Hello community, here is the log from the commit of package boringssl for openSUSE:Factory checked in at 2019-09-04 09:34:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/boringssl (Old) and /work/SRC/openSUSE:Factory/.boringssl.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "boringssl" Wed Sep 4 09:34:23 2019 rev:4 rq:728033 version:20190523 Changes: -------- --- /work/SRC/openSUSE:Factory/boringssl/boringssl.changes 2019-08-30 14:42:09.849416276 +0200 +++ /work/SRC/openSUSE:Factory/.boringssl.new.7948/boringssl.changes 2019-09-04 09:34:30.174704349 +0200 @@ -1,0 +2,204 @@ +Tue Sep 3 07:15:48 UTC 2019 - Martin Pluskal <mpluskal@suse.com> + +- Update to version 20190523: + * Disable RDRAND on AMD chips before Zen. + * Always store early data tickets. + * Align PKCS12_parse closer to OpenSSL. + * Support PKCS#12 KeyBags. + * Support PKCS#8 blobs using PBES2 with HMAC-SHA256. + * Make EVP_PKEY_keygen work for Ed25519. + * Sync aesp8-ppc.pl with upstream. + * Update generate_build_files.py for SIKE. + * Fix the last casts in third_party/sike. + * Remove no-op casts around tt1. + * Define p503 with crypto_word_t, not uint64_t. + * Add support for SIKE/p503 post-quantum KEM + * tool: fix speed tests. + * Add an option to skip crypto_test_data.cc in GN too. + * Save and restore errors when ignoring ssl_send_alert result. + * Reject obviously invalid DSA parameters during signing. + * Make expect/expected flag and variable names match. + * clang-format Flag arrays in test_config.cc. + * Rename remnants of ticket_early_data_info. + * Enforce the ticket_age parameter for 0-RTT. + * Add SSL_get_early_data_reason. + * Remove implicit -on-resume for -expect-early-data-accept. + * Use weak symbols only on supported platforms + * Fix spelling in comments. + * Add functions for "raw" EVP_PKEY serializations. + * Remove stray underscores. + * Add a compatibility EVP_DigestFinalXOF function. + * Fix up EVP_DigestSign implementation for Ed25519. + * Check for errors when setting up X509_STORE_CTX. + * Convert a few more things from int to bool. + * Compute the delegated credentials length prefix with CBB. + * Convert the rest of ssl_test to GTest. + * Check for x18 usage in aarch64 assembly. + * Handle errors from close in perlasm scripts. + * Hold off flushing NewSessionTicket until write. + * Predeclare enums in base.h + * Require certificates under name constraints use SANs. + * Make X509_verify_cert_error_string thread-safe. + * Disable the common name fallback on *any* SAN list. + * Silently ignore X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT. + * Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT. + * Give ENGINE_free a return value. + * Output a ClientHello during handoff. + * Fix and test EVP_PKEY_CTX copying. + * Test copying an EVP_MD_CTX. + * Fix EVP_CIPHER_CTX_copy for AES-GCM. + * Check key sizes in AES_set_*_key. + * Add missing nonce_len check to aead_aes_gcm_siv_asm_open. + * Test AES-GCM-SIV with OPENSSL_SMALL. + * Handle CBB_cleanup on child CBBs more gracefully. + * Update third_party/googletest. + * Rename 'md' output parameter to 'out' and add bounds. + * Update other build tools. + * Update SDE to 8.35.0-2019-03-11. + * nit: Update references to draft-ietf-tls-subcerts. + * Support get versions with get_{min,max}_proto_version for context + * Update ImplDispatchTest for bsaes-x86_64 removal. + * Unwind the large_inputs hint in aes_ctr_set_key. + * Add an optimized x86_64 vpaes ctr128_f and remove bsaes. + * Add 16384 to the default bssl speed sizes. + * Rewrite BN_CTX. + * Save a temporary in BN_mod_exp_mont's w=1 case. + * Reject long inputs in c2i_ASN1_INTEGER. + * Harden the lower level parts of crypto/asn1 against overflows. + * Remove d2i_ASN1_UINTEGER. + * Drop some unused bsaes to aes_nohw dependencies. + * Adapt gcm_*_neon to aarch64. + * Patch out the aes_nohw fallback in bsaes_cbc_encrypt. + * Patch out the aes_nohw fallback in bsaes_ctr32_encrypt_blocks. + * Implement sk_find manually. + * Make