Hello community,
here is the log from the commit of package libressl for openSUSE:Factory
checked in at 2017-12-29 18:50:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libressl (Old)
and /work/SRC/openSUSE:Factory/.libressl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl"
Fri Dec 29 18:50:49 2017 rev:36 rq:560001 version:2.6.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2017-12-06
08:59:21.799284768 +0100
+++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2017-12-29
18:51:10.476329306 +0100
@@ -1,0 +2,9 @@
+Thu Dec 21 00:51:03 UTC 2017 - jeng...@inai.de
+
+- Update to new upstream release 2.6.4
+ * Make tls_config_parse_protocols() work correctly when passed
+ a NULL pointer for a protocol string.
+ * Correct TLS extensions handling when no extensions are
+ present.
+
+-------------------------------------------------------------------
Old:
----
libressl-2.6.3.tar.gz
libressl-2.6.3.tar.gz.asc
New:
----
libressl-2.6.4.tar.gz
libressl-2.6.4.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libressl.spec ++++++
--- /var/tmp/diff_new_pack.DZL7mq/_old 2017-12-29 18:51:11.532026102 +0100
+++ /var/tmp/diff_new_pack.DZL7mq/_new 2017-12-29 18:51:11.532026102 +0100
@@ -17,7 +17,7 @@
Name: libressl
-Version: 2.6.3
+Version: 2.6.4
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
++++++ libressl-2.6.3.tar.gz -> libressl-2.6.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/ChangeLog new/libressl-2.6.4/ChangeLog
--- old/libressl-2.6.3/ChangeLog 2017-11-06 00:13:06.000000000 +0100
+++ new/libressl-2.6.4/ChangeLog 2017-12-12 10:46:23.000000000 +0100
@@ -28,6 +28,21 @@
LibreSSL Portable Release Notes:
+2.6.4 - Bug fixes
+
+ * Make tls_config_parse_protocols() work correctly when passed a NULL
+ pointer for a protocol string. Issue found by semarie@, who also
+ provided the diff.
+
+ * Correct TLS extensions handling when no extensions are present.
+ If no TLS extensions are present in a client hello or server hello,
+ omit the entire extensions block, rather than including it with a
+ length of zero. Thanks to Eric Elena <eric at voguemerry dot com> for
+ providing packet captures and testing the fix.
+
+ * Fixed portable builds on older Android systems, and systems with out
+ IPV6_TCLASS support.
+
2.6.3 - OpenBSD 6.2 Release
* No core changes from LibreSSL 2.6.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/VERSION new/libressl-2.6.4/VERSION
--- old/libressl-2.6.3/VERSION 2017-11-06 00:15:18.000000000 +0100
+++ new/libressl-2.6.4/VERSION 2017-12-12 10:48:11.000000000 +0100
@@ -1,2 +1,2 @@
-2.6.3
+2.6.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/apps/nc/netcat.c
new/libressl-2.6.4/apps/nc/netcat.c
--- old/libressl-2.6.3/apps/nc/netcat.c 2017-11-06 00:15:30.000000000 +0100
+++ new/libressl-2.6.4/apps/nc/netcat.c 2017-12-12 10:48:18.000000000 +0100
@@ -1503,7 +1503,7 @@
err(1, "set IPv6 traffic class");
#else
else if (af == AF_INET6) {
- errno = ENOPROTOOPT
+ errno = ENOPROTOOPT;
err(1, "set IPv6 traffic class not supported");
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/apps/openssl/CMakeLists.txt
new/libressl-2.6.4/apps/openssl/CMakeLists.txt
--- old/libressl-2.6.3/apps/openssl/CMakeLists.txt 2017-11-04
21:04:56.000000000 +0100
+++ new/libressl-2.6.4/apps/openssl/CMakeLists.txt 2017-11-23
12:43:27.000000000 +0100
@@ -88,5 +88,5 @@
endif()
if(ENABLE_LIBRESSL_INSTALL)
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
- install(DIRECTORY DESTINATION ${CONF_DIR}/cert)
+ install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
endif(ENABLE_LIBRESSL_INSTALL)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/configure new/libressl-2.6.4/configure
--- old/libressl-2.6.3/configure 2017-11-06 00:15:42.000000000 +0100
+++ new/libressl-2.6.4/configure 2017-12-12 10:48:27.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libressl 2.6.3.
