Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2017-05-06 18:30:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Sat May 6 18:30:41 2017 rev:29 rq:492942 version:2.5.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2017-04-20 20:54:42.168124384 +0200 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2017-05-06 18:30:44.218037044 +0200 @@ -1,0 +2,12 @@ +Thu May 4 23:04:29 UTC 2017 - jeng...@inai.de + +- Update to new upstream release 2.5.4 + * Reverted a previous change that forced consistency between + return value and error code when specifing a certificate + verification callback, since this breaks the documented API. + * Switched Linux getrandom() usage to non-blocking mode, + continuing to use fallback mechanims if unsuccessful. + * Fixed a bug caused by the return value being set early to + signal successful DTLS cookie validation. + +------------------------------------------------------------------- Old: ---- libressl-2.5.3.tar.gz libressl-2.5.3.tar.gz.asc New: ---- libressl-2.5.4.tar.gz libressl-2.5.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.qTuq1m/_old 2017-05-06 18:30:45.057918532 +0200 +++ /var/tmp/diff_new_pack.qTuq1m/_new 2017-05-06 18:30:45.061917968 +0200 @@ -17,7 +17,7 @@ Name: libressl -Version: 2.5.3 +Version: 2.5.4 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL ++++++ libressl-2.5.3.tar.gz -> libressl-2.5.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/ChangeLog new/libressl-2.5.4/ChangeLog --- old/libressl-2.5.3/ChangeLog 2017-04-06 13:25:05.000000000 +0200 +++ new/libressl-2.5.4/ChangeLog 2017-05-01 03:59:00.000000000 +0200 @@ -28,6 +28,28 @@ LibreSSL Portable Release Notes: +2.5.4 - Security Updates + + * Revert a previous change that forced consistency between return + value and error code when specifing a certificate verification + callback, since this breaks the documented API. When a user supplied + callback always returns 1, and later code checks the error code to + potentially abort post verification, this will result in incorrect + successul certificate verification. + + * Switched Linux getrandom() usage to non-blocking mode, continuing to + use fallback mechanims if unsuccessful. This works around a design + flaw in Linux getrandom(2) where early boot usage in a library makes + it impossible to recover if getrandom(2) is not yet initialized. + + * Fixed a bug caused by the return value being set early to signal + successful DTLS cookie validation. This can mask a later failure and + result in a positive return value being returned from + ssl3_get_client_hello(), when it should return a negative value to + propagate the error. + + * Fixed a build error on non-x86/x86_64 systems running Solaris. + 2.5.3 - OpenBSD 6.1 Release * Documentation updates diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/Makefile.in new/libressl-2.5.4/Makefile.in --- old/libressl-2.5.3/Makefile.in 2017-04-08 12:31:43.000000000 +0200 +++ new/libressl-2.5.4/Makefile.in 2017-05-01 06:09:14.000000000 +0200 @@ -267,6 +267,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/VERSION new/libressl-2.5.4/VERSION --- old/libressl-2.5.3/VERSION 2017-04-08 12:31:21.000000000 +0200 +++ new/libressl-2.5.4/VERSION 2017-05-01 06:08:54.000000000 +0200 @@ -1,2 +1,2 @@ -2.5.3 +2.5.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/apps/Makefile.in new/libressl-2.5.4/apps/Makefile.in --- old/libressl-2.5.3/apps/Makefile.in 2017-04-08 12:31:43.000000000 +0200 +++ new/libressl-2.5.4/apps/Makefile.in 2017-05-01 06:09:14.000000000 +0200 @@ -214,6 +214,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/apps/nc/Makefile.am new/libressl-2.5.4/apps/nc/Makefile.am --- old/libressl-2.5.3/apps/nc/Makefile.am 2017-01-09 09:14:28.000000000 +0100 +++ new/libressl-2.5.4/apps/nc/Makefile.am 2017-04-19 11:01:44.000000000 +0200 @@ -4,6 +4,7 @@ if ENABLE_NC bin_PROGRAMS = nc +dist_man_MANS = nc.1 else noinst_PROGRAMS = nc endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/apps/nc/Makefile.in new/libressl-2.5.4/apps/nc/Makefile.in --- old/libressl-2.5.3/apps/nc/Makefile.in 2017-04-08 12:31:43.000000000 +0200 +++ new/libressl-2.5.4/apps/nc/Makefile.in 2017-05-01 06:09:14.000000000 +0200 @@ -112,7 +112,7 @@ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(bindir)" +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) am__nc_SOURCES_DIST = atomicio.c netcat.c socks.c compat/socket.c \ compat/base64.c compat/accept4.c compat/readpassphrase.c \ @@ -181,6 +181,36 @@ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +NROFF = nroff +MANS = $(dist_man_MANS) am__noinst_HEADERS_DIST = atomicio.h compat/sys/socket.h HEADERS = $(noinst_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) @@ -202,7 +232,7 @@ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in \ +am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ @@ -234,6 +264,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -332,6 +363,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= $(am__append_1) +@BUILD_NC_TRUE@@ENABLE_NC_TRUE@dist_man_MANS = nc.1 @BUILD_NC_TRUE@EXTRA_DIST = nc.1 CMakeLists.txt @BUILD_NC_TRUE@nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \ @BUILD_NC_TRUE@ $(abs_top_builddir)/ssl/libssl.la \ @@ -499,6 +531,49 @@ clean-libtool: -rm -rf .libs _libs +install-man1: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -584,9 +659,9 @@ done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) $(HEADERS) +all-am: Makefile $(PROGRAMS) $(MANS) $(HEADERS) installdirs: - for dir in "$(DESTDIR)$(bindir)"; do \ + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -644,7 +719,7 @@ info-am: -install-data-am: +install-data-am: install-man install-dvi: install-dvi-am @@ -660,7 +735,7 @@ install-info-am: -install-man: +install-man: install-man1 install-pdf: install-pdf-am @@ -690,7 +765,9 @@ ps-am: -uninstall-am: uninstall-binPROGRAMS +uninstall-am: uninstall-binPROGRAMS uninstall-man + +uninstall-man: uninstall-man1 .MAKE: install-am install-strip @@ -702,12 +779,13 @@ install install-am install-binPROGRAMS install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + install-info-am install-man install-man1 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-binPROGRAMS + tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-man uninstall-man1 .PRECIOUS: Makefile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/apps/ocspcheck/Makefile.in new/libressl-2.5.4/apps/ocspcheck/Makefile.in --- old/libressl-2.5.3/apps/ocspcheck/Makefile.in 2017-04-08 12:31:43.000000000 +0200 +++ new/libressl-2.5.4/apps/ocspcheck/Makefile.in 2017-05-01 06:09:14.000000000 +0200 @@ -220,6 +220,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/apps/openssl/Makefile.in new/libressl-2.5.4/apps/openssl/Makefile.in --- old/libressl-2.5.3/apps/openssl/Makefile.in 2017-04-08 12:31:43.000000000 +0200 +++ new/libressl-2.5.4/apps/openssl/Makefile.in 2017-05-01 06:09:15.000000000 +0200 @@ -280,6 +280,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/configure new/libressl-2.5.4/configure --- old/libressl-2.5.3/configure 2017-04-08 12:31:42.000000000 +0200 +++ new/libressl-2.5.4/configure 2017-05-01 06:09:13.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libressl 2.5.3. +# Generated by GNU Autoconf 2.69 for libressl 2.5.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' -PACKAGE_VERSION='2.5.3' -PACKAGE_STRING='libressl 2.5.3' +PACKAGE_VERSION='2.5.4' +PACKAGE_STRING='libressl 2.5.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -645,6 +645,7 @@ OPENSSLDIR_DEFINED_FALSE OPENSSLDIR_DEFINED_TRUE OPENSSLDIR +HOSTARCH HAVE_B64_NTOP_FALSE HAVE_B64_NTOP_TRUE HAVE_TIMINGSAFE_MEMCMP_FALSE @@ -1419,7 +1420,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libressl 2.5.3 to adapt to many kinds of systems. +\`configure' configures libressl 2.5.