Hello community, here is the log from the commit of package openssl-1_1 for openSUSE:Factory checked in at 2020-10-18 16:17:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1.new.3486 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1" Sun Oct 18 16:17:49 2020 rev:19 rq:841379 version:1.1.1h Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1_1.changes 2020-05-19 14:43:26.863424689 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_1.new.3486/openssl-1_1.changes 2020-10-18 16:17:53.812396704 +0200 @@ -1,0 +2,16 @@ +Mon Oct 12 15:22:54 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org> + +- Escape rpm command %%expand when used in comment. + +------------------------------------------------------------------- +Tue Sep 22 20:43:59 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Update to 1.1.1h + * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used + * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts +- refresh openssl-fips_selftest_upstream_drbg.patch + * DRBG internals got renamed back: + reseed_gen_counter -> generate_counter + reseed_prop_counter -> reseed_counter + +------------------------------------------------------------------- Old: ---- openssl-1.1.1g.tar.gz openssl-1.1.1g.tar.gz.asc New: ---- openssl-1.1.1h.tar.gz openssl-1.1.1h.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_1.spec ++++++ --- /var/tmp/diff_new_pack.RKkvzB/_old 2020-10-18 16:17:54.916397196 +0200 +++ /var/tmp/diff_new_pack.RKkvzB/_new 2020-10-18 16:17:54.920397197 +0200 @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1g +Version: 1.1.1h Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -263,7 +263,7 @@ # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # -# this shows up earlier because otherwise the %expand of +# this shows up earlier because otherwise the %%expand of # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs' ++++++ openssl-1.1.1-fips.patch ++++++ ++++ 1396 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1.1.1-fips.patch ++++ and /work/SRC/openSUSE:Factory/.openssl-1_1.new.3486/openssl-1.1.1-fips.patch ++++++ openssl-fips_selftest_upstream_drbg.patch ++++++ --- /var/tmp/diff_new_pack.RKkvzB/_old 2020-10-18 16:17:55.112397283 +0200 +++ /var/tmp/diff_new_pack.RKkvzB/_new 2020-10-18 16:17:55.116397284 +0200 @@ -419,15 +419,15 @@ + /* Instantiate again with valid data */ + if (!instantiate(drbg, td, &t)) + goto err; -+ reseed_counter_tmp = drbg->reseed_gen_counter; -+ drbg->reseed_gen_counter = drbg->reseed_interval; ++ reseed_counter_tmp = drbg->generate_counter; ++ drbg->generate_counter = drbg->reseed_interval; + + /* Generate output and check entropy has been requested for reseed */ + t.entropycnt = 0; + if (!RAND_DRBG_generate(drbg, buff, td->exlen, 0, + td->adin, td->adinlen) + || t.entropycnt != 1 -+ || drbg->reseed_gen_counter != reseed_counter_tmp + 1 ++ || drbg->generate_counter != reseed_counter_tmp + 1 + || !uninstantiate(drbg)) + goto err; + @@ -444,15 +444,15 @@ + /* Test reseed counter works */ + if (!instantiate(drbg, td, &t)) + goto err; -+ reseed_counter_tmp = drbg->reseed_gen_counter; -+ drbg->reseed_gen_counter = drbg->reseed_interval; ++ reseed_counter_tmp = drbg->generate_counter; ++ drbg->generate_counter = drbg->reseed_interval; + + /* Generate output and check entropy has been requested for reseed */ + t.entropycnt = 0; + if (!RAND_DRBG_generate(drbg, buff, td->exlen, 0, + td->adin, td->adinlen) + || t.entropycnt != 1 -+ || drbg->reseed_gen_counter != reseed_counter_tmp + 1 ++ || drbg->generate_counter != reseed_counter_tmp + 1 + || !uninstantiate(drbg)) + goto err; + @@ -642,14 +642,14 @@ + */ + + /* Test whether seed propagation is enabled */ -+ if (master->reseed_prop_counter == 0 -+ || public->reseed_prop_counter == 0 -+ || private->reseed_prop_counter == 0) ++ if (master->reseed_counter == 0 ++ || public->reseed_counter == 0 ++ || private->reseed_counter == 0) + return 0; + + /* Check whether the master DRBG's reseed counter is the largest one */ -+ if (public->reseed_prop_counter > master->reseed_prop_counter -+ || private->reseed_prop_counter > master->reseed_prop_counter) ++ if (public->reseed_counter > master->reseed_counter ++ || private->reseed_counter > master->reseed_counter) + return 0; + + /* @@ -697,8 +697,8 @@ + + if (expect_success == 1) { + /* Test whether all three reseed counters are synchronized */ -+ if (public->reseed_prop_counter != master->reseed_prop_counter -+ || private->reseed_prop_counter != master->reseed_prop_counter) ++ if (public->reseed_counter != master->reseed_counter ++ || private->reseed_counter != master->reseed_counter) + return 0; + + /* Test whether reseed time of master DRBG is set correctly */ @@ -816,7 +816,7 @@ + * Test whether the public and private DRBG are both reseeded when their + * reseed counters differ from the master's reseed counter. + */ -+ master->reseed_prop_counter++; ++ master->reseed_counter++; + if (!test_drbg_reseed(1, master, public, private, 0, 1, 1, 0)) + goto error; + reset_drbg_hook_ctx(); @@ -825,8 +825,8 @@ + * Test whether the public DRBG is reseeded when its reseed counter differs + * from the master's reseed counter. + */ -+ master->reseed_prop_counter++; -+ private->reseed_prop_counter++; ++ master->reseed_counter++; ++ private->reseed_counter++; + if (!test_drbg_reseed(1, master, public, private, 0, 1, 0, 0)) + goto error; + reset_drbg_hook_ctx(); @@ -835,8 +835,8 @@ + * Test whether the private DRBG is reseeded when its reseed counter differs + * from the master's reseed counter. + */ -+ master->reseed_prop_counter++; -+ public->reseed_prop_counter++; ++ master->reseed_counter++; ++ public->reseed_counter++; + if (!test_drbg_reseed(1, master, public, private, 0, 0, 1, 0)) + goto error; + reset_drbg_hook_ctx(); @@ -869,7 +869,7 @@ + * Test whether none of the DRBGs is reseed if the master fails to reseed + */ + master_ctx.fail = 1; -+ master->reseed_prop_counter++; ++ master->reseed_counter++; + RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); + if (!test_drbg_reseed(0, master, public, private, 0, 0, 0, 0)) + goto error;