+# Generated by GNU Autoconf 2.69 for libressl 2.6.4.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
-PACKAGE_VERSION='2.6.3'
-PACKAGE_STRING='libressl 2.6.3'
+PACKAGE_VERSION='2.6.4'
+PACKAGE_STRING='libressl 2.6.4'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1423,7 +1423,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libressl 2.6.3 to adapt to many kinds of systems.
+\`configure' configures libressl 2.6.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1493,7 +1493,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libressl 2.6.3:";;
+ short | recursive ) echo "Configuration of libressl 2.6.4:";;
esac
cat <<\_ACEOF
@@ -1609,7 +1609,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libressl configure 2.6.3
+libressl configure 2.6.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2157,7 +2157,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libressl $as_me 2.6.3, which was
+It was created by libressl $as_me 2.6.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3098,7 +3098,7 @@
# Define the identity of the package.
PACKAGE='libressl'
- VERSION='2.6.3'
+ VERSION='2.6.4'
cat >>confdefs.h <<_ACEOF
@@ -13037,7 +13037,7 @@
done
# Check for general libc functions
-for ac_func in asprintf freezero getpagesize inet_ntop inet_pton memmem
+for ac_func in asprintf freezero inet_ntop inet_pton memmem
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -13085,6 +13085,42 @@
fi
done
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize" >&5
+$as_echo_n "checking for getpagesize... " >&6; }
+if ${ac_cv_func_getpagesize+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
+#ifdef __ANDROID__
+# include <unistd.h>
+#endif
+
+int
+main ()
+{
+
+ getpagesize();
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_func_getpagesize="yes"
+else
+ ac_cv_func_getpagesize="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpagesize" >&5
+$as_echo "$ac_cv_func_getpagesize" >&6; }
if test "x$ac_cv_func_asprintf" = xyes; then
HAVE_ASPRINTF_TRUE=
HAVE_ASPRINTF_FALSE='#'
@@ -14783,7 +14819,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libressl $as_me 2.6.3, which was
+This file was extended by libressl $as_me 2.6.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14840,7 +14876,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libressl config.status 2.6.3
+libressl config.status 2.6.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/include/openssl/opensslv.h
new/libressl-2.6.4/include/openssl/opensslv.h
--- old/libressl-2.6.3/include/openssl/opensslv.h 2017-11-02
12:06:30.000000000 +0100
+++ new/libressl-2.6.4/include/openssl/opensslv.h 2017-12-12
10:46:36.000000000 +0100
@@ -1,10 +1,10 @@
-/* $OpenBSD: opensslv.h,v 1.43 2017/09/26 14:23:20 bcook Exp $ */
+/* $OpenBSD: opensslv.h,v 1.43.4.1 2017/12/11 10:50:37 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x2060300fL
-#define LIBRESSL_VERSION_TEXT "LibreSSL 2.6.3"
+#define LIBRESSL_VERSION_NUMBER 0x2060400fL
+#define LIBRESSL_VERSION_TEXT "LibreSSL 2.6.4"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/m4/check-libc.m4
new/libressl-2.6.4/m4/check-libc.m4
--- old/libressl-2.6.3/m4/check-libc.m4 2017-11-04 21:04:56.000000000 +0100
+++ new/libressl-2.6.4/m4/check-libc.m4 2017-11-23 16:38:41.000000000 +0100
@@ -2,10 +2,23 @@
# Check for libc headers
AC_CHECK_HEADERS([err.h readpassphrase.h])
# Check for general libc functions
-AC_CHECK_FUNCS([asprintf freezero getpagesize inet_ntop inet_pton memmem])
+AC_CHECK_FUNCS([asprintf freezero inet_ntop inet_pton memmem])
AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime])
+AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
+#ifdef __ANDROID__
+# include <unistd.h>
+#endif
+ ]], [[
+ getpagesize();
+]])],
+ [ ac_cv_func_getpagesize="yes" ],
+ [ ac_cv_func_getpagesize="no"
+ ])
+])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes])
AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/ssl/bs_cbb.c
new/libressl-2.6.4/ssl/bs_cbb.c
--- old/libressl-2.6.3/ssl/bs_cbb.c 2017-08-12 18:29:36.000000000 +0200
+++ new/libressl-2.6.4/ssl/bs_cbb.c 2017-12-12 10:46:35.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: bs_cbb.c,v 1.17 2017/08/12 02:50:05 jsing Exp $ */
+/* $OpenBSD: bs_cbb.c,v 1.17.4.1 2017/12/09 13:43:25 jsing Exp $ */
/*
* Copyright (c) 2014, Google Inc.
