Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2013-08-13 11:00:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2013-08-04
16:59:22.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2013-08-13
11:00:55.000000000 +0200
@@ -1,0 +2,47 @@
+Mon Aug 12 06:05:03 UTC 2013 - shch...@suse.com
+
+- Fix bug[ bnc#832833] openssl ssl_set_cert_masks() is broken
+ modify patch file: SSL_get_certificate-broken.patch
+
+-------------------------------------------------------------------
+Fri Aug 9 23:24:14 UTC 2013 - crrodrig...@opensuse.org
+
+- Via padlock is only found in x86 and x86_64 CPUs, remove
+ the shared module for other archs.
+
+-------------------------------------------------------------------
+Wed Aug 7 18:30:45 UTC 2013 - crrodrig...@opensuse.org
+
+- Cleanup engines that are of no use in a modern linux distro
+- The following engines stay:
+* libcapi.so --> usable in case you have third party /dev/crypto
+* libgmp.so --> may help to doing some maths using GMP
+* libgost.so --> implements the GOST block cipher
+* libpadlock.so --> VIA padlock support
+- Al other are removed because they require third party propietary
+ shared libraries nowhere to be found or that we can test.
+
+-------------------------------------------------------------------
+Wed Aug 7 18:30:23 UTC 2013 - crrodrig...@opensuse.org
+
+- openssl-pkgconfig.patch: Here we go.. For applications
+to benefit fully of features provided by openSSL engines
+(rdrand, aes-ni..etc) either builtin or in DSO form applications
+have to call ENGINE_load_builtin_engines() or OPENSSL_config()
+unfortunately from a total of 68 apps/libraries linked to libcrypto
+in a desktop system, only 4 do so, and there is a sea of buggy
+code that I dont feel like fixing.
+Instead we can pass -DOPENSSL_LOAD_CONF in the pkgconfig files
+so the needed operation becomes implicit the next time such apps
+are recompiled, see OPENSSL_config(3)
+Unfortunately this does not fix everything, because there are apps
+not using pkgconfig or using it incorrectly, but it is a good start.
+
+-------------------------------------------------------------------
+Wed Aug 7 09:33:55 UTC 2013 - dmuel...@suse.com
+
+- add openssl-1.0.1c-default-paths.patch:
+ Fix from Fedora for openssl s_client not setting
+ CApath by default
+
+-------------------------------------------------------------------
New:
----
SSL_get_certificate-broken.patch
openssl-1.0.1c-default-paths.patch
openssl-pkgconfig.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl.spec ++++++
--- /var/tmp/diff_new_pack.VltZDx/_old 2013-08-13 11:00:56.000000000 +0200
+++ /var/tmp/diff_new_pack.VltZDx/_new 2013-08-13 11:00:56.000000000 +0200
@@ -51,6 +51,9 @@
Patch6: openssl-1.0.1e-truststore.diff
Patch7: compression_methods_switch.patch
Patch8: 0005-libssl-Hide-library-private-symbols.patch
+Patch9: openssl-1.0.1c-default-paths.patch
+Patch10: openssl-pkgconfig.patch
+Patch11: SSL_get_certificate-broken.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -135,6 +138,10 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
@@ -327,6 +334,14 @@
ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
+for engine in 4758cca atalla nuron sureware ubsec cswift chil aep; do
+rm %{buildroot}/%{_lib}/engines/lib$engine.so
+done
+
+%ifnarch %{ix86} x86_64
+rm %{buildroot}/%{_lib}/engines/libpadlock.so
+%endif
+
%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
++++++ SSL_get_certificate-broken.patch ++++++
Index: openssl-1.0.1e/ssl/ssl_lib.c
===================================================================
--- openssl-1.0.1e.orig/ssl/ssl_lib.c
+++ openssl-1.0.1e/ssl/ssl_lib.c
@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
- if (s->server)
- return(ssl_get_server_send_cert(s));
- else if (s->cert != NULL)
+ if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);
++++++ openssl-1.0.1c-default-paths.patch ++++++
diff -up openssl-1.0.1c/apps/s_client.c.default-paths
openssl-1.0.1c/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18
19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100
@@ -1166,12 +1166,19 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (CAfile == NULL && CApath == NULL)
{
- /* BIO_printf(bio_err,"error setting default verify
locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
+ if (!SSL_CTX_set_default_verify_paths(ctx))
+ {
+ ERR_print_errors(bio_err);
+ }
+ }
+ else
+ {
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
}
#ifndef OPENSSL_NO_TLSEXT
diff -up openssl-1.0.1c/apps/s_server.c.default-paths
openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18
19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100
@@ -1565,13 +1565,21 @@ bad:
}
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (CAfile == NULL && CApath == NULL)
{
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
+ if (!SSL_CTX_set_default_verify_paths(ctx))
+ {
+ ERR_print_errors(bio_err);
+ }
+ }
+ else
+ {
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
}
+
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
@@ -1622,8 +1630,11 @@ bad:
else
SSL_CTX