Hello community,
here is the log from the commit of package libressl for openSUSE:Factory
checked in at 2017-05-06 18:30:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libressl (Old)
and /work/SRC/openSUSE:Factory/.libressl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl"
Sat May 6 18:30:41 2017 rev:29 rq:492942 version:2.5.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2017-04-20
20:54:42.168124384 +0200
+++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2017-05-06
18:30:44.218037044 +0200
@@ -1,0 +2,12 @@
+Thu May 4 23:04:29 UTC 2017 - jeng...@inai.de
+
+- Update to new upstream release 2.5.4
+ * Reverted a previous change that forced consistency between
+ return value and error code when specifing a certificate
+ verification callback, since this breaks the documented API.
+ * Switched Linux getrandom() usage to non-blocking mode,
+ continuing to use fallback mechanims if unsuccessful.
+ * Fixed a bug caused by the return value being set early to
+ signal successful DTLS cookie validation.
+
+-------------------------------------------------------------------
Old:
----
libressl-2.5.3.tar.gz
libressl-2.5.3.tar.gz.asc
New:
----
libressl-2.5.4.tar.gz
libressl-2.5.4.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libressl.spec ++++++
--- /var/tmp/diff_new_pack.qTuq1m/_old 2017-05-06 18:30:45.057918532 +0200
+++ /var/tmp/diff_new_pack.qTuq1m/_new 2017-05-06 18:30:45.061917968 +0200
@@ -17,7 +17,7 @@
Name: libressl
-Version: 2.5.3
+Version: 2.5.4
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
++++++ libressl-2.5.3.tar.gz -> libressl-2.5.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/ChangeLog new/libressl-2.5.4/ChangeLog
--- old/libressl-2.5.3/ChangeLog 2017-04-06 13:25:05.000000000 +0200
+++ new/libressl-2.5.4/ChangeLog 2017-05-01 03:59:00.000000000 +0200
@@ -28,6 +28,28 @@
LibreSSL Portable Release Notes:
+2.5.4 - Security Updates
+
+ * Revert a previous change that forced consistency between return
+ value and error code when specifing a certificate verification
+ callback, since this breaks the documented API. When a user supplied
+ callback always returns 1, and later code checks the error code to
+ potentially abort post verification, this will result in incorrect
+ successul certificate verification.
+
+ * Switched Linux getrandom() usage to non-blocking mode, continuing to
+ use fallback mechanims if unsuccessful. This works around a design
+ flaw in Linux getrandom(2) where early boot usage in a library makes
+ it impossible to recover if getrandom(2) is not yet initialized.
+
+ * Fixed a bug caused by the return value being set early to signal
+ successful DTLS cookie validation. This can mask a later failure and
+ result in a positive return value being returned from
+ ssl3_get_client_hello(), when it should return a negative value to
+ propagate the error.
+
+ * Fixed a build error on non-x86/x86_64 systems running Solaris.
+
2.5.3 - OpenBSD 6.1 Release
* Documentation updates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/Makefile.in
new/libressl-2.5.4/Makefile.in
--- old/libressl-2.5.3/Makefile.in 2017-04-08 12:31:43.000000000 +0200
+++ new/libressl-2.5.4/Makefile.in 2017-05-01 06:09:14.000000000 +0200
@@ -267,6 +267,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/VERSION new/libressl-2.5.4/VERSION
--- old/libressl-2.5.3/VERSION 2017-04-08 12:31:21.000000000 +0200
+++ new/libressl-2.5.4/VERSION 2017-05-01 06:08:54.000000000 +0200
@@ -1,2 +1,2 @@
-2.5.3
+2.5.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/apps/Makefile.in
new/libressl-2.5.4/apps/Makefile.in
--- old/libressl-2.5.3/apps/Makefile.in 2017-04-08 12:31:43.000000000 +0200
+++ new/libressl-2.5.4/apps/Makefile.in 2017-05-01 06:09:14.000000000 +0200
@@ -214,6 +214,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/apps/nc/Makefile.am
new/libressl-2.5.4/apps/nc/Makefile.am
--- old/libressl-2.5.3/apps/nc/Makefile.am 2017-01-09 09:14:28.000000000
+0100
+++ new/libressl-2.5.4/apps/nc/Makefile.am 2017-04-19 11:01:44.000000000
