Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2017-12-29 18:50:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Fri Dec 29 18:50:49 2017 rev:36 rq:560001 version:2.6.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2017-12-06 08:59:21.799284768 +0100 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2017-12-29 18:51:10.476329306 +0100 @@ -1,0 +2,9 @@ +Thu Dec 21 00:51:03 UTC 2017 - jeng...@inai.de + +- Update to new upstream release 2.6.4 + * Make tls_config_parse_protocols() work correctly when passed + a NULL pointer for a protocol string. + * Correct TLS extensions handling when no extensions are + present. + +------------------------------------------------------------------- Old: ---- libressl-2.6.3.tar.gz libressl-2.6.3.tar.gz.asc New: ---- libressl-2.6.4.tar.gz libressl-2.6.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.DZL7mq/_old 2017-12-29 18:51:11.532026102 +0100 +++ /var/tmp/diff_new_pack.DZL7mq/_new 2017-12-29 18:51:11.532026102 +0100 @@ -17,7 +17,7 @@ Name: libressl -Version: 2.6.3 +Version: 2.6.4 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL ++++++ libressl-2.6.3.tar.gz -> libressl-2.6.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/ChangeLog new/libressl-2.6.4/ChangeLog --- old/libressl-2.6.3/ChangeLog 2017-11-06 00:13:06.000000000 +0100 +++ new/libressl-2.6.4/ChangeLog 2017-12-12 10:46:23.000000000 +0100 @@ -28,6 +28,21 @@ LibreSSL Portable Release Notes: +2.6.4 - Bug fixes + + * Make tls_config_parse_protocols() work correctly when passed a NULL + pointer for a protocol string. Issue found by semarie@, who also + provided the diff. + + * Correct TLS extensions handling when no extensions are present. + If no TLS extensions are present in a client hello or server hello, + omit the entire extensions block, rather than including it with a + length of zero. Thanks to Eric Elena <eric at voguemerry dot com> for + providing packet captures and testing the fix. + + * Fixed portable builds on older Android systems, and systems with out + IPV6_TCLASS support. + 2.6.3 - OpenBSD 6.2 Release * No core changes from LibreSSL 2.6.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/VERSION new/libressl-2.6.4/VERSION --- old/libressl-2.6.3/VERSION 2017-11-06 00:15:18.000000000 +0100 +++ new/libressl-2.6.4/VERSION 2017-12-12 10:48:11.000000000 +0100 @@ -1,2 +1,2 @@ -2.6.3 +2.6.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/apps/nc/netcat.c new/libressl-2.6.4/apps/nc/netcat.c --- old/libressl-2.6.3/apps/nc/netcat.c 2017-11-06 00:15:30.000000000 +0100 +++ new/libressl-2.6.4/apps/nc/netcat.c 2017-12-12 10:48:18.000000000 +0100 @@ -1503,7 +1503,7 @@ err(1, "set IPv6 traffic class"); #else else if (af == AF_INET6) { - errno = ENOPROTOOPT + errno = ENOPROTOOPT; err(1, "set IPv6 traffic class not supported"); } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/apps/openssl/CMakeLists.txt new/libressl-2.6.4/apps/openssl/CMakeLists.txt --- old/libressl-2.6.3/apps/openssl/CMakeLists.txt 2017-11-04 21:04:56.000000000 +0100 +++ new/libressl-2.6.4/apps/openssl/CMakeLists.txt 2017-11-23 12:43:27.000000000 +0100 @@ -88,5 +88,5 @@ endif() if(ENABLE_LIBRESSL_INSTALL) install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) - install(DIRECTORY DESTINATION ${CONF_DIR}/cert) + install(DIRECTORY DESTINATION ${CONF_DIR}/certs) endif(ENABLE_LIBRESSL_INSTALL) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/configure new/libressl-2.6.4/configure --- old/libressl-2.6.3/configure 2017-11-06 00:15:42.000000000 +0100 +++ new/libressl-2.6.4/configure 2017-12-12 10:48:27.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libressl 2.6.3. +# Generated by GNU Autoconf 2.69 for libressl 2.6.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' -PACKAGE_VERSION='2.6.3' -PACKAGE_STRING='libressl 2.6.3' +PACKAGE_VERSION='2.6.4' +PACKAGE_STRING='libressl 2.6.