Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2014-01-17 11:05:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2014-01-09 17:25:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2014-01-23 15:50:23.000000000 +0100 @@ -1,0 +2,34 @@ +Sat Jan 11 08:42:54 UTC 2014 - shchang@suse.com + +- Remove GCC option "-O3" for compiliation issue of ARM version + Modify: openssl.spec + +------------------------------------------------------------------- +Fri Jan 10 14:43:20 UTC 2014 - shchang@suse.com + +- Adjust the installation path( libopenssl/hmac into /lib or /lib64) + Modify files: README-FIPS.txt openssl.spec + +------------------------------------------------------------------- +Thu Jan 9 23:08:29 UTC 2014 - andreas.stieger@gmx.de + +- 1.0.1f: + * Fix for TLS record tampering bug CVE-2013-4353 +- already included: + * Fix for TLS version checking bug CVE-2013-6449 + * Fix for DTLS retransmission bug CVE-2013-6450 +- removed patches: + * CVE-2013-6449.patch, committed upstream + * CVE-2013-6450.patch, committed upstream + * SSL_get_certificate-broken.patch, committed upstream + * openssl-1.0.1e-bnc822642.patch, committed upstream +- modified patches: + * openssl-1.0.1e-fips.patch, adjust for upstream changes + * openssl-fix-pod-syntax.diff, adjust for upstream changes + +------------------------------------------------------------------- +Wed Jan 8 22:01:36 UTC 2014 - andreas.stieger@gmx.de + +- add a gpg keyring for source tarball + +------------------------------------------------------------------- Old: ---- CVE-2013-6449.patch CVE-2013-6450.patch SSL_get_certificate-broken.patch openssl-1.0.1e-bnc822642.patch openssl-1.0.1e.tar.gz openssl-1.0.1e.tar.gz.asc New: ---- openssl-1.0.1f.tar.gz openssl-1.0.1f.tar.gz.asc openssl.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.BTHegN/_old 2014-01-23 15:50:23.000000000 +0100 +++ /var/tmp/diff_new_pack.BTHegN/_new 2014-01-23 15:50:23.000000000 +0100 @@ -29,14 +29,16 @@ %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.1e +Version: 1.0.1f Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security -Url: http://www.openssl.org/ -Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz -Source42: http://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc +Url: https://www.openssl.org/ +Source: https://www.%{name}.org/source/%{name}-%{version}.tar.gz +Source42: https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc +# https://www.openssl.org/about/ +Source43: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.... # to get mtime of file: Source1: openssl.changes Source2: baselibs.conf @@ -54,8 +56,6 @@ Patch8: 0005-libssl-Hide-library-private-symbols.patch Patch9: openssl-1.0.1c-default-paths.patch Patch10: openssl-pkgconfig.patch -Patch11: SSL_get_certificate-broken.patch -Patch12: openssl-1.0.1e-bnc822642.patch # From Fedora openssl. Patch13: openssl-1.0.1c-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch @@ -63,8 +63,6 @@ Patch15: openssl-1.0.1e-fips.patch Patch16: openssl-1.0.1e-fips-ec.patch Patch17: openssl-1.0.1e-fips-ctor.patch -Patch18: CVE-2013-6449.patch -Patch19: CVE-2013-6450.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -164,15 +162,11 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 -%patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 -%patch18 -p1 -%patch19 -p1 cp -p %{S:10} . cp -p %{S:11} . @@ -230,7 +224,7 @@ --prefix=%{_prefix} \ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ -$RPM_OPT_FLAGS -O3 -std=gnu99 \ +$RPM_OPT_FLAGS -std=gnu99 \ -Wa,--noexecstack \ -fomit-frame-pointer \ -DTERMIO \ @@ -383,25 +377,23 @@ %{expand:%%global __os_install_post {%__os_install_post $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ - $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version} > \ - $RPM_BUILD_ROOT/%{_libdir}/.libssl.so.%{num_version}.hmac + $RPM_BUILD_ROOT/%{_lib}/libssl.so.%{num_version} > \ + $RPM_BUILD_ROOT/%{_lib}/.libssl.so.%{num_version}.hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ - $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version} > \ - $RPM_BUILD_ROOT/%{_libdir}/.libcrypto.so.