+0200
@@ -4,6 +4,7 @@
if ENABLE_NC
bin_PROGRAMS = nc
+dist_man_MANS = nc.1
else
noinst_PROGRAMS = nc
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/apps/nc/Makefile.in
new/libressl-2.5.4/apps/nc/Makefile.in
--- old/libressl-2.5.3/apps/nc/Makefile.in 2017-04-08 12:31:43.000000000
+0200
+++ new/libressl-2.5.4/apps/nc/Makefile.in 2017-05-01 06:09:14.000000000
+0200
@@ -112,7 +112,7 @@
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
am__nc_SOURCES_DIST = atomicio.c netcat.c socks.c compat/socket.c \
compat/base64.c compat/accept4.c compat/readpassphrase.c \
@@ -181,6 +181,36 @@
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man1dir = $(mandir)/man1
+NROFF = nroff
+MANS = $(dist_man_MANS)
am__noinst_HEADERS_DIST = atomicio.h compat/sys/socket.h
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
@@ -202,7 +232,7 @@
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in \
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
@@ -234,6 +264,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -332,6 +363,7 @@
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \
-DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \
-D__END_HIDDEN_DECLS= $(am__append_1)
+@BUILD_NC_TRUE@@ENABLE_NC_TRUE@dist_man_MANS = nc.1
@BUILD_NC_TRUE@EXTRA_DIST = nc.1 CMakeLists.txt
@BUILD_NC_TRUE@nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \
@BUILD_NC_TRUE@ $(abs_top_builddir)/ssl/libssl.la \
@@ -499,6 +531,49 @@
clean-libtool:
-rm -rf .libs _libs
+install-man1: $(dist_man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?;
\
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -584,9 +659,9 @@
done
check-am: all-am
check: check-am
-all-am: Makefile $(PROGRAMS) $(HEADERS)
+all-am: Makefile $(PROGRAMS) $(MANS) $(HEADERS)
installdirs:
- for dir in "$(DESTDIR)$(bindir)"; do \
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -644,7 +719,7 @@
info-am:
-install-data-am:
+install-data-am: install-man
install-dvi: install-dvi-am
@@ -660,7 +735,7 @@
install-info-am:
-install-man:
+install-man: install-man1
install-pdf: install-pdf-am
@@ -690,7 +765,9 @@
ps-am:
-uninstall-am: uninstall-binPROGRAMS
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+
+uninstall-man: uninstall-man1
.MAKE: install-am install-strip
@@ -702,12 +779,13 @@
install install-am install-binPROGRAMS install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
+ install-info-am install-man install-man1 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-binPROGRAMS
+ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-man uninstall-man1
.PRECIOUS: Makefile
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/apps/ocspcheck/Makefile.in
new/libressl-2.5.4/apps/ocspcheck/Makefile.in
--- old/libressl-2.5.3/apps/ocspcheck/Makefile.in 2017-04-08
12:31:43.000000000 +0200
+++ new/libressl-2.5.4/apps/ocspcheck/Makefile.in 2017-05-01
06:09:14.000000000 +0200
@@ -220,6 +220,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/apps/openssl/Makefile.in
new/libressl-2.5.4/apps/openssl/Makefile.in
--- old/libressl-2.5.3/apps/openssl/Makefile.in 2017-04-08 12:31:43.000000000
+0200
+++ new/libressl-2.5.4/apps/openssl/Makefile.in 2017-05-01 06:09:15.000000000
+0200
@@ -280,6 +280,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/configure new/libressl-2.5.4/configure
--- old/libressl-2.5.3/configure 2017-04-08 12:31:42.000000000 +0200
+++ new/libressl-2.5.4/configure 2017-05-01 06:09:13.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libressl 2.5.3.
+# Generated by GNU Autoconf 2.69 for libressl 2.5.4.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
-PACKAGE_VERSION='2.5.3'
-PACKAGE_STRING='libressl 2.5.3'
+PACKAGE_VERSION='2.5.4'
+PACKAGE_STRING='libressl 2.5.4'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -645,6 +645,7 @@
OPENSSLDIR_DEFINED_FALSE
OPENSSLDIR_DEFINED_TRUE
OPENSSLDIR
+HOSTARCH
HAVE_B64_NTOP_FALSE
HAVE_B64_NTOP_TRUE
HAVE_TIMINGSAFE_MEMCMP_FALSE
@@ -1419,7 +1420,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libressl 2.5.3 to adapt to many kinds of systems.