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1489,7 +1490,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libressl 2.5.3:";; + short | recursive ) echo "Configuration of libressl 2.5.4:";; esac cat <<\_ACEOF @@ -1605,7 +1606,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libressl configure 2.5.3 +libressl configure 2.5.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2153,7 +2154,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libressl $as_me 2.5.3, which was +It was created by libressl $as_me 2.5.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3094,7 +3095,7 @@ # Define the identity of the package. PACKAGE='libressl' - VERSION='2.5.3' + VERSION='2.5.4' cat >>confdefs.h <<_ACEOF @@ -13795,10 +13796,21 @@ +case $host_cpu in #( + i?86) : + HOSTARCH=intel ;; #( + x86_64) : + HOSTARCH=intel ;; #( + amd64) : + HOSTARCH=intel ;; #( + *) : + ;; +esac + crypto_sym=$srcdir/crypto/crypto.sym -crypto_p_sym=$srcdir/crypto/crypto_portable.sym +crypto_p_sym=./crypto/crypto_portable.sym echo "generating $crypto_p_sym ..." -chmod u+w $srcdir/crypto +mkdir -p ./crypto cp $crypto_sym $crypto_p_sym chmod u+w $crypto_p_sym if test "x$ac_cv_func_arc4random_buf" = "xno" ; then @@ -13849,6 +13861,9 @@ if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then echo timingsafe_memcmp >> $crypto_p_sym fi +if test "x$HOSTARCH" = "xintel" ; then + echo OPENSSL_ia32cap_P >> $crypto_p_sym +fi if test "x$HOST_OS" = "xwin" ; then echo posix_perror >> $crypto_p_sym echo posix_fopen >> $crypto_p_sym @@ -14823,7 +14838,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libressl $as_me 2.5.3, which was +This file was extended by libressl $as_me 2.5.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14880,7 +14895,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libressl config.status 2.5.3 +libressl config.status 2.5.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/crypto/Makefile.am new/libressl-2.5.4/crypto/Makefile.am --- old/libressl-2.5.3/crypto/Makefile.am 2017-03-17 01:23:36.000000000 +0100 +++ new/libressl-2.5.4/crypto/Makefile.am 2017-04-30 04:42:14.000000000 +0200 @@ -15,7 +15,10 @@ # needed for a CMake target EXTRA_DIST += compat/strcasecmp.c -libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols $(top_srcdir)/crypto/crypto_portable.sym +BUILT_SOURCES = crypto_portable.sym +CLEANFILES = crypto_portable.sym + +libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym libcrypto_la_LIBADD = libcompat.la if !HAVE_EXPLICIT_BZERO libcrypto_la_LIBADD += libcompatnoopt.la diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/crypto/Makefile.in new/libressl-2.5.4/crypto/Makefile.in --- old/libressl-2.5.3/crypto/Makefile.in 2017-04-08 12:31:45.000000000 +0200 +++ new/libressl-2.5.4/crypto/Makefile.in 2017-05-01 06:09:16.000000000 +0200 @@ -896,6 +896,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -1001,7 +1002,9 @@ # needed for a CMake target EXTRA_DIST = VERSION CMakeLists.txt crypto.sym compat/strcasecmp.c \ $(ASM_X86_64_ELF) $(ASM_X86_64_MACOSX) -libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols $(top_srcdir)/crypto/crypto_portable.sym +BUILT_SOURCES = crypto_portable.sym +CLEANFILES = crypto_portable.sym +libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym libcrypto_la_LIBADD = libcompat.la $(am__append_1) libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \ -DOPENSSL_NO_HW_PADLOCK $(am__append_2) $(am__append_3) \ @@ -1311,7 +1314,8 @@ sha/sha1-macosx-x86_64.S sha/sha256-macosx-x86_64.S \ sha/sha512-macosx-x86_64.S whrlpool/wp-macosx-x86_64.S \ cpuid-macosx-x86_64.S -all: all-am +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .S .c .lo .o .obj @@ -7934,13 +7938,15 @@ fi; \ done check-am: all-am -check: check-am +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-am +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am @@ -7962,6 +7968,7 @@ mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -8070,6 +8077,7 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ @@ -8141,7 +8149,7 @@ uninstall-am: uninstall-libLTLIBRARIES -.MAKE: install-am install-strip +.MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/crypto/compat/getentropy_linux.c new/libressl-2.5.4/crypto/compat/getentropy_linux.c --- old/libressl-2.5.3/crypto/compat/getentropy_linux.c 2017-04-08 12:31:21.000000000 +0200 +++ new/libressl-2.5.4/crypto/compat/getentropy_linux.c 2017-05-01 06:08:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.43 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.43.4.1 2017/04/29 18:57:00 beck Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <dera...@openbsd.org> @@ -96,13 +96,16 @@ #ifdef SYS_getrandom /* - * Try descriptor-less getrandom() + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 */ ret = getentropy_getrandom(buf, len); if (ret != -1) return (ret); - if (errno != ENOSYS) - return (-1); #endif /* @@ -156,7 +159,7 @@ * - Do the best under the circumstances.... * * This code path exists to bring light to the issue that Linux - * does not provide a failsafe API for entropy collection. + * still does not provide a failsafe API for entropy collection. * * We hope this demonstrates that Linux should either retain their * sysctl ABI, or consider providing a new failsafe API which @@ -199,7 +202,7 @@ if (len > 256) return (-1); do { - ret = syscall(SYS_getrandom, buf, len, 0); + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); } while (ret == -1 && errno == EINTR); if (ret != len) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/crypto/crypto.sym new/libressl-2.5.4/crypto/crypto.sym --- old/libressl-2.5.3/crypto/crypto.sym 2017-04-08 12:31:23.000000000 +0200 +++ new/libressl-2.5.4/crypto/crypto.sym 2017-05-01 06:08:56.000000000 +0200 @@ -1814,7 +1814,6 @@ OPENSSL_config OPENSSL_cpu_caps OPENSSL_cpuid_setup -OPENSSL_ia32cap_P OPENSSL_init OPENSSL_load_builtin_modules OPENSSL_no_config diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/crypto/x509/x509_vfy.c new/libressl-2.5.4/crypto/x509/x509_vfy.c --- old/libressl-2.5.3/crypto/x509/x509_vfy.c 2017-03-07 06:43:54.000000000 +0100 +++ new/libressl-2.5.4/crypto/x509/x509_vfy.c 2017-05-01 03:29:45.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * @@ -541,15 +541,7 @@ /* Safety net, error returns must set ctx->error */ if (ok <= 0 && ctx->error == X509_V_OK) ctx->error = X509_V_ERR_UNSPECIFIED; - - /* - * Safety net, if user provided verify callback indicates sucess - * make sure they have set error to X509_V_OK - */ - if (ctx->verify_cb != null_callback && ok == 1) - ctx->error = X509_V_OK; - - return(ctx->error == X509_V_OK); + return ok; } /* Given a STACK_OF(X509) find the issuer of cert (if any) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/include/Makefile.in new/libressl-2.5.4/include/Makefile.in --- old/libressl-2.5.3/include/Makefile.in 2017-04-08 12:31:45.000000000 +0200 +++ new/libressl-2.5.4/include/Makefile.in 2017-05-01 06:09:16.000000000 +0200 @@ -245,6 +245,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/include/openssl/Makefile.in new/libressl-2.5.4/include/openssl/Makefile.in --- old/libressl-2.5.3/include/openssl/Makefile.in 2017-04-08 12:31:45.000000000 +0200 +++ new/libressl-2.5.4/include/openssl/Makefile.in 2017-05-01 06:09:17.000000000 +0200 @@ -203,6 +203,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/include/openssl/opensslv.h new/libressl-2.5.4/include/openssl/opensslv.h --- old/libressl-2.5.3/include/openssl/opensslv.h 2017-04-06 12:58:30.000000000 +0200 +++ new/libressl-2.5.4/include/openssl/opensslv.h 2017-05-01 03:29:45.000000000 +0200 @@ -1,10 +1,10 @@ -/* $OpenBSD: opensslv.h,v 1.39.4.1 2017/04/06 10:36:12 bcook Exp $ */ +/* $OpenBSD: opensslv.h,v 1.39.4.2 