora openssl. Patch13: openssl-1.0.1c-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch -# FIPS patches -Patch15: openssl-1.0.1e-fips.patch -Patch16: openssl-1.0.1e-fips-ec.patch -Patch17: openssl-1.0.1e-fips-ctor.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -82,7 +78,6 @@ %package -n libopenssl1_0_0 Summary: Secure Sockets and Transport Layer Security -License: OpenSSL Group: Productivity/Networking/Security Recommends: openssl-certs # bug437293 @@ -109,7 +104,6 @@ %package -n libopenssl-devel Summary: Include Files and Libraries mandatory for Development -License: OpenSSL Group: Development/Libraries/C and C++ Obsoletes: openssl-devel < %{version} Requires: %name = %version @@ -126,19 +120,8 @@ This package contains all necessary include files and libraries needed to develop applications that require these. -%package -n libopenssl1_0_0-hmac -Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries -License: BSD-3-Clause -Group: Productivity/Networking/Security -Requires: libopenssl1_0_0 = %{version}-%{release} - -%description -n libopenssl1_0_0-hmac -The FIPS compliant operation of the openssl shared libraries is NOT -possible without the HMAC hashes contained in this package! - %package doc Summary: Additional Package Documentation -License: OpenSSL Group: Productivity/Networking/Security %if 0%{?suse_version} >= 1140 BuildArch: noarch @@ -165,9 +148,6 @@ %patch12 -p1 %patch13 -p1 %patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" @@ -213,13 +193,12 @@ %endif ./config --test-sanity # -config_flags="threads shared no-rc5 no-idea fips \ +config_flags="threads shared no-rc5 no-idea \ %ifarch x86_64 enable-ec_nistp_64_gcc_128 \ %endif enable-camellia \ zlib \ -no-ec2m \ --prefix=%{_prefix} \ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ @@ -266,15 +245,6 @@ make depend make LD_LIBRARY_PATH=`pwd` make rehash - -# for FIPS mode testing; the same hashes are being created later just before -# the wrap-up of the files into the package. -# These files are just there for the make test below... -crypto/fips/fips_standalone_hmac libcrypto.so.1.0.0 > .libcrypto.so.1.0.0.hmac -crypto/fips/fips_standalone_hmac libssl.so.1.0.0 > .libssl.so.1.0.0.hmac - -LD_LIBRARY_PATH=`pwd` make test FIPSCANLIB="" - %ifnarch armv4l LD_LIBRARY_PATH=`pwd` make test %endif @@ -288,7 +258,6 @@ %install rm -rf $RPM_BUILD_ROOT make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install -cp -a crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac install -d -m755 $RPM_BUILD_ROOT%{ssletcdir}/certs ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl @@ -366,29 +335,6 @@ # Do not install demo scripts executable under /usr/share/doc find demos -type f -perm /111 -exec chmod 644 {} \; -# the hmac hashes: -# -# this is a hack that re-defines the __os_install_post macro -# for a simple reason: the macro strips the binaries and thereby -# invalidates a HMAC that may have been created earlier. -# solution: create the hashes _after_ the macro runs. -# -# this shows up earlier because otherwise the %expand of -# the macro is too late. -# remark: This is the same as running -# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs' -%{expand:%%global __os_install_post {%__os_install_post - -$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ - $RPM_BUILD_ROOT/%{_lib}/libssl.so.%{num_version} > \ - $RPM_BUILD_ROOT/%{_libdir}/.libssl.so.%{num_version}.hmac - -$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ - $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{num_version} > \ - $RPM_BUILD_ROOT/%{_libdir}/.libcrypto.so.%{num_version}.hmac - -}} - #process openssllib mkdir $RPM_BUILD_ROOT/%{_lib} mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ @@ -396,9 +342,7 @@ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/ cd $RPM_BUILD_ROOT%{_libdir}/ ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so -ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so.%{num_version} ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so -ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so.%{num_version} for engine in 4758cca atalla nuron sureware ubsec cswift chil aep; do rm %{buildroot}/%{_lib}/engines/lib$engine.so @@ -421,11 +365,6 @@ /%{_lib}/libcrypto.so.%{num_version} /%{_lib}/engines -%files -n libopenssl1_0_0-hmac -%defattr(-, root, root) -%{_libdir}/.libssl.so.%{num_version}.hmac -%{_libdir}/.libcrypto.so.%{num_version}.hmac - %files -n libopenssl-devel %defattr(-, root, root) %{_includedir}/%{name}/ @@ -433,9 +372,7 @@ %exclude %{_libdir}/libcrypto.a %exclude %{_libdir}/libssl.a %{_libdir}/libssl.so -%{_libdir}/libssl.so.%{num_version} %{_libdir}/libcrypto.so -%{_libdir}/libcrypto.so.%{num_version} %_libdir/pkgconfig/libcrypto.pc %_libdir/pkgconfig/libssl.pc %_libdir/pkgconfig/openssl.pc @@ -456,7 +393,6 @@ %dir %{_datadir}/ssl %{_datadir}/ssl/misc %{_bindir}/c_rehash -%{_bindir}/fips_standalone_hmac %{_bindir}/%{name} %changelog ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.jxpxcJ/_old 2013-11-30 18:01:23.000000000 +0100 +++ /var/tmp/diff_new_pack.jxpxcJ/_new 2013-11-30 18:01:23.000000000 +0100 @@ -3,6 +3,3 @@ libopenssl-devel requires -libopenssl-<targettype> requires "libopenssl1_0_0-<targettype> = <version>" -libopenssl1_0_0-hmac - requires -libopenssl1_0_0 = <version> - requires "libopenssl1_0_0-<targettype> = <version>-%release" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org