%{num_version}.hmac + $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{num_version} > \ + $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{num_version}.hmac }} #process openssllib mkdir $RPM_BUILD_ROOT/%{_lib} -#mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ -#mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ +mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ +mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/ cd $RPM_BUILD_ROOT%{_libdir}/ -ln -sf /%{_libdir}/libssl.so.%{num_version} ./libssl.so -#ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so.%{num_version} -ln -sf /%{_libdir}/libcrypto.so.%{num_version} ./libcrypto.so -#ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so.%{num_version} +ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so +ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so for engine in 4758cca atalla nuron sureware ubsec cswift chil aep; do rm %{buildroot}/%{_lib}/engines/lib$engine.so @@ -420,14 +412,14 @@ %files -n libopenssl1_0_0 %defattr(-, root, root) -/%{_libdir}/libssl.so.%{num_version} -/%{_libdir}/libcrypto.so.%{num_version} +/%{_lib}/libssl.so.%{num_version} +/%{_lib}/libcrypto.so.%{num_version} /%{_lib}/engines %files -n libopenssl1_0_0-hmac %defattr(-, root, root) -%{_libdir}/.libssl.so.%{num_version}.hmac -%{_libdir}/.libcrypto.so.%{num_version}.hmac +/%{_lib}/.libssl.so.%{num_version}.hmac +/%{_lib}/.libcrypto.so.%{num_version}.hmac %files -n libopenssl-devel %defattr(-, root, root) ++++++ README-FIPS.txt ++++++ --- /var/tmp/diff_new_pack.BTHegN/_old 2014-01-23 15:50:23.000000000 +0100 +++ /var/tmp/diff_new_pack.BTHegN/_new 2014-01-23 15:50:23.000000000 +0100 @@ -51,15 +51,15 @@ The cryptographic module as defined for FIPS-140-2 is contained in the files - /usr/lib64/.libcrypto.so.1.0.0.hmac - /usr/lib64/.libssl.so.1.0.0.hmac - /usr/lib64/libcrypto.so.1.0.0 - /usr/lib64/libssl.so.1.0.0 + /lib64/.libcrypto.so.1.0.0.hmac + /lib64/.libssl.so.1.0.0.hmac + /lib64/libcrypto.so.1.0.0 + /lib64/libssl.so.1.0.0 for 64bit operation and - /usr/lib/.libcrypto.so.1.0.0.hmac - /usr/lib/.libssl.so.1.0.0.hmac - /usr/lib/libcrypto.so.1.0.0 - /usr/lib/libssl.so.1.0.0 + /lib/.libcrypto.so.1.0.0.hmac + /lib/.libssl.so.1.0.0.hmac + /lib/libcrypto.so.1.0.0 + /lib/libssl.so.1.0.0 for 32bit. The .hmac files contain a HMAC for the internal integrity checking. They @@ -197,26 +197,26 @@ libopenssl1_0_0 - files: - /usr/lib64/libcrypto.so.1.0.0 - /usr/lib64/libssl.so.1.0.0 - /usr/lib64/engines - /usr/lib64/engines/libcapi.so - /usr/lib64/engines/libgmp.so - /usr/lib64/engines/libgost.so - /usr/lib64/engines/libpadlock.so + /lib64/libcrypto.so.1.0.0 + /lib64/libssl.so.1.0.0 + /lib64/engines + /lib64/engines/libcapi.so + /lib64/engines/libgmp.so + /lib64/engines/libgost.so + /lib64/engines/libpadlock.so libopenssl1_0_0-hmac - files: - /usr/lib64/.libcrypto.so.1.0.0.hmac - /usr/lib64/.libssl.so.1.0.0.hmac + /lib64/.libcrypto.so.1.0.0.hmac + /lib64/.libssl.so.1.0.0.hmac libopenssl1_0_0-32bit - - files as in package libopenssl1_0_0, but in /usr/lib/. + - files as in package libopenssl1_0_0, but in /lib/. The .so libraries are for the 32bit compatibility mode of the openssl library. libopenssl1_0_0-hmac-32bit -- files as in package libopenssl1_0_0-hmac, but in /usr/lib/. +- files as in package libopenssl1_0_0-hmac, but in /lib/. libopenssl-devel - header files and static libraries for compiling applications with the ++++++ openssl-1.0.1e-fips.patch ++++++ ++++ 9286 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl/openssl-1.0.1e-fips.patch ++++ and /work/SRC/openSUSE:Factory/.openssl.new/openssl-1.0.1e-fips.patch ++++++ openssl-1.0.1e.tar.gz -> openssl-1.0.1f.tar.gz ++++++ ++++ 19489 lines of diff (skipped) ++++++ openssl-fix-pod-syntax.diff ++++++ ++++ 618 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl/openssl-fix-pod-syntax.diff ++++ and /work/SRC/openSUSE:Factory/.openssl.new/openssl-fix-pod-syntax.diff -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org