Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package fipscheck for openSUSE:Factory checked in at 2024-07-17 15:14:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fipscheck (Old) and /work/SRC/openSUSE:Factory/.fipscheck.new.17339 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fipscheck" Wed Jul 17 15:14:26 2024 rev:12 rq:1187682 version:1.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/fipscheck/fipscheck.changes 2022-11-04 17:31:26.419692057 +0100 +++ /work/SRC/openSUSE:Factory/.fipscheck.new.17339/fipscheck.changes 2024-07-17 15:15:03.569866485 +0200 @@ -1,0 +2,8 @@ +Mon Jul 8 15:29:36 UTC 2024 - Martin Jambor <mjam...@suse.com> + +- Backport upstream patches fipscheck-fix_check_openssl_version.patch + and fipscheck-fix_incorrect_length_type.patch to fix C99 violations + which are errors by default with GCC 14 [boo#1221714] - although the + first one looks like it possibly fixes some more substantial error. + +------------------------------------------------------------------- New: ---- fipscheck-fix_check_openssl_version.patch fipscheck-fix_incorrect_length_type.patch BETA DEBUG BEGIN: New: - Backport upstream patches fipscheck-fix_check_openssl_version.patch and fipscheck-fix_incorrect_length_type.patch to fix C99 violations New:- Backport upstream patches fipscheck-fix_check_openssl_version.patch and fipscheck-fix_incorrect_length_type.patch to fix C99 violations which are errors by default with GCC 14 [boo#1221714] - although the BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fipscheck.spec ++++++ --- /var/tmp/diff_new_pack.k0q88a/_old 2024-07-17 15:15:04.061884504 +0200 +++ /var/tmp/diff_new_pack.k0q88a/_new 2024-07-17 15:15:04.065884650 +0200 @@ -1,7 +1,7 @@ # # spec file for package fipscheck # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,8 @@ URL: https://github.com/LairdCP/fipscheck Source0: fipscheck-%version.tar.bz2 Source1: baselibs.conf +Patch0: fipscheck-fix_check_openssl_version.patch +Patch1: fipscheck-fix_incorrect_length_type.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -57,6 +59,8 @@ %prep %setup -q +%patch -P0 -p1 +%patch -P1 -p1 %build %configure --disable-static ++++++ fipscheck-fix_check_openssl_version.patch ++++++ >From 8e8fb5a47d19bc4bb589af06623e710d755bb963 Mon Sep 17 00:00:00 2001 From: "Doug.Smith" <doug.sm...@lairdconnect.com> Date: Tue, 23 Aug 2022 15:13:02 -0400 Subject: [PATCH] BZ22308: fipscheck for openssl-3 fails Fix openssl version check -- missing include of version <opensslv.h> before check. Fix loading of openssl fips provider. Bug: 22308 --- src/filehmac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/filehmac.c b/src/filehmac.c index 87ad15f..f9b5310 100644 --- a/src/filehmac.c +++ b/src/filehmac.c @@ -41,6 +41,7 @@ #include <sys/wait.h> #if defined(WITH_OPENSSL) +#include <openssl/opensslv.h> #if OPENSSL_VERSION_NUMBER >= 0x30000000L #include <openssl/provider.h> #include <openssl/evp.h> @@ -215,7 +216,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips) size_t len; unsigned int hlen; - if (force_fips && fips != NULL) { + if (force_fips && fips == NULL) { fips = OSSL_PROVIDER_load(NULL, "fips"); if (fips == NULL) { debug_log("Failed to load FIPS provider\n"); ++++++ fipscheck-fix_incorrect_length_type.patch ++++++ >From 05f84f7ec315f1251ffaa151e3b69df68f31c9e9 Mon Sep 17 00:00:00 2001 From: Isaac Lee <isaac....@alliedtelesis.co.nz> Date: Thu, 16 Feb 2023 19:21:59 +1300 Subject: [PATCH] filehmac: fix incorrect length type EVP_MAC_final() expects a size_t type variable for storing the number of bytes written, but the the variable was declared as unsigned int, causing the function to write 0 to the variable while the actual hmac computation actually successfully completes. --- src/filehmac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/filehmac.c b/src/filehmac.c index f9b5310..f59f09e 100644 --- a/src/filehmac.c +++ b/src/filehmac.c @@ -214,7 +214,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips) OSSL_PARAM params[2]; unsigned char rbuf[READ_BUFFER_LENGTH]; size_t len; - unsigned int hlen; + size_t hlen; if (force_fips && fips == NULL) { fips = OSSL_PROVIDER_load(NULL, "fips");
