Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-1_1 for openSUSE:Factory checked in at 2021-12-05 22:45:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1" Sun Dec 5 22:45:45 2021 rev:28 rq:934684 version:1.1.1l Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1_1.changes 2021-11-11 21:35:48.080861492 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-1_1.new.31177/openssl-1_1.changes 2021-12-05 22:45:49.589697803 +0100 @@ -1,0 +2,6 @@ +Thu Nov 11 18:50:47 UTC 2021 - Giuliano Belinassi <giuliano.belina...@suse.com> + +- Add support for livepatches (jsc#SLE-20049). +- Generate ipa-clones tarball artifact when livepatching is enabled. + +------------------------------------------------------------------- @@ -4,0 +11,9 @@ + +------------------------------------------------------------------- +Mon Nov 1 08:51:22 UTC 2021 - Dan ??erm??k <dcer...@suse.com> + +- Drop openssl-no-date.patch + + Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in + https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231 + thereby making this patch obsolete as builds *should* still be reproducible. Old: ---- openssl-no-date.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_1.spec ++++++ --- /var/tmp/diff_new_pack.hR4pq8/_old 2021-12-05 22:45:50.621694440 +0100 +++ /var/tmp/diff_new_pack.hR4pq8/_new 2021-12-05 22:45:50.625694427 +0100 @@ -16,6 +16,26 @@ # +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename %{_rname}-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + %define ssletcdir %{_sysconfdir}/ssl %define maj_min 1.1 %define _rname openssl @@ -42,7 +62,6 @@ Patch3: openssl-pkgconfig.patch Patch4: openssl-DEFAULT_SUSE_cipher.patch Patch5: openssl-ppc64-config.patch -Patch6: openssl-no-date.patch # PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129 Patch8: 0001-s390x-assembly-pack-perlasm-support.patch Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch @@ -199,6 +218,9 @@ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ %{optflags} \ +%if %{livepatchable} + -fpatchable-function-entry=16,14 -fdump-ipa-clones \ +%endif -Wa,--noexecstack \ -Wl,-z,relro,-z,now \ -fno-common \ @@ -229,6 +251,32 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers %install +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + %make_install %{?_smp_mflags} # kill static libs rm -f %{buildroot}%{_libdir}/lib*.a
