commit openssl-1_0_0 for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2017-06-27 10:19:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl-1_0_0" Tue Jun 27 10:19:44 2017 rev:3 rq:506116 version:1.0.2l Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2017-05-27 13:12:33.136812556 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1_0_0.changes 2017-06-27 10:19:47.307778558 +0200 @@ -1,0 +2,17 @@ +Fri Jun 23 15:22:52 UTC 2017 - tchvatal@suse.com + +- Update engines location for the engines to match up 1.1 to ease + later on migration bsc#1045803 + * openssl-engines-path.patch + +------------------------------------------------------------------- +Mon May 29 09:35:24 UTC 2017 - vcizek@suse.com + +- update to 1.0.2l + * bugfix release only + * fixes problem with a lower-than-before version number (bsc#1040863) +- drop openssl-print_notice-NULL_crash.patch (upstream) +- refresh patches openssl-fipslocking.patch and + 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch + +------------------------------------------------------------------- Old: ---- openssl-1.0.2k.tar.gz openssl-1.0.2k.tar.gz.asc openssl-print_notice-NULL_crash.patch New: ---- openssl-1.0.2l.tar.gz openssl-1.0.2l.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.EnHdcr/_old 2017-06-27 10:19:48.655588063 +0200 +++ /var/tmp/diff_new_pack.EnHdcr/_new 2017-06-27 10:19:48.659587498 +0200 @@ -28,7 +28,7 @@ %define num_version 1.0.0 %define _rname openssl Name: openssl-1_0_0 -Version: 1.0.2k +Version: 1.0.2l Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -82,7 +82,6 @@ Patch58: openssl-fips-clearerror.patch Patch59: openssl-fips-dont-fall-back-to-default-digest.patch Patch61: openssl-fipslocking.patch -Patch62: openssl-print_notice-NULL_crash.patch Patch63: openssl-randfile_fread_interrupt.patch # steam patches Patch100: openssl-fix-cpuid_setup.patch @@ -231,7 +230,6 @@ %patch58 -p1 %patch59 -p1 %patch61 -p1 -%patch62 -p1 %patch63 -p1 cp -p %{SOURCE10} . @@ -284,7 +282,7 @@ -Wall # Record mtime of changes file instead of build time to make build-compare work -make PERL=perl -C crypto buildinf.h +make -j1 PERL=perl -C crypto buildinf.h CHANGES=`stat --format="%%y" %{SOURCE1}` cat crypto/buildinf.h sed -i -e "s|#define DATE .*|#define DATE \"built on: $CHANGES\"|" crypto/buildinf.h @@ -371,11 +369,11 @@ }} for engine in 4758cca atalla nuron sureware ubsec cswift chil aep gmp capi; do -rm %{buildroot}/%{_libdir}/%{name}/engines/lib$engine.so +rm %{buildroot}/%{_libdir}/engines-1.0/lib$engine.so done %ifnarch %{ix86} x86_64 -rm %{buildroot}/%{_libdir}/%{name}/engines/libpadlock.so +rm %{buildroot}/%{_libdir}/engines-1.0/libpadlock.so %endif # install the steam content @@ -393,8 +391,8 @@ %defattr(-, root, root) %{_libdir}/libssl.so.%{num_version} %{_libdir}/libcrypto.so.%{num_version} -%dir %{_libdir}/%{name} -%{_libdir}/%{name}/engines +%dir %{_libdir}/engines-1.0 +%{_libdir}/engines-1.0 %files -n libopenssl1_0_0-steam %defattr(-, root, root) ++++++ 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch ++++++ --- /var/tmp/diff_new_pack.EnHdcr/_old 2017-06-27 10:19:48.707580715 +0200 +++ /var/tmp/diff_new_pack.EnHdcr/_new 2017-06-27 10:19:48.711580150 +0200 @@ -4,10 +4,10 @@ Subject: [PATCH] Axe builtin printf implementation, use glibc instead -Index: openssl-1.0.2i/crypto/bio/b_print.c +Index: openssl-1.0.2l/crypto/bio/b_print.c =================================================================== ---- openssl-1.0.2i.orig/crypto/bio/b_print.c 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/crypto/bio/b_print.c 2016-09-23 10:18:39.805097010 +0200 +--- openssl-1.0.2l.orig/crypto/bio/b_print.c 2017-05-25 14:54:38.000000000 +0200 ++++ openssl-1.0.2l/crypto/bio/b_print.c 2017-05-29 11:40:13.460583126 +0200 @@ -56,17 +56,10 @@ * [including the GNU Public Licence.] */ @@ -455,7 +455,7 @@ - if (!