Hello community,
here is the log from the commit of package boringssl for openSUSE:Factory checked in at 2019-04-26 22:54:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/boringssl (Old)
and /work/SRC/openSUSE:Factory/.boringssl.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "boringssl"
Fri Apr 26 22:54:36 2019 rev:2 rq:697963 version:20181228
Changes:
--------
--- /work/SRC/openSUSE:Factory/boringssl/boringssl.changes 2019-01-05 14:41:54.768502927 +0100
+++ /work/SRC/openSUSE:Factory/.boringssl.new.5536/boringssl.changes 2019-04-26 22:54:38.149307956 +0200
@@ -1,0 +2,203 @@
+Thu Apr 25 14:50:41 UTC 2019 - Michał Rostecki
+
+- Add patch which fixes build on aarch64.
+ * 0001-crypto-Fix-aead_test-build-on-aarch64.patch
+
+-------------------------------------------------------------------
+Thu Apr 25 12:41:41 UTC 2019 - dmueller@suse.com
+
+- Update to version 20181228:
+ * Use thread-local storage for PRNG states if fork-unsafe buffering is enabled.
+ * Add Win64 SEH unwind codes for the ABI test trampoline.
+ * Translate .L directives inside .byte too.
+ * Add an ABI testing framework.
+ * Use same HKDF label as TLS 1.3 for QUIC as per draft-ietf-quic-tls-17
+ * Add |SSL_key_update|.
+ * HRSS: omit reconstruction of ciphertext.
+ * Add start of infrastructure for checking constant-time properties.
+ * Don't enable intrinsics on x86 without ABI support.
+ * HRSS: be strict about unused bits being zero.
+ * Disable AES-GCM-SIV assembly on Windows.
+ * Fix typo in AES-GCM-SIV comments.
+ * Fix HRSS build error on ARM
+ * Fix thread-safety bug in SSL_get_peer_cert_chain.
+ * Remove HRSS confirmation hash.
+ * Drop NEON assembly for HRSS.
+ * Add |SSL_export_traffic_secrets|.
+ * Patch out the XTS implementation in bsaes.
+ * Remove .file and .loc directives from HRSS ARM asm.
+ * Do not allow AES_128_GCM_SHA256 with CECPQ2.
+ * Always 16-byte align |poly| elements.
+ * Fix bug in HRSS tests.
+ * Add initial HRSS support.
+ * Forbid empty CertificateRequestsupported_signature_algorithms in TLS 1.2.
+ * Eliminate |OPENSSL_ia32cap_P| in C code in the FIPS module.
+ * Fix d2i_*_bio on partial reads.
+ * Fix |BN_HEX_FMT2|.
+ * Remove XOP code from sha512-x86_64.pl.
+ * Pretend AMD XOP was never a thing.
+ * Drop some explicit SSLKeyShare destructors.
+ * Assume hyper-threading-like vulnerabilities are always present.
+ * Replace the last CRITICAL_SECTION with SRWLOCK.
+ * Validate ClientHellos in tests some more.
+ * Re-enable AES-NI on 32-bit x86 too.
+ * Make symbol-prefixing work on 32-bit x86.
+ * Make Windows symbol-prefixing work.
+ * Support Windows-style ar files.
+ * Move __.SYMDEF handling to ar.go.
+ * Fix stack_test.cc in the prefixed build.
+ * Don't double-mangle C++ symbols on macOS.
+ * Make read_symbols.go a bit more idiomatic.
+ * Unexport and rename hex_to_string, string_to_hex, and name_cmp.
+ * Satisfy golint.
+ * Add a note that generated files are generated.
+ * Work around a JDK 11 TLS 1.3 bug.
+ * Move ARM cpuinfo functions to the header.
+ * Regenerate obj_dat.h
+ * go fmt
+ * Support execute-only memory for AArch64 assembly.
+ * Remove cacheline striping in copy_from_prebuf.
+ * Tidy up type signature of BN_mod_exp_mont_consttime table.
+ * No longer set CQ-Verified label on CQ success/failure.
+ * Print a message when simulating CPUs.
+ * Move JSON test results code into a common module.