+\`configure' configures libressl 2.5.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1489,7 +1490,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libressl 2.5.3:";;
+ short | recursive ) echo "Configuration of libressl 2.5.4:";;
esac
cat <<\_ACEOF
@@ -1605,7 +1606,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libressl configure 2.5.3
+libressl configure 2.5.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2153,7 +2154,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libressl $as_me 2.5.3, which was
+It was created by libressl $as_me 2.5.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3094,7 +3095,7 @@
# Define the identity of the package.
PACKAGE='libressl'
- VERSION='2.5.3'
+ VERSION='2.5.4'
cat >>confdefs.h <<_ACEOF
@@ -13795,10 +13796,21 @@
+case $host_cpu in #(
+ i?86) :
+ HOSTARCH=intel ;; #(
+ x86_64) :
+ HOSTARCH=intel ;; #(
+ amd64) :
+ HOSTARCH=intel ;; #(
+ *) :
+ ;;
+esac
+
crypto_sym=$srcdir/crypto/crypto.sym
-crypto_p_sym=$srcdir/crypto/crypto_portable.sym
+crypto_p_sym=./crypto/crypto_portable.sym
echo "generating $crypto_p_sym ..."
-chmod u+w $srcdir/crypto
+mkdir -p ./crypto
cp $crypto_sym $crypto_p_sym
chmod u+w $crypto_p_sym
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
@@ -13849,6 +13861,9 @@
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
echo timingsafe_memcmp >> $crypto_p_sym
fi
+if test "x$HOSTARCH" = "xintel" ; then
+ echo OPENSSL_ia32cap_P >> $crypto_p_sym
+fi
if test "x$HOST_OS" = "xwin" ; then
echo posix_perror >> $crypto_p_sym
echo posix_fopen >> $crypto_p_sym
@@ -14823,7 +14838,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libressl $as_me 2.5.3, which was
+This file was extended by libressl $as_me 2.5.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14880,7 +14895,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libressl config.status 2.5.3
+libressl config.status 2.5.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/crypto/Makefile.am
new/libressl-2.5.4/crypto/Makefile.am
--- old/libressl-2.5.3/crypto/Makefile.am 2017-03-17 01:23:36.000000000
+0100
+++ new/libressl-2.5.4/crypto/Makefile.am 2017-04-30 04:42:14.000000000
+0200
@@ -15,7 +15,10 @@
# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols $(top_srcdir)/crypto/crypto_portable.sym
+BUILT_SOURCES = crypto_portable.sym
+CLEANFILES = crypto_portable.sym
+
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/crypto/Makefile.in
new/libressl-2.5.4/crypto/Makefile.in
--- old/libressl-2.5.3/crypto/Makefile.in 2017-04-08 12:31:45.000000000
+0200
+++ new/libressl-2.5.4/crypto/Makefile.in 2017-05-01 06:09:16.000000000
+0200
@@ -896,6 +896,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -1001,7 +1002,9 @@
# needed for a CMake target
EXTRA_DIST = VERSION CMakeLists.txt crypto.sym compat/strcasecmp.c \
$(ASM_X86_64_ELF) $(ASM_X86_64_MACOSX)
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols $(top_srcdir)/crypto/crypto_portable.sym
+BUILT_SOURCES = crypto_portable.sym
+CLEANFILES = crypto_portable.sym
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la $(am__append_1)
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \
-DOPENSSL_NO_HW_PADLOCK $(am__append_2) $(am__append_3) \
@@ -1311,7 +1314,8 @@
sha/sha1-macosx-x86_64.S sha/sha256-macosx-x86_64.S \
sha/sha512-macosx-x86_64.S whrlpool/wp-macosx-x86_64.S \
cpuid-macosx-x86_64.S
-all: all-am
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES:
.SUFFIXES: .S .c .lo .o .obj
@@ -7934,13 +7938,15 @@
fi; \
done
check-am: all-am
-check: check-am
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(LTLIBRARIES) $(HEADERS)
installdirs:
for dir in "$(DESTDIR)$(libdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
-install: install-am
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
@@ -7962,6 +7968,7 @@
mostlyclean-generic:
clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -8070,6 +8077,7 @@
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am
clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
@@ -8141,7 +8149,7 @@
uninstall-am: uninstall-libLTLIBRARIES
-.MAKE: install-am install-strip
+.MAKE: all check install install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/crypto/compat/getentropy_linux.c
new/libressl-2.5.4/crypto/compat/getentropy_linux.c
--- old/libressl-2.5.3/crypto/compat/getentropy_linux.c 2017-04-08
12:31:21.000000000 +0200
+++ new/libressl-2.5.4/crypto/compat/getentropy_linux.c 2017-05-01
06:08:54.000000000 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: getentropy_linux.c,v 1.43 2016/08/07 03:27:21 tb Exp $
*/
+/* $OpenBSD: getentropy_linux.c,v 1.43.4.1 2017/04/29 18:57:00 beck Exp $
*/
/*
* Copyright (c) 2014 Theo de Raadt <dera...@openbsd.org>
@@ -96,13 +96,16 @@
#ifdef SYS_getrandom
/*
- * Try descriptor-less getrandom()
+ * Try descriptor-less getrandom(), in non-blocking mode.