(flags & DP_F_UNSIGNED)) { - if (value < 0) { - signvalue = '-'; -- uvalue = -value; +- uvalue = -(unsigned LLONG)value; - } else if (flags & DP_F_PLUS) - signvalue = '+'; - else if (flags & DP_F_SPACE) ++++++ openssl-engines-path.patch ++++++ --- /var/tmp/diff_new_pack.EnHdcr/_old 2017-06-27 10:19:48.827563757 +0200 +++ /var/tmp/diff_new_pack.EnHdcr/_new 2017-06-27 10:19:48.827563757 +0200 @@ -7,7 +7,7 @@ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ - echo 'enginesdir=$${libdir}/engines'; \ -+ echo 'enginesdir=$${libdir}/openssl-1_0_0/engines'; \ ++ echo 'enginesdir=$${libdir}/engines-1.0'; \ echo ''; \ echo 'Name: OpenSSL-libcrypto'; \ echo 'Description: OpenSSL cryptography library'; \ @@ -16,7 +16,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines \ ++ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0 \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ @@ -29,14 +29,14 @@ @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ - $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ -+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0; \ for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ sfx=".so"; \ - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$$pfx$$l$$sfx.new; \ else \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ @@ -45,12 +45,12 @@ *) sfx=".bad";; \ esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$$pfx$$l$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$$pfx$$l$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$$pfx$$l$$sfx ); \ done; \ fi @target=install; $(RECURSIVE_MAKE) @@ -63,7 +63,7 @@ elsif (/^#define\s+ENGINESDIR/) { - my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$prefix/$libdir/openssl-1_0_0/engines"; ++ my $foo = "$prefix/$libdir/engines-1.0"; $foo =~ s/\\/\\\\/g; print OUT "#define ENGINESDIR \"$foo\"\n"; } @@ -76,7 +76,7 @@ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ sfx=".so"; \ - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$${pfx}$(LIBNAME)$$sfx.new; \ else \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ @@ -85,12 +85,12 @@ *) sfx=".bad";; \ esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1_0_0/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines-1.0/$${pfx}$(LIBNAME)$$sfx; \ fi links: ++++++ openssl-fipslocking.patch ++++++ --- /var/tmp/diff_new_pack.EnHdcr/_old 2017-06-27 10:19:48.863558670 +0200 +++ /var/tmp/diff_new_pack.EnHdcr/_new 2017-06-27 10:19:48.867558104 +0200 @@ -1,7 +1,7 @@ -Index: openssl-1.0.2h/crypto/fips/fips_drbg_rand.c +Index: openssl-1.0.2l/crypto/fips/fips_drbg_rand.c =================================================================== ---- openssl-1.0.2h.orig/crypto/fips/fips_drbg_rand.c 2016-08-03 18:09:00.212901713 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_rand.c 2016-08-03 18:22:15.741698211 +0200 +--- openssl-1.0.2l.orig/crypto/fips/fips_drbg_rand.c 2017-05-29 11:40:40.964991552 +0200 ++++ openssl-1.0.2l/crypto/fips/fips_drbg_rand.c 2017-05-29 11:40:47.861093955 +0200 @@ -82,7 +82,8 @@ static int fips_drbg_bytes(unsigned char if (count > dctx->min_entropy) RAND_load_file("/dev/urandom", count - dctx->min_entropy); @@ -81,10 +81,10 @@ } static const RAND_METHOD rand_drbg_meth = { -Index: openssl-1.0.2h/crypto/rand/md_rand.c +Index: openssl-1.0.2l/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2h.orig/crypto/rand/md_rand.c 2016-08-03 18:09:00.216901777 +0200 -+++ openssl-1.0.2h/crypto/rand/md_rand.c 2016-08-04 10:42:01.775958714 +0200 +--- openssl-1.0.2l.orig/crypto/rand/md_rand.c 2017-05-29 11:40:40.916990839 +0200 ++++ openssl-1.0.2l/crypto/rand/md_rand.c 2017-05-29 11:42:43.786815359 +0200 @@ -144,13 +144,6 @@ static long md_count[2] = { 0, 0 }; static double entropy = 0; static int initialized = 0; @@ -139,9 +139,9 @@ EVP_MD_CTX_init(&m); for (i = 0; i < num; i += MD_DIGEST_LENGTH) { -@@ -307,8 +290,7 @@ static void ssleay_rand_add(const void * +@@ -311,8 +294,7 @@ static void ssleay_rand_add(const void * + } } - EVP_MD_CTX_cleanup(&m); - if (!do_not_lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); @@ -149,7 +149,7 @@ /* * Don't just copy back local_md into md -- this could mean that other * thread's seeding remains without effect (except for the incremented -@@ -320,8 +302,8 @@ static void ssleay_rand_add(const void * +@@ -324,8 +306,8 @@ static void ssleay_rand_add(const void * } if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ entropy += add; @@ -160,7 +160,7 @@ #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) assert(md_c[1] == md_count[1]); -@@ -346,6 +328,7 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -353,6 +335,7 @@ int ssleay_rand_bytes(unsigned char *buf pid_t curr_pid = getpid(); #endif int do_stir_pool = 0; @@ -168,7 +168,7 @@ #ifdef PREDICT if (rand_predictable) { -@@ -387,13 +370,7 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -394,13 +377,7 @@ int ssleay_rand_bytes(unsigned char *buf * global 'md'. */ if (lock) @@ -183,7 +183,7 @@ /* always poll for external entropy in FIPS mode, drbg provides the * expansion -@@ -468,9 +445,8 @@ int ssleay_rand_bytes(unsigned char *buf +@@ -475,9 +452,8 @@ int ssleay_rand_bytes(unsigned char *buf md_count[0] += 1; /* before unlocking, we must clear 'crypto_lock_rand' */ @@ -195,14 +195,20 @@ while (num > 0) { /* num_ceil -= MD_DIGEST_LENGTH/2 */ -@@ -519,11 +495,11 @@ int ssleay_rand_bytes(unsigned char *buf - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); +@@ -535,15 +511,15 @@ int ssleay_rand_bytes(unsigned char *buf + !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + goto err; if (lock) - CRYPTO_w_lock(CRYPTO_LOCK_RAND); + locked = private_RAND_lock(1); - MD_Update(&m, md, MD_DIGEST_LENGTH); - MD_Final(&m, md); + if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || + !MD_Final(&m, md)) { +- if (lock) +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ if (lock && locked) ++ private_RAND_lock(0); + goto err; + } - if (lock) - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (lock && locked) @@ -210,7 +216,7 @@ EVP_MD_CTX_cleanup(&m); if (ok) -@@ -553,33 +529,10 @@ static int ssleay_rand_pseudo_bytes(unsi +@@ -577,33 +553,10 @@ static int ssleay_rand_pseudo_bytes(unsi static int ssleay_rand_status(void) { @@ -246,7 +252,7 @@ if (!initialized) { RAND_poll(); -@@ -588,12 +541,8 @@ static int ssleay_rand_status(void) +@@ -612,12 +565,8 @@ static int ssleay_rand_status(void) ret = entropy >= ENTROPY_NEEDED; @@ -261,10 +267,10 @@ return ret; } -Index: openssl-1.0.2h/crypto/rand/rand.h +Index: openssl-1.0.2l/crypto/rand/rand.h =================================================================== ---- openssl-1.0.2h.orig/crypto/rand/rand.h 2016-08-03 18:08:58.848879702 +0200 -+++ openssl-1.0.2h/crypto/rand/rand.h 2016-08-03 18:09:00.216901777 +0200 +--- openssl-1.0.2l.orig/crypto/rand/rand.h 2017-05-29 11:40:40.964991552 +0200 ++++ openssl-1.0.2l/crypto/rand/rand.h 2017-05-29 11:40:47.861093955 +0200 @@ -123,6 +123,8 @@ void RAND_set_fips_drbg_type(int type, i int RAND_init_fips(void); # endif @@ -274,10 +280,10 @@ /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes -Index: openssl-1.0.2h/crypto/rand/rand_lib.c +Index: openssl-1.0.2l/crypto/rand/rand_lib.c =================================================================== ---- openssl-1.0.2h.orig/crypto/rand/rand_lib.c 2016-08-03 18:08:58.848879702 +0200 -+++ openssl-1.0.2h/crypto/rand/rand_lib.c 2016-08-04 10:45:28.691025336 +0200 +--- openssl-1.0.2l.orig/crypto/rand/rand_lib.c 2017-05-29 11:40:40.968991611 +0200 ++++ openssl-1.0.2l/crypto/rand/rand_lib.c 2017-05-29 11:40:47.861093955 +0200 @@ -176,6 +176,41 @@ int RAND_status(void) return 0; }
participants (1)
-
root@hilbert.suse.de