+ * In 0RTT mode, reverify the server certificate before sending early data.
+ * Support assembly building for arm64e architecture.
+ * Simulate other ARM CPUs when running tests.
+ * Merge P-224 contract into serialisation.
+ * Contract P-224 elements before returning them.
+ * Add post-handshake support for the QUIC API.
+ * Speculatively remove __STDC_*_MACROS.
+ * Modernize OPENSSL_COMPILE_ASSERT, part 2.
+ * Switch docs to recommending NASM.
+ * Mark the |e| argument to |RSA_generate_key_ex| as const.
+ * Clean up EC_POINT to byte conversions.
+ * Need cpu.h for |OPENSSL_ia32cap_P|.
+ * Rename EC_MAX_SCALAR_*.
+ * Use EC_RAW_POINT in ECDSA.
+ * Optimize EC_GFp_mont_method's cmp_x_coordinate.
+ * Optimize EC_GFp_nistp256_method's cmp_x_coordinate.
+ * Remove unreachable code.
+ * Also accept __ARM_NEON
+ * Remove some easy BN_CTXs.
+ * Push BIGNUM out of the cmp_x_coordinate interface.
+ * Push BIGNUM out of EC_METHOD's affine coordinates hook.
+ * Fix r = p-n+epsilon ECDSA tests.
+ * Don't include openssl/ec_key.h under extern "C".
+ * Abstract hs_buf a little.
+ * Inline ec_GFp_simple_group_get_degree.
+ * Better test boundary cases of ec_cmp_x_coordinate.
+ * Fix build when bcm.c is split up.
+ * Revert "Revert "Speed up ECDSA verify on x86-64.""
+ * Make SSL_get_current_cipher valid during QUIC callbacks.
+ * Devirtualize ec_simple_{add,dbl}.
+ * Refresh fuzzer corpora for changes to split-handshake serialization.
+ * Serialize SSL curve list in handoff and check it on application.
+ * Revert "Speed up ECDSA verify on x86-64."
+ * Route the tuned add/dbl implementations out of EC_METHOD.
+ * Speed up ECDSA verify on x86-64.
+ * Include details about latest FIPS certification.
+ * Serialize SSL configuration in handoff and check it on application.
+ * Don't overflow state->calls on 16TiB RAND_bytes calls.
+ * Buffer up QUIC data within a level internally.
+ * Add an interface for QUIC integration.
+ * Remove OPENSSL_NO_THREADS.
+ * Minor fixes to bytestring.h header.
+ * Test CBC padding more aggressively.
+ * Restore CHECKED_CAST.
+ * Fix EVP_tls_cbc_digest_record is slow using SHA-384 and short messages
+ * Tidy up dsa_sign_setup.
+ * Fix the build on glibc 2.15.
+ * Modernize OPENSSL_COMPILE_ASSERT.
+ * Fix redefinition of AEAD asserts in e_aes.c.
+ * Guard sys/auxv.h include on !BORINGSSL_ANDROID.
+ * Flatten EVP_AEAD_CTX
+ * Implement SSL_get_tlsext_status_type
+ * Fix documentation sectioning.
+ * Remove support for GCC 4.7.
+ * Print the name of the binary when blocking in getrandom.
+ * Undo recent changes to |X509V3_EXT_conf_nid|.
+ * Add a compatibility EVP_CIPH_OCB_MODE value.
+ * [util] Mark srtp.h as an SSL header file
+ * [rand] Disable RandTest.Fork on Fuchsia
+ * Remove -fsanitize-cfi-icall-generalize-pointers.
+ * Fix undefined function pointer casts in LHASH.
+ * Use proper functions for lh_*.
+ * Better handle AVX-512 assembly syntax.
+ * Always push errors on BIO_read_asn1 failure.
+ * Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests.
+ * Fix div.c to divide BN_ULLONG only if BN_CAN_DIVIDE_ULLONG defined.
+ * Include aes.h in mode/internal.h
+ * Fix section header capitalization.
+ * Fix build in consumers that flag unused parameters.
+ * [perlasm] Hide OPENSSL_armcap_P in assembly
+ * Test the binary search more aggressively.
+ * Opaquify CONF.