*
@@ -271,6 +271,20 @@
return 1;
}
+void
+CBB_discard_child(CBB *cbb)
+{
+ if (cbb->child == NULL)
+ return;
+
+ cbb->base->len = cbb->offset;
+
+ cbb->child->base = NULL;
+ cbb->child = NULL;
+ cbb->pending_len_len = 0;
+ cbb->pending_is_asn1 = 0;
+ cbb->offset = 0;
+}
static int
cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/ssl/bytestring.h
new/libressl-2.6.4/ssl/bytestring.h
--- old/libressl-2.6.3/ssl/bytestring.h 2017-03-07 06:43:54.000000000 +0100
+++ new/libressl-2.6.4/ssl/bytestring.h 2017-12-12 10:46:35.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: bytestring.h,v 1.15 2016/11/04 18:28:58 guenther Exp $
*/
+/* $OpenBSD: bytestring.h,v 1.15.6.1 2017/12/09 13:43:25 jsing Exp $
*/
/*
* Copyright (c) 2014, Google Inc.
*
@@ -394,6 +394,12 @@
int CBB_flush(CBB *cbb);
/*
+ * CBB_discard_child discards the current unflushed child of |cbb|. Neither the
+ * child's contents nor the length prefix will be included in the output.
+ */
+void CBB_discard_child(CBB *cbb);
+
+/*
* CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
* data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
* length. It returns one on success or zero on error.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/ssl/ssl_tlsext.c
new/libressl-2.6.4/ssl/ssl_tlsext.c
--- old/libressl-2.6.3/ssl/ssl_tlsext.c 2017-09-26 05:54:39.000000000 +0200
+++ new/libressl-2.6.4/ssl/ssl_tlsext.c 2017-12-12 10:46:35.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.17 2017/09/25 18:02:27 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.17.4.1 2017/12/09 13:43:25 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <js...@openbsd.org>
* Copyright (c) 2017 Doug Hogan <d...@openbsd.org>
@@ -1296,6 +1296,7 @@
{
CBB extensions, extension_data;
struct tls_extension *tlsext;
+ int extensions_present = 0;
size_t i;
if (!CBB_add_u16_length_prefixed(cbb, &extensions))
@@ -1313,8 +1314,13 @@
return 0;
if (!tls_extensions[i].clienthello_build(s, &extension_data))
return 0;
+
+ extensions_present = 1;
}
+ if (!extensions_present)
+ CBB_discard_child(cbb);
+
if (!CBB_flush(cbb))
return 0;
@@ -1351,6 +1357,7 @@
{
CBB extensions, extension_data;
struct tls_extension *tlsext;
+ int extensions_present = 0;
size_t i;
if (!CBB_add_u16_length_prefixed(cbb, &extensions))
@@ -1368,8 +1375,13 @@
return 0;
if (!tlsext->serverhello_build(s, &extension_data))
return 0;
+
+ extensions_present = 1;
}
+ if (!extensions_present)
+ CBB_discard_child(cbb);
+
if (!CBB_flush(cbb))
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-2.6.3/tls/tls_config.c
new/libressl-2.6.4/tls/tls_config.c
--- old/libressl-2.6.3/tls/tls_config.c 2017-09-26 05:54:39.000000000 +0200
+++ new/libressl-2.6.4/tls/tls_config.c 2017-12-12 10:46:35.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.44 2017/09/25 18:07:03 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.44.4.1 2017/12/09 16:49:17 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <js...@openbsd.org>
*
@@ -311,8 +311,10 @@
char *s, *p, *q;
int negate;
- if (protostr == NULL)
- return TLS_PROTOCOLS_DEFAULT;
+ if (protostr == NULL) {
+ *protocols = TLS_PROTOCOLS_DEFAULT;
+ return (0);
+ }
if ((s = strdup(protostr)) == NULL)
return (-1);