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1423,7 +1423,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libressl 2.6.3 to adapt to many kinds of systems. +\`configure' configures libressl 2.6.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1493,7 +1493,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libressl 2.6.3:";; + short | recursive ) echo "Configuration of libressl 2.6.4:";; esac cat <<\_ACEOF @@ -1609,7 +1609,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libressl configure 2.6.3 +libressl configure 2.6.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2157,7 +2157,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libressl $as_me 2.6.3, which was +It was created by libressl $as_me 2.6.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3098,7 +3098,7 @@ # Define the identity of the package. PACKAGE='libressl' - VERSION='2.6.3' + VERSION='2.6.4' cat >>confdefs.h <<_ACEOF @@ -13037,7 +13037,7 @@ done # Check for general libc functions -for ac_func in asprintf freezero getpagesize inet_ntop inet_pton memmem +for ac_func in asprintf freezero inet_ntop inet_pton memmem do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -13085,6 +13085,42 @@ fi done +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize" >&5 +$as_echo_n "checking for getpagesize... " >&6; } +if ${ac_cv_func_getpagesize+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +// Since Android NDK v16 getpagesize is defined as inline inside unistd.h +#ifdef __ANDROID__ +# include <unistd.h> +#endif + +int +main () +{ + + getpagesize(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_func_getpagesize="yes" +else + ac_cv_func_getpagesize="no" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpagesize" >&5 +$as_echo "$ac_cv_func_getpagesize" >&6; } if test "x$ac_cv_func_asprintf" = xyes; then HAVE_ASPRINTF_TRUE= HAVE_ASPRINTF_FALSE='#' @@ -14783,7 +14819,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libressl $as_me 2.6.3, which was +This file was extended by libressl $as_me 2.6.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14840,7 +14876,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libressl config.status 2.6.3 +libressl config.status 2.6.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/include/openssl/opensslv.h new/libressl-2.6.4/include/openssl/opensslv.h --- old/libressl-2.6.3/include/openssl/opensslv.h 2017-11-02 12:06:30.000000000 +0100 +++ new/libressl-2.6.4/include/openssl/opensslv.h 2017-12-12 10:46:36.000000000 +0100 @@ -1,10 +1,10 @@ -/* $OpenBSD: opensslv.h,v 1.43 2017/09/26 14:23:20 bcook Exp $ */ +/* $OpenBSD: opensslv.h,v 1.43.4.1 2017/12/11 10:50:37 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x2060300fL -#define LIBRESSL_VERSION_TEXT "LibreSSL 2.6.3" +#define LIBRESSL_VERSION_NUMBER 0x2060400fL +#define LIBRESSL_VERSION_TEXT "LibreSSL 2.6.4" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/m4/check-libc.m4 new/libressl-2.6.4/m4/check-libc.m4 --- old/libressl-2.6.3/m4/check-libc.m4 2017-11-04 21:04:56.000000000 +0100 +++ new/libressl-2.6.4/m4/check-libc.m4 2017-11-23 16:38:41.000000000 +0100 @@ -2,10 +2,23 @@ # Check for libc headers AC_CHECK_HEADERS([err.h readpassphrase.h]) # Check for general libc functions -AC_CHECK_FUNCS([asprintf freezero getpagesize inet_ntop inet_pton memmem]) +AC_CHECK_FUNCS([asprintf freezero inet_ntop inet_pton memmem]) AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray]) AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum]) AC_CHECK_FUNCS([timegm _mkgmtime]) +AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +// Since Android NDK v16 getpagesize is defined as inline inside unistd.h +#ifdef __ANDROID__ +# include <unistd.h> +#endif + ]], [[ + getpagesize(); +]])], + [ ac_cv_func_getpagesize="yes" ], + [ ac_cv_func_getpagesize="no" + ]) +]) AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes]) AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes]) AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/ssl/bs_cbb.c new/libressl-2.6.4/ssl/bs_cbb.c --- old/libressl-2.6.3/ssl/bs_cbb.c 2017-08-12 18:29:36.000000000 +0200 +++ new/libressl-2.6.4/ssl/bs_cbb.c 2017-12-12 10:46:35.000000000 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_cbb.c,v 1.17 2017/08/12 02:50:05 jsing Exp $ */ +/* $OpenBSD: bs_cbb.c,v 1.17.4.1 2017/12/09 13:43:25 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -271,6 +271,20 @@ return 1; } +void +CBB_discard_child(CBB *cbb) +{ + if (cbb->child == NULL) + return; + + cbb->base->len = cbb->offset; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; +} static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/ssl/bytestring.h new/libressl-2.6.4/ssl/bytestring.h --- old/libressl-2.6.3/ssl/bytestring.h 2017-03-07 06:43:54.000000000 +0100 +++ new/libressl-2.6.4/ssl/bytestring.h 2017-12-12 10:46:35.000000000 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: bytestring.h,v 1.15 2016/11/04 18:28:58 guenther Exp $ */ +/* $OpenBSD: bytestring.h,v 1.15.6.1 2017/12/09 13:43:25 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -394,6 +394,12 @@ int CBB_flush(CBB *cbb); /* + * CBB_discard_child discards the current unflushed child of |cbb|. Neither the + * child's contents nor the length prefix will be included in the output. + */ +void CBB_discard_child(CBB *cbb); + +/* * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit * length. It returns one on success or zero on error. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/ssl/ssl_tlsext.c new/libressl-2.6.4/ssl/ssl_tlsext.c --- old/libressl-2.6.3/ssl/ssl_tlsext.c 2017-09-26 05:54:39.000000000 +0200 +++ new/libressl-2.6.4/ssl/ssl_tlsext.c 2017-12-12 10:46:35.000000000 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.17 2017/09/25 18:02:27 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.17.4.1 2017/12/09 13:43:25 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <js...@openbsd.org> * Copyright (c) 2017 Doug Hogan <d...@openbsd.org> @@ -1296,6 +1296,7 @@ { CBB extensions, extension_data; struct tls_extension *tlsext; + int extensions_present = 0; size_t i; if (!CBB_add_u16_length_prefixed(cbb, &extensions)) @@ -1313,8 +1314,13 @@ return 0; if (!tls_extensions[i].clienthello_build(s, &extension_data)) return 0; + + extensions_present = 1; } + if (!extensions_present) + CBB_discard_child(cbb); + if (!CBB_flush(cbb)) return 0; @@ -1351,6 +1357,7 @@ { CBB extensions, extension_data; struct tls_extension *tlsext; + int extensions_present = 0; size_t i; if (!CBB_add_u16_length_prefixed(cbb, &extensions)) @@ -1368,8 +1375,13 @@ return 0; if (!tlsext->serverhello_build(s, &extension_data)) return 0; + + extensions_present = 1; } + if (!extensions_present) + CBB_discard_child(cbb); + if (!CBB_flush(cbb)) return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-2.6.3/tls/tls_config.c new/libressl-2.6.4/tls/tls_config.c --- old/libressl-2.6.3/tls/tls_config.c 2017-09-26 05:54:39.000000000 +0200 +++ new/libressl-2.6.4/tls/tls_config.c 2017-12-12 10:46:35.000000000 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.44 2017/09/25 18:07:03 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.44.4.1 2017/12/09 16:49:17 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <js...@openbsd.org> * @@ -311,8 +311,10 @@ char *s, *p, *q; int negate; - if (protostr == NULL) - return TLS_PROTOCOLS_DEFAULT; + if (protostr == NULL) { + *protocols = TLS_PROTOCOLS_DEFAULT; + return (0); + } if ((s = strdup(protostr)) == NULL) return (-1);