+ *
+ * The design of Linux getrandom is broken. It has an
+ * uninitialized phase coupled with blocking behaviour, which
+ * is unacceptable from within a library at boot time without
+ * possible recovery. See http://bugs.python.org/issue26839#msg267745
*/
ret = getentropy_getrandom(buf, len);
if (ret != -1)
return (ret);
- if (errno != ENOSYS)
- return (-1);
#endif
/*
@@ -156,7 +159,7 @@
* - Do the best under the circumstances....
*
* This code path exists to bring light to the issue that Linux
- * does not provide a failsafe API for entropy collection.
+ * still does not provide a failsafe API for entropy collection.
*
* We hope this demonstrates that Linux should either retain their
* sysctl ABI, or consider providing a new failsafe API which
@@ -199,7 +202,7 @@
if (len > 256)
return (-1);
do {
- ret = syscall(SYS_getrandom, buf, len, 0);
+ ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
} while (ret == -1 && errno == EINTR);
if (ret != len)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/crypto/crypto.sym
new/libressl-2.5.4/crypto/crypto.sym
--- old/libressl-2.5.3/crypto/crypto.sym 2017-04-08 12:31:23.000000000
+0200
+++ new/libressl-2.5.4/crypto/crypto.sym 2017-05-01 06:08:56.000000000
+0200
@@ -1814,7 +1814,6 @@
OPENSSL_config
OPENSSL_cpu_caps
OPENSSL_cpuid_setup
-OPENSSL_ia32cap_P
OPENSSL_init
OPENSSL_load_builtin_modules
OPENSSL_no_config
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/crypto/x509/x509_vfy.c
new/libressl-2.5.4/crypto/x509/x509_vfy.c
--- old/libressl-2.5.3/crypto/x509/x509_vfy.c 2017-03-07 06:43:54.000000000
+0100
+++ new/libressl-2.5.4/crypto/x509/x509_vfy.c 2017-05-01 03:29:45.000000000
+0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -541,15 +541,7 @@
/* Safety net, error returns must set ctx->error */
if (ok <= 0 && ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
-
- /*
- * Safety net, if user provided verify callback indicates sucess
- * make sure they have set error to X509_V_OK
- */
- if (ctx->verify_cb != null_callback && ok == 1)
- ctx->error = X509_V_OK;
-
- return(ctx->error == X509_V_OK);
+ return ok;
}
/* Given a STACK_OF(X509) find the issuer of cert (if any)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/include/Makefile.in
new/libressl-2.5.4/include/Makefile.in
--- old/libressl-2.5.3/include/Makefile.in 2017-04-08 12:31:45.000000000
+0200
+++ new/libressl-2.5.4/include/Makefile.in 2017-05-01 06:09:16.000000000
+0200
@@ -245,6 +245,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/include/openssl/Makefile.in
new/libressl-2.5.4/include/openssl/Makefile.in
--- old/libressl-2.5.3/include/openssl/Makefile.in 2017-04-08
12:31:45.000000000 +0200
+++ new/libressl-2.5.4/include/openssl/Makefile.in 2017-05-01
06:09:17.000000000 +0200
@@ -203,6 +203,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/include/openssl/opensslv.h
new/libressl-2.5.4/include/openssl/opensslv.h
--- old/libressl-2.5.3/include/openssl/opensslv.h 2017-04-06
12:58:30.000000000 +0200
+++ new/libressl-2.5.4/include/openssl/opensslv.h 2017-05-01
03:29:45.000000000 +0200
@@ -1,10 +1,10 @@
-/* $OpenBSD: opensslv.h,v 1.39.4.1 2017/04/06 10:36:12 bcook Exp $ */
+/* $OpenBSD: opensslv.h,v 1.39.4.2 2017/04/29 19:56:13 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x2050300fL
-#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.3"
+#define LIBRESSL_VERSION_NUMBER 0x2050400fL
+#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.4"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/libcrypto.pc.in
new/libressl-2.5.4/libcrypto.pc.in
