Hello community,
here is the log from the commit of package openssl-1_1 for openSUSE:Factory
checked in at 2020-10-18 16:17:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old)
and /work/SRC/openSUSE:Factory/.openssl-1_1.new.3486 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1"
Sun Oct 18 16:17:49 2020 rev:19 rq:841379 version:1.1.1h
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1_1.changes 2020-05-19
14:43:26.863424689 +0200
+++ /work/SRC/openSUSE:Factory/.openssl-1_1.new.3486/openssl-1_1.changes
2020-10-18 16:17:53.812396704 +0200
@@ -1,0 +2,16 @@
+Mon Oct 12 15:22:54 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Escape rpm command %%expand when used in comment.
+
+-------------------------------------------------------------------
+Tue Sep 22 20:43:59 UTC 2020 - Vítězslav Čížek <vci...@suse.com>
+
+- Update to 1.1.1h
+ * Disallow explicit curve parameters in verifications chains when
X509_V_FLAG_X509_STRICT is used
+ * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
contexts
+- refresh openssl-fips_selftest_upstream_drbg.patch
+ * DRBG internals got renamed back:
+ reseed_gen_counter -> generate_counter
+ reseed_prop_counter -> reseed_counter
+
+-------------------------------------------------------------------
Old:
----
openssl-1.1.1g.tar.gz
openssl-1.1.1g.tar.gz.asc
New:
----
openssl-1.1.1h.tar.gz
openssl-1.1.1h.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-1_1.spec ++++++
--- /var/tmp/diff_new_pack.RKkvzB/_old 2020-10-18 16:17:54.916397196 +0200
+++ /var/tmp/diff_new_pack.RKkvzB/_new 2020-10-18 16:17:54.920397197 +0200
@@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" package!
-Version: 1.1.1g
+Version: 1.1.1h
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@@ -263,7 +263,7 @@
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
-# this shows up earlier because otherwise the %expand of
+# this shows up earlier because otherwise the %%expand of
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
++++++ openssl-1.1.1-fips.patch ++++++
++++ 1396 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1.1.1-fips.patch
++++ and
/work/SRC/openSUSE:Factory/.openssl-1_1.new.3486/openssl-1.1.1-fips.patch
++++++ openssl-fips_selftest_upstream_drbg.patch ++++++
--- /var/tmp/diff_new_pack.RKkvzB/_old 2020-10-18 16:17:55.112397283 +0200
+++ /var/tmp/diff_new_pack.RKkvzB/_new 2020-10-18 16:17:55.116397284 +0200
@@ -419,15 +419,15 @@
+ /* Instantiate again with valid data */
+ if (!instantiate(drbg, td, &t))
+ goto err;
-+ reseed_counter_tmp = drbg->reseed_gen_counter;
-+ drbg->reseed_gen_counter = drbg->reseed_interval;
++ reseed_counter_tmp = drbg->generate_counter;
++ drbg->generate_counter = drbg->reseed_interval;
+
+ /* Generate output and check entropy has been requested for reseed */
+ t.entropycnt = 0;
+ if (!RAND_DRBG_generate(drbg, buff, td->exlen, 0,
+ td->adin, td->adinlen)
+ || t.entropycnt != 1
-+ || drbg->reseed_gen_counter != reseed_counter_tmp + 1
++ || drbg->generate_counter != reseed_counter_tmp + 1
+ || !uninstantiate(drbg))
+ goto err;
+
@@ -444,15 +444,15 @@
+ /* Test reseed counter works */
+ if (!instantiate(drbg, td, &t))
+ goto err;
-+ reseed_counter_tmp = drbg->reseed_gen_counter;
-+ drbg->reseed_gen_counter = drbg->reseed_interval;
++ reseed_counter_tmp = drbg->generate_counter;
++ drbg->generate_counter = drbg->reseed_interval;
+
+ /* Generate output and check entropy has been requested for reseed */
+ t.entropycnt = 0;
+ if (!RAND_DRBG_generate(drbg, buff, td->exlen, 0,
+ td->adin, td->adinlen)
+ || t.entropycnt != 1
-+ || drbg->reseed_gen_counter != reseed_counter_tmp + 1
++ || drbg->generate_counter != reseed_counter_tmp + 1
+ || !uninstantiate(drbg))
+ goto err;
+
@@ -642,14 +642,14 @@
+ */
+
+ /* Test whether seed propagation is enabled */
-+ if (master->reseed_prop_counter == 0
-+ || public->reseed_prop_counter == 0
-+ || private->reseed_prop_counter == 0)
++ if (master->reseed_counter == 0
++ || public->reseed_counter == 0
++ || private->reseed_counter == 0)
+ return 0;
+
+ /* Check whether the master DRBG's reseed counter is the largest one */
-+ if (public->reseed_prop_counter > master->reseed_prop_counter
-+ || private->reseed_prop_counter > master->reseed_prop_counter)
++ if (public->reseed_counter > master->reseed_counter
++ || private->reseed_counter > master->reseed_counter)
+ return 0;
+
+ /*
@@ -697,8 +697,8 @@
+
+ if (expect_success == 1) {
+ /* Test whether all three reseed counters are synchronized */
-+ if (public->reseed_prop_counter != master->reseed_prop_counter
-+ || private->reseed_prop_counter != master->reseed_prop_counter)
++ if (public->reseed_counter != master->reseed_counter
++ || private->reseed_counter != master->reseed_counter)
+ return 0;
+
+ /* Test whether reseed time of master DRBG is set correctly */
@@ -816,7 +816,7 @@
+ * Test whether the public and private DRBG are both reseeded when their
+ * reseed counters differ from the master's reseed counter.
+ */
-+ master->reseed_prop_counter++;
++ master->reseed_counter++;
+ if (!test_drbg_reseed(1, master, public, private, 0, 1, 1, 0))
+ goto error;
+ reset_drbg_hook_ctx();
@@ -825,8 +825,8 @@
+ * Test whether the public DRBG is reseeded when its reseed counter
differs
+ * from the master's reseed counter.
+ */
-+ master->reseed_prop_counter++;
-+ private->reseed_prop_counter++;
++ master->reseed_counter++;
++ private->reseed_counter++;
+ if (!test_drbg_reseed(1, master, public, private, 0, 1, 0, 0))
+ goto error;
+ reset_drbg_hook_ctx();
@@ -835,8 +835,8 @@
+ * Test whether the private DRBG is reseeded when its reseed counter
differs
+ * from the master's reseed counter.
+ */
-+ master->reseed_prop_counter++;
-+ public->reseed_prop_counter++;
++ master->reseed_counter++;
++ public->reseed_counter++;
+ if (!test_drbg_reseed(1, master, public, private, 0, 0, 1, 0))
+ goto error;
+ reset_drbg_hook_ctx();
@@ -869,7 +869,7 @@
+ * Test whether none of the DRBGs is reseed if the master fails to reseed
+ */
+ master_ctx.fail = 1;
-+ master->reseed_prop_counter++;
++ master->reseed_counter++;
+ RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
+ if (!test_drbg_reseed(0, master, public, private, 0, 0, 0, 0))
+ goto error;