+ * Bring Mac and iOS builders back to the CQ.
+ * Remove LHASH_OF mention in X509V3_EXT_conf_nid.
+ * Inline functions are apparently really complicated.
+ * Actually disable RandTest.Fork on iOS.
+ * Mostly fix undefined casts around STACK_OF's comparator.
+ * Fix undefined casts in sk_*_pop_free and sk_*_deep_copy.
+ * Take iOS builders out of the CQ rotation too.
+ * Rewrite PEM_X509_INFO_read_bio.
+ * Fix undefined block128_f, etc., casts.
+ * Fix undefined function pointer casts in {d2i,i2d}_Foo_{bio,fp}
+ * Fix undefined function pointer casts in IMPLEMENT_PEM_*.
+ * Always print some diagnostic information when POST fails.
+ * Disable RandTest.Fork on iOS.
+ * Const-correct sk_find and sk_delete_ptr.
+ * Add a test for STACK_OF(T).
+ * Rename inject-hash: Bazel does not like hyphens.
+ * Rename OPENSSL_NO_THREADS, part 1.
+ * Fix ERR_GET_REASON checks.
+ * Add a basic test for PEM_X509_INFO_read_bio.
+ * Replace BIO_new + BIO_set_fp with BIO_new_fp.
+ * Remove Mac try jobs from the CQ.
+ * Add util/read_symbols.go
+ * Tighten up getrandom handling.
+ * Remove SHA384_Transform from sha.h.
+ * Push an error on sigalg mismatch in X509_verify.
+ * Sync bundled bits of golang.org/x/crypto.
+ * Use Go modules with delocate.
+ * Keep the GCM bits in one place.
+ * Trim 88 bytes from each AES-GCM EVP_AEAD.
+ * Set up Go modules.
+ * Use sdallocx, if available, when deallocating.
+ * Remove the add_alert hook.
+ * Fix doc.go error capitalization.
+ * Don't include quotes in heredocs.
+ * Add missing bssl::UpRef overloads.
+ * Roll back clang revision.
+ * Update tools.
+ * Fix BORINGSSL_NO_CXX.
+ * Fix check of the pointer returned by BN_CTX_get
+ * Include newlines at the end of generated asm.
+ * Automatically disable assembly with MSAN.
+ * Mark the C version of md5_block_data_order static.
+ * Reorder some extensions to better match Firefox.
+ * Make symbol-prefixing work on ARM.
+ * Document alternative functions to BIO_f_base64.
+ * Another batch of bools.
+ * Add some RAND_bytes tests.
+ * Support symbol prefixes
+ * Fill in a fake session ID for TLS 1.3.
+ * Create output directories for perlasm.
+ * Fix Fiat path.
+ * Fix GCC (8.2.1) build error.
+ * Some more bools.
+ * Flatten most of the crypto target.
+ * Flatten assembly files.
+ * Flatten the decrepit target.
+ * Clarify "reference" and fix typo.
+ * Fix corner case in cpuinfo parser.
+ * Add some about ownership to API-CONVENTIONS.
+ * Tidy up docs for #defines.
+ * No negative moduli.
+ * Document that ED25519_sign only fails on allocation failure
++++ 6 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/boringssl/boringssl.changes
++++ and /work/SRC/openSUSE:Factory/.boringssl.new.5536/boringssl.changes
Old:
----
boringssl-20181026.tar.xz
New:
----
0001-crypto-Fix-aead_test-build-on-aarch64.patch
boringssl-20181228.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ boringssl.spec ++++++
--- /var/tmp/diff_new_pack.hJiCiC/_old 2019-04-26 22:54:38.921307458 +0200
+++ /var/tmp/diff_new_pack.hJiCiC/_new 2019-04-26 22:54:38.925307456 +0200
@@ -1,7 +1,7 @@
#
# spec file for package boringssl
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -20,7 +20,7 @@
%define libname libboringssl%{sover}
Name: boringssl
-Version: 20181026
+Version: 20181228
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
@@ -28,6 +28,7 @@
Url: https://boringssl.googlesource.com/boringssl/
Source: %{name}-%{version}.tar.xz
Patch0: add-soversion-option.patch
+Patch1: 0001-crypto-Fix-aead_test-build-on-aarch64.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: go
@@ -58,6 +59,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
%cmake \
@@ -87,7 +89,6 @@
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
-
%files -n %{libname}
%doc README.md
%license LICENSE
++++++ 0001-crypto-Fix-aead_test-build-on-aarch64.patch ++++++
From d16b362b228ebee5c16ae6c214a50348e9e963b9 Mon Sep 17 00:00:00 2001
From: Michal Rostecki
Date: Thu, 25 Apr 2019 16:11:28 +0200
Subject: [PATCH] crypto: Fix aead_test build on aarch64
aarch64 does not allow allignments larger than 16 bytes.
