Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-3 for openSUSE:Factory checked in at 2025-01-05 15:27:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-3 (Old) and /work/SRC/openSUSE:Factory/.openssl-3.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl-3" Sun Jan 5 15:27:00 2025 rev:35 rq:1234617 version:3.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-3/openssl-3.changes 2024-11-13 15:26:51.433693370 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-3.new.1881/openssl-3.changes 2025-01-05 15:27:01.895336080 +0100 @@ -1,0 +2,14 @@ +Mon Dec 23 20:14:08 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com> + +- Add support for userspace livepatching on ppc64le (jsc#PED-11850). +- Use gcc-13 for ppc64le. + +------------------------------------------------------------------- +Tue Dec 17 12:42:19 UTC 2024 - Pedro Monreal <pmonreal@suse.com> + +- Fix evp_properties section in the openssl.cnf file [bsc#1234647] + * Rebase patches: + - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch + - openssl-TESTS-Disable-default-provider-crypto-policies.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-3.spec ++++++ --- /var/tmp/diff_new_pack.aJ0Xjv/_old 2025-01-05 15:27:08.615612495 +0100 +++ /var/tmp/diff_new_pack.aJ0Xjv/_new 2025-01-05 15:27:08.639613482 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl-3 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -146,13 +146,20 @@ Patch66: openssl-3-fix-quic_multistream_test.patch BuildRequires: pkgconfig -%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 + +# ulp-macros is available according to SUSE version. +%ifarch x86_64 +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540 +BuildRequires: ulp-macros +%endif +%endif +%ifarch ppc64le +%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570 +BuildRequires: gcc13 BuildRequires: ulp-macros -%else -# Define ulp-macros macros as empty -%define cflags_livepatching "" -%define pack_ipa_dumps echo "Livepatching is disabled in this build" %endif +%endif + BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) Requires: libopenssl3 = %{version}-%{release} @@ -246,6 +253,14 @@ export MACHINE=armv6l %endif +# In ppc64le we need gcc-13 for userspace livepatching until we have the +# required -fpatchable-functions-entry patch merged into the mainline +%ifarch ppc64le +%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570 +export CC=gcc-13 +export CXX=g++-13 +%endif +%endif ./Configure \ enable-camellia \ %ifarch x86_64 aarch64 ppc64le @@ -264,7 +279,7 @@ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ %{optflags} \ - %{cflags_livepatching} \ + %{?cflags_livepatching} \ -Wa,--noexecstack \ -Wl,-z,relro,-z,now \ -fno-common \ @@ -324,7 +339,7 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers %install -%{pack_ipa_dumps} +%{?pack_ipa_dumps} %make_install %{?_smp_mflags} MANSUFFIX=%{man_suffix} rename so.%{sover} so.%{version} %{buildroot}%{_libdir}/*.so.%{sover} ++++++ openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch ++++++ --- /var/tmp/diff_new_pack.aJ0Xjv/_old 2025-01-05 15:27:09.995669259 +0100 +++ /var/tmp/diff_new_pack.aJ0Xjv/_new 2025-01-05 15:27:09.999669423 +0100 @@ -322,12 +322,13 @@ =================================================================== --- openssl-3.2.3.orig/apps/openssl.cnf +++ openssl-3.2.3/apps/openssl.cnf -@@ -52,6 +52,11 @@ tsa_policy3 = 1.2.3.4.5.7 +@@ -52,6 +52,12 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect +# Load default TLS policy configuration +ssl_conf = ssl_module ++alg_section = evp_properties + +[ evp_properties ] +# This section is intentionally added empty here to be tuned on particular systems ++++++ openssl-TESTS-Disable-default-provider-crypto-policies.patch ++++++ --- /var/tmp/diff_new_pack.aJ0Xjv/_old 2025-01-05 15:27:10.095673372 +0100 +++ /var/tmp/diff_new_pack.aJ0Xjv/_new 2025-01-05 15:27:10.103673701 +0100 @@ -2,16 +2,18 @@ =================================================================== --- openssl-3.2.3.orig/apps/openssl.cnf +++ openssl-3.2.3/apps/openssl.cnf -@@ -45,7 +45,7 @@ tsa_policy3 = 1.2.3.4.5.7 +@@ -45,8 +45,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect # Load default TLS policy configuration -ssl_conf = ssl_module +-alg_section = evp_properties +##ssl_conf = ssl_module ++##alg_section = evp_properties [ evp_properties ] # This section is intentionally added empty here to be tuned on particular systems -@@ -60,20 +60,20 @@ ssl_conf = ssl_module +@@ -61,20 +61,20 @@ alg_section = evp_properties # to side-channel attacks and as such have been deprecated. [provider_sect]