--- old/libressl-2.5.3/libcrypto.pc.in 2017-01-07 14:22:01.000000000 +0100
+++ new/libressl-2.5.4/libcrypto.pc.in 2017-04-19 11:01:12.000000000 +0200
@@ -5,8 +5,8 @@
libdir=@libdir@
includedir=@includedir@
-Name: LibreSSL-libssl
-Description: Secure Sockets Layer and cryptography libraries
+Name: LibreSSL-libcrypto
+Description: LibreSSL cryptography library
Version: @VERSION@
Requires:
Conflicts:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/m4/check-libc.m4
new/libressl-2.5.4/m4/check-libc.m4
--- old/libressl-2.5.3/m4/check-libc.m4 2017-03-17 01:23:36.000000000 +0100
+++ new/libressl-2.5.4/m4/check-libc.m4 2017-04-30 04:42:38.000000000 +0200
@@ -149,10 +149,16 @@
])
AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [
+AS_CASE([$host_cpu],
+ [i?86], [HOSTARCH=intel],
+ [x86_64], [HOSTARCH=intel],
+ [amd64], [HOSTARCH=intel],
+)
+AC_SUBST([HOSTARCH])
crypto_sym=$srcdir/crypto/crypto.sym
-crypto_p_sym=$srcdir/crypto/crypto_portable.sym
+crypto_p_sym=./crypto/crypto_portable.sym
echo "generating $crypto_p_sym ..."
-chmod u+w $srcdir/crypto
+mkdir -p ./crypto
cp $crypto_sym $crypto_p_sym
chmod u+w $crypto_p_sym
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
@@ -203,6 +209,9 @@
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
echo timingsafe_memcmp >> $crypto_p_sym
fi
+if test "x$HOSTARCH" = "xintel" ; then
+ echo OPENSSL_ia32cap_P >> $crypto_p_sym
+fi
if test "x$HOST_OS" = "xwin" ; then
echo posix_perror >> $crypto_p_sym
echo posix_fopen >> $crypto_p_sym
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/man/Makefile.in
new/libressl-2.5.4/man/Makefile.in
--- old/libressl-2.5.3/man/Makefile.in 2017-04-08 12:31:46.000000000 +0200
+++ new/libressl-2.5.4/man/Makefile.in 2017-05-01 06:09:17.000000000 +0200
@@ -184,6 +184,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/ssl/Makefile.in
new/libressl-2.5.4/ssl/Makefile.in
--- old/libressl-2.5.3/ssl/Makefile.in 2017-04-08 12:31:46.000000000 +0200
+++ new/libressl-2.5.4/ssl/Makefile.in 2017-05-01 06:09:17.000000000 +0200
@@ -244,6 +244,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/ssl/ssl_srvr.c
new/libressl-2.5.4/ssl/ssl_srvr.c
--- old/libressl-2.5.3/ssl/ssl_srvr.c 2017-03-17 01:26:06.000000000 +0100
+++ new/libressl-2.5.4/ssl/ssl_srvr.c 2017-05-01 03:29:45.000000000 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.11.4.1 2017/04/29 23:41:32 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -720,7 +720,7 @@
uint16_t client_version;
uint8_t comp_method;
int comp_null;
- int i, j, ok, al, ret = -1;
+ int i, j, ok, al, ret = -1, cookie_valid = 0;
long n;
unsigned long id;
unsigned char *p, *d;
@@ -887,7 +887,7 @@
SSLerror(s, SSL_R_COOKIE_MISMATCH);
goto f_err;
}
- ret = 2;
+ cookie_valid = 1;
}
}
@@ -1059,8 +1059,8 @@
goto err;
}
- if (ret < 0)
- ret = 1;
+ ret = cookie_valid ? 2 : 1;
+
if (0) {
truncated:
al = SSL_AD_DECODE_ERROR;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/tests/Makefile.in
new/libressl-2.5.4/tests/Makefile.in
--- old/libressl-2.5.3/tests/Makefile.in 2017-04-08 12:31:46.000000000
+0200
+++ new/libressl-2.5.4/tests/Makefile.in 2017-05-01 06:09:17.000000000
+0200
@@ -967,6 +967,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.5.3/tls/Makefile.in
new/libressl-2.5.4/tls/Makefile.in
--- old/libressl-2.5.3/tls/Makefile.in 2017-04-08 12:31:46.000000000 +0200
+++ new/libressl-2.5.4/tls/Makefile.in 2017-05-01 06:09:17.000000000 +0200
@@ -245,6 +245,7 @@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
+HOSTARCH = @HOSTARCH@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