vpaes-armv8.pl compatible with XOM. + * Support three-argument instructions on x86-64. + * Correct outdated comments + * Remove SSL_get_structure_sizes. + * Prefer vpaes over bsaes in AES-GCM-SIV and AES-CCM. + * Tell ASan about the OPENSSL_malloc prefix. + * modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings. + * Enable vpaes for aarch64, with CTR optimizations. + * Check in vpaes-armv8.pl from OpenSSL unused and unmodified. + * silence unused variable warnings when using OPENSSL_clear_free + * Handle NULL public key in |EC_KEY_set_public_key|. + * Add a 32-bit SSSE3 GHASH implementation. + * Also include abi_test.cc in ssl_test_files. + * Don't pull abi_test.cc into non-GTest targets. + * Update *_set_cert_cb documentation regarding resumption + * Add a reference for Linux ARM ABI. + * Remove __ARM_ARCH__ guard on gcm_*_v8. + * Fix bsaes-armv7.pl getting disabled by accident. + * Add an option to configure bssl speed chunk size. + * Appease GCC's uninitialized value warning. + * Set VPAES flags in x86-64 code. + * Enable vpaes for AES_* functions. + * Avoid double-dispatch with AES_* vs aes_nohw_*. + * Add uint64_t support in CBS and CBB. + * Clear out a bunch of -Wextra-semi warnings. + * Add compiled python files to .gitignore. + * Fix x86_64-xlate.pl comment regex. + * Add go 1.11 to go.mod. + * Remove STRICT_ALIGNMENT code from modes. + * Remove non-STRICT_ALIGNMENT code from xts.c. + * Patch XTS out of ARMv7 bsaes too. + * Remove stray prototype. + * Always define GHASH. + * Update delegated credentials to draft-03 + * Use Windows symbol APIs in the unwind tester. + * Unwind RDRAND functions correctly on Windows. + * Patch out unused aesni-x86_64 functions. + * Add ABI tests for aesni-gcm-x86_64.pl. + * Add ABI tests for x86_64-mont5.pl. + * sync EVP_get_cipherbyname with EVP_do_all_sorted + * Hyperlink DOI to preferred resolver + * Remove stray semicolons. + * Remove separate default group list for servers. + * Enable all curves (inc CECPQ2) during fuzzing. + * Implement ABI testing for aarch64. + * Fix ABI error in bn_mul_mont on aarch64. + * Implement ABI testing for ARM. + * Fix the order of Windows unwind codes. + * Implement unwind testing for Windows. + * Tolerate spaces when parsing .type directives. + * runner: Don't generate an RSA key on startup. + * Don't use bsaes over vpaes for CTR-DRBG. + * perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata. + * Add instructions for debugging on Android with gdb. + * Enforce key usage for RSA keys in TLS 1.2. + * Remove infra/config folder in master branch. + * Avoid SCT/OCSP extensions in SH on {Omit|Empty}Extensions + * Test and fix an ABI issue with small parameters. + * Add RSAZ ABI tests. + * Better document RSAZ and tidy up types. + * Add ABI testing for 32-bit x86. + * Add a very roundabout EC keygen API. + * Add some Node compatibility functions. + * Implement server support for delegated credentials. + * Add a constant-time pshufb-based GHASH implementation. + * Tweak some slightly fragile tests. + * Make 256-bit ciphers a preference for CECPQ2, not a requirement. + * Update comments around JDK11 workaround. + * Add a RelWithAsserts build configuration. + * Remove union from |SHA512_CTX|. + * Avoid unwind tests on libc functions. + * Don't pass NULL,0 to qsort. + * Fix signed left-shifts in curve25519.c. + * Add an option to build with UBSan. + * Fix undefined pointer casts in SHA-512 code. + * HRSS: flatten sample distribution. + * Add test of assembly code dispatch. + * Simplify HRSS mod3 circuits. + * Add SSL_OP_NO_RENEGOTIATION + * Rename Fiat include files to end in .h + * Switch to new fiat pipeline. + * Don't look for libunwind if cross-compiling. + * Mark some unmarked array sizes in curve25519.c. + * Revert "Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos" + * Add ABI tests for GCM. + * Fix SSL_R_TOO_MUCH_READ_EARLY_DATA. + * Test CRYPTO_gcm128_tag in gcm_test.cc. + * Remove pointer cast in P-256 table. + * Ignore new