Before this change, `aead_test.cc` build on aarch64 was failing with the
following errors:
aead_test.cc:543:54: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
aead_test.cc:544:58: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
aead_test.cc:545:39: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t plaintext[32 + 1];
aead_test.cc:546:32: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t ad[32 + 1];
aead_test.cc:564:75: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
aead_test.cc:572:45: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t out[sizeof(ciphertext)];
aead_test.cc:586:50: error: requested alignment 64 is larger than 16 [-Werror=attributes]
alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
^
Signed-off-by: Michal Rostecki
Change-Id: Iac2c6810fa260ad214abde8db733793ac914acda
---
crypto/cipher_extra/aead_test.cc | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
index fff7d4397..906a5acc0 100644
--- a/crypto/cipher_extra/aead_test.cc
+++ b/crypto/cipher_extra/aead_test.cc
@@ -29,6 +29,12 @@
#include "../test/test_util.h"
#include "../test/wycheproof_util.h"
+#if defined(OPENSSL_AARCH64)
+#define ALIGN_BYTES 16
+#else
+#define ALIGN_BYTES 64
+#endif
+
struct KnownAEAD {
const char name[40];
@@ -540,10 +546,10 @@ TEST_P(PerAEADTest, AliasedBuffers) {
}
TEST_P(PerAEADTest, UnalignedInput) {
- alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
- alignas(64) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
- alignas(64) uint8_t plaintext[32 + 1];
- alignas(64) uint8_t ad[32 + 1];
+ alignas(ALIGN_BYTES) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
+ alignas(ALIGN_BYTES) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
+ alignas(ALIGN_BYTES) uint8_t plaintext[32 + 1];
+ alignas(ALIGN_BYTES) uint8_t ad[32 + 1];
OPENSSL_memset(key, 'K', sizeof(key));
OPENSSL_memset(nonce, 'N', sizeof(nonce));
OPENSSL_memset(plaintext, 'P', sizeof(plaintext));
@@ -561,7 +567,7 @@ TEST_P(PerAEADTest, UnalignedInput) {
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
evp_aead_seal));
- alignas(64) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
+ alignas(ALIGN_BYTES) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
size_t ciphertext_len;
ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), ciphertext + 1, &ciphertext_len,
sizeof(ciphertext) - 1, nonce + 1, nonce_len,
@@ -569,7 +575,7 @@ TEST_P(PerAEADTest, UnalignedInput) {
ad_len));
// It must successfully decrypt.