2017/04/29 19:56:13 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x2050300fL -#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.3" +#define LIBRESSL_VERSION_NUMBER 0x2050400fL +#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.4" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/libcrypto.pc.in new/libressl-2.5.4/libcrypto.pc.in --- old/libressl-2.5.3/libcrypto.pc.in 2017-01-07 14:22:01.000000000 +0100 +++ new/libressl-2.5.4/libcrypto.pc.in 2017-04-19 11:01:12.000000000 +0200 @@ -5,8 +5,8 @@ libdir=@libdir@ includedir=@includedir@ -Name: LibreSSL-libssl -Description: Secure Sockets Layer and cryptography libraries +Name: LibreSSL-libcrypto +Description: LibreSSL cryptography library Version: @VERSION@ Requires: Conflicts: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/m4/check-libc.m4 new/libressl-2.5.4/m4/check-libc.m4 --- old/libressl-2.5.3/m4/check-libc.m4 2017-03-17 01:23:36.000000000 +0100 +++ new/libressl-2.5.4/m4/check-libc.m4 2017-04-30 04:42:38.000000000 +0200 @@ -149,10 +149,16 @@ ]) AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [ +AS_CASE([$host_cpu], + [i?86], [HOSTARCH=intel], + [x86_64], [HOSTARCH=intel], + [amd64], [HOSTARCH=intel], +) +AC_SUBST([HOSTARCH]) crypto_sym=$srcdir/crypto/crypto.sym -crypto_p_sym=$srcdir/crypto/crypto_portable.sym +crypto_p_sym=./crypto/crypto_portable.sym echo "generating $crypto_p_sym ..." -chmod u+w $srcdir/crypto +mkdir -p ./crypto cp $crypto_sym $crypto_p_sym chmod u+w $crypto_p_sym if test "x$ac_cv_func_arc4random_buf" = "xno" ; then @@ -203,6 +209,9 @@ if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then echo timingsafe_memcmp >> $crypto_p_sym fi +if test "x$HOSTARCH" = "xintel" ; then + echo OPENSSL_ia32cap_P >> $crypto_p_sym +fi if test "x$HOST_OS" = "xwin" ; then echo posix_perror >> $crypto_p_sym echo posix_fopen >> $crypto_p_sym diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/man/Makefile.in new/libressl-2.5.4/man/Makefile.in --- old/libressl-2.5.3/man/Makefile.in 2017-04-08 12:31:46.000000000 +0200 +++ new/libressl-2.5.4/man/Makefile.in 2017-05-01 06:09:17.000000000 +0200 @@ -184,6 +184,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/ssl/Makefile.in new/libressl-2.5.4/ssl/Makefile.in --- old/libressl-2.5.3/ssl/Makefile.in 2017-04-08 12:31:46.000000000 +0200 +++ new/libressl-2.5.4/ssl/Makefile.in 2017-05-01 06:09:17.000000000 +0200 @@ -244,6 +244,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/ssl/ssl_srvr.c new/libressl-2.5.4/ssl/ssl_srvr.c --- old/libressl-2.5.3/ssl/ssl_srvr.c 2017-03-17 01:26:06.000000000 +0100 +++ new/libressl-2.5.4/ssl/ssl_srvr.c 2017-05-01 03:29:45.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.11.4.1 2017/04/29 23:41:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * @@ -720,7 +720,7 @@ uint16_t client_version; uint8_t comp_method; int comp_null; - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0; long n; unsigned long id; unsigned char *p, *d; @@ -887,7 +887,7 @@ SSLerror(s, SSL_R_COOKIE_MISMATCH); goto f_err; } - ret = 2; + cookie_valid = 1; } } @@ -1059,8 +1059,8 @@ goto err; } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; + if (0) { truncated: al = SSL_AD_DECODE_ERROR; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/tests/Makefile.in new/libressl-2.5.4/tests/Makefile.in --- old/libressl-2.5.3/tests/Makefile.in 2017-04-08 12:31:46.000000000 +0200 +++ new/libressl-2.5.4/tests/Makefile.in 2017-05-01 06:09:17.000000000 +0200 @@ -967,6 +967,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.5.3/tls/Makefile.in new/libressl-2.5.4/tls/Makefile.in --- old/libressl-2.5.3/tls/Makefile.in 2017-04-08 12:31:46.000000000 +0200 +++ new/libressl-2.5.4/tls/Makefile.in 2017-05-01 06:09:17.000000000 +0200 @@ -245,6 +245,7 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HOSTARCH = @HOSTARCH@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@