fields in forthcoming Wycheproof tests. + * Fix RSAZ's OPENSSL_cleanse. + * Allow configuring QUIC method per-connection + * Fix header file for _byteswap_ulong and _byteswap_uint64 from MSVC CRT + * Add ABI tests for HRSS assembly. + * Add AES ABI tests. + * Move aes_nohw, bsaes, and vpaes prototypes to aes/internal.h. + * Add direction flag checking to CHECK_ABI. + * Add ABI tests for ChaCha20_ctr32. + * Add ABI tests for MD5. + * Refresh fuzzer corpus. + * Delete the variants/draft code. + * Update tools. + * Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos + * Use handshake parameters to decide if cert/key are available + * Add ABI tests for bn_mul_mont. + * Add ABI tests for SHA*. + * Make pkg-config optional. + * Add DEPS rules to checkout Windows SDE. + * Add ABI tests for rdrand. + * Set NIDs for Blowfish and CAST. + * Add a CFI tester to CHECK_ABI. + * Fix some size_t to long casts. + * Add EVP_CIPHER support for Blowfish and CAST to decrepit. + * Be less clever with CHECK_ABI. + * Update SDE and add the Windows version. + * Remove pooling of PRNG state. + * Add EC_KEY_key2buf for OpenSSL compatibility + * Remove bundled copy of android-cmake. + * Clarify build requirements. + * Add EC_GROUP_order_bits for OpenSSL compatibility + * Annotate leaf functions with .cfi_{startproc,endproc} + * Fix beeu_mod_inverse_vartime CFI annotations and preamble. + * Fix CFI annotations in p256-x86_64-asm.pl. + * Add a comment about ecp_nistz256_point_add_affine's limitations. + * Refresh p256-x86_64_tests.txt. ++++ 7 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/boringssl/boringssl.changes ++++ and /work/SRC/openSUSE:Factory/.boringssl.new.7948/boringssl.changes Old: ---- boringssl-20181228.tar.xz New: ---- boringssl-20190523.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ boringssl.spec ++++++ --- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.198704123 +0200 +++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.202704122 +0200 @@ -16,10 +16,10 @@ # -%define sover 0 +%define sover 1 %define libname libboringssl%{sover} Name: boringssl -Version: 20181228 +Version: 20190523 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL @@ -28,9 +28,12 @@ Source: %{name}-%{version}.tar.xz Patch0: add-soversion-option.patch Patch1: 0001-crypto-Fix-aead_test-build-on-aarch64.patch -BuildRequires: cmake +BuildRequires: cmake >= 3.0 BuildRequires: gcc-c++ BuildRequires: go +BuildRequires: libunwind-devel +BuildRequires: ninja +ExclusiveArch: %{ix86} x86_64 %description BoringSSL is an implementation of the Secure Sockets Layer (SSL) and @@ -62,10 +65,11 @@ %build %define _lto_cflags %{nil} +%define __builder ninja %cmake \ -DCMAKE_C_FLAGS="%{optflags} -pthread" \ -DCMAKE_CXX_FLAGS="%{optflags} -pthread" \ - -DSOVERSION=1 + -DSOVERSION=%{sover} %cmake_build %install ++++++ 0001-crypto-Fix-aead_test-build-on-aarch64.patch ++++++ --- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.222704118 +0200 +++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.222704118 +0200 @@ -30,10 +30,10 @@ crypto/cipher_extra/aead_test.cc | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) -diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc -index fff7d4397..906a5acc0 100644 ---- a/crypto/cipher_extra/aead_test.cc -+++ b/crypto/cipher_extra/aead_test.cc +Index: boringssl-20190523/crypto/cipher_extra/aead_test.cc +=================================================================== +--- boringssl-20190523.orig/crypto/cipher_extra/aead_test.cc ++++ boringssl-20190523/crypto/cipher_extra/aead_test.cc @@ -29,6 +29,12 @@ #include "../test/test_util.h" #include "../test/wycheproof_util.h" @@ -89,6 +89,3 @@ OPENSSL_memset(key, 'K', sizeof(key)); bssl::ScopedEVP_AEAD_CTX ctx; --- -2.21.0 - ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.262704109 +0200 +++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.266704108 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://boringssl.googlesource.com/boringssl</param> - <param