- alignas(64) uint8_t out[sizeof(ciphertext)];
+ alignas(ALIGN_BYTES) uint8_t out[sizeof(ciphertext)];
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
@@ -583,7 +589,7 @@ TEST_P(PerAEADTest, UnalignedInput) {
}
TEST_P(PerAEADTest, Overflow) {
- alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
+ alignas(ALIGN_BYTES) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
OPENSSL_memset(key, 'K', sizeof(key));
bssl::ScopedEVP_AEAD_CTX ctx;
--
2.21.0
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.hJiCiC/_old 2019-04-26 22:54:38.969307428 +0200
+++ /var/tmp/diff_new_pack.hJiCiC/_new 2019-04-26 22:54:38.969307428 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://boringssl.googlesource.com/boringssl</param>
- <param name="changesrevision">702e2b6d3831486535e958f262a05c75a5cb312e</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">8e8f250422663106d478f6927beefba289a95b37</param></service></servicedata>
\ No newline at end of file
++++++ add-soversion-option.patch ++++++
--- /var/tmp/diff_new_pack.hJiCiC/_old 2019-04-26 22:54:38.977307423 +0200
+++ /var/tmp/diff_new_pack.hJiCiC/_new 2019-04-26 22:54:38.977307423 +0200
@@ -1,4 +1,4 @@
-From 66b00e218c697966daad2c8c67996c8cc1c3b3ec Mon Sep 17 00:00:00 2001
+From e23b950bc30e196937861b7b167a5f520c8b2118 Mon Sep 17 00:00:00 2001
From: Michal Rostecki
Date: Tue, 6 Nov 2018 20:29:25 +0100
Subject: [PATCH] cmake: Add SOVERSION option
@@ -19,10 +19,10 @@
5 files changed, 29 insertions(+)
diff --git a/BUILDING.md b/BUILDING.md
-index 19dbe015..4e565e65 100644
+index 924f6c924..69cecefc4 100644
--- a/BUILDING.md
+++ b/BUILDING.md
-@@ -70,6 +70,9 @@ Windows, where functions need to be tagged with `dllimport` when coming from a
+@@ -71,6 +71,9 @@ Windows, where functions need to be tagged with `dllimport` when coming from a
shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s
the BoringSSL headers.
@@ -33,7 +33,7 @@
where performance is the overriding concern, `OPENSSL_SMALL` can be defined to
remove some code that is especially large.
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 4eb0d0d6..611a03d2 100644
+index 1f18782f3..b8ea82c08 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,7 @@
@@ -44,7 +44,7 @@
# Report AppleClang separately from Clang. Their version numbers are different.
# https://cmake.org/cmake/help/v3.0/policy/CMP0025.html
if(POLICY CMP0025)
-@@ -422,6 +424,12 @@ endif()
+@@ -503,6 +505,12 @@ endif()
# Add minimal googletest targets. The provided one has many side-effects, and
# googletest has a very straightforward build.
add_library(boringssl_gtest third_party/googletest/src/gtest-all.cc)
@@ -58,11 +58,11 @@
include_directories(third_party/googletest/include)
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
-index 2684750e..1bb88a06 100644
+index 863591020..31e1c2b96 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
-@@ -205,6 +205,12 @@ add_library(
-
+@@ -404,6 +404,12 @@ add_library(
+ ${CRYPTO_ARCH_SOURCES}
${CRYPTO_FIPS_OBJECTS}
)
+if(BUILD_SHARED_LIBS AND SOVERSION)
@@ -72,15 +72,15 @@
+ )
+endif()
- if(FIPS_DELOCATE)
- add_dependencies(crypto bcm_o_target)
+ add_dependencies(crypto global_target)
+
diff --git a/decrepit/CMakeLists.txt b/decrepit/CMakeLists.txt
-index bebc624c..49c70878 100644
+index 1cb5e11f7..26d1a6dc9 100644
--- a/decrepit/CMakeLists.txt
+++ b/decrepit/CMakeLists.txt
-@@ -35,6 +35,12 @@ add_library(
- $
- $
+@@ -21,6 +21,12 @@ add_library(
+ x509/x509_decrepit.c
+ xts/xts.c
)
+if(BUILD_SHARED_LIBS AND SOVERSION)
+ set_target_properties(
@@ -89,10 +89,10 @@
+ )
+endif()
- target_link_libraries(decrepit crypto ssl)
+ add_dependencies(decrepit global_target)
diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
-index 6881089f..96a5ffc0 100644
+index d6c1294f1..102e015fd 100644
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@@ -40,6 +40,12 @@ add_library(
@@ -106,8 +106,8 @@
+ )
+endif()
- target_link_libraries(ssl crypto)
+ add_dependencies(ssl global_target)
--
-2.19.1
+2.21.0
++++++ boringssl-20181026.tar.xz -> boringssl-20181228.tar.xz ++++++
/work/SRC/openSUSE:Factory/boringssl/boringssl-20181026.tar.xz /work/SRC/openSUSE:Factory/.boringssl.new.5536/boringssl-20181228.tar.xz differ: char 26, line 1