name="changesrevision">8e8f250422663106d478f6927beefba289a95b37</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">2e0d354690064c90ee245c715b92e2bb32492571</param></service></servicedata> \ No newline at end of file ++++++ add-soversion-option.patch ++++++ --- /var/tmp/diff_new_pack.OVEIvL/_old 2019-09-04 09:34:31.278704105 +0200 +++ /var/tmp/diff_new_pack.OVEIvL/_new 2019-09-04 09:34:31.278704105 +0200 @@ -18,11 +18,11 @@ ssl/CMakeLists.txt | 6 ++++++ 5 files changed, 29 insertions(+) -diff --git a/BUILDING.md b/BUILDING.md -index 924f6c924..69cecefc4 100644 ---- a/BUILDING.md -+++ b/BUILDING.md -@@ -71,6 +71,9 @@ Windows, where functions need to be tagged with `dllimport` when coming from a +Index: boringssl-20190523/BUILDING.md +=================================================================== +--- boringssl-20190523.orig/BUILDING.md ++++ boringssl-20190523/BUILDING.md +@@ -79,6 +79,9 @@ Windows, where functions need to be tagg shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s the BoringSSL headers. @@ -32,19 +32,19 @@ In order to serve environments where code-size is important as well as those where performance is the overriding concern, `OPENSSL_SMALL` can be defined to remove some code that is especially large. -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 1f18782f3..b8ea82c08 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt +Index: boringssl-20190523/CMakeLists.txt +=================================================================== +--- boringssl-20190523.orig/CMakeLists.txt ++++ boringssl-20190523/CMakeLists.txt @@ -1,5 +1,7 @@ cmake_minimum_required(VERSION 2.8.11) -+set(boringssl_SOVERSION 0) ++set(boringssl_SOVERSION 1) + # Report AppleClang separately from Clang. Their version numbers are different. # https://cmake.org/cmake/help/v3.0/policy/CMP0025.html if(POLICY CMP0025) -@@ -503,6 +505,12 @@ endif() +@@ -546,6 +548,12 @@ endif() # Add minimal googletest targets. The provided one has many side-effects, and # googletest has a very straightforward build. add_library(boringssl_gtest third_party/googletest/src/gtest-all.cc) @@ -57,11 +57,11 @@ target_include_directories(boringssl_gtest PRIVATE third_party/googletest) include_directories(third_party/googletest/include) -diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt -index 863591020..31e1c2b96 100644 ---- a/crypto/CMakeLists.txt -+++ b/crypto/CMakeLists.txt -@@ -404,6 +404,12 @@ add_library( +Index: boringssl-20190523/crypto/CMakeLists.txt +=================================================================== +--- boringssl-20190523.orig/crypto/CMakeLists.txt ++++ boringssl-20190523/crypto/CMakeLists.txt +@@ -419,6 +419,12 @@ add_library( ${CRYPTO_ARCH_SOURCES} ${CRYPTO_FIPS_OBJECTS} ) @@ -74,10 +74,10 @@ add_dependencies(crypto global_target) -diff --git a/decrepit/CMakeLists.txt b/decrepit/CMakeLists.txt -index 1cb5e11f7..26d1a6dc9 100644 ---- a/decrepit/CMakeLists.txt -+++ b/decrepit/CMakeLists.txt +Index: boringssl-20190523/decrepit/CMakeLists.txt +=================================================================== +--- boringssl-20190523.orig/decrepit/CMakeLists.txt ++++ boringssl-20190523/decrepit/CMakeLists.txt @@ -21,6 +21,12 @@ add_library( x509/x509_decrepit.c xts/xts.c @@ -91,10 +91,10 @@ add_dependencies(decrepit global_target) -diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt -index d6c1294f1..102e015fd 100644 ---- a/ssl/CMakeLists.txt -+++ b/ssl/CMakeLists.txt +Index: boringssl-20190523/ssl/CMakeLists.txt +=================================================================== +--- boringssl-20190523.orig/ssl/CMakeLists.txt ++++ boringssl-20190523/ssl/CMakeLists.txt @@ -40,6 +40,12 @@ add_library( tls13_enc.cc tls13_server.cc @@ -108,6 +108,3 @@ add_dependencies(ssl global_target) --- -2.21.0 - ++++++ boringssl-20181228.tar.xz -> boringssl-20190523.tar.xz ++++++ /work/SRC/openSUSE:Factory/boringssl/boringssl-20181228.tar.xz /work/SRC/openSUSE:Factory/.boringssl.new.7948/boringssl-20190523.tar.xz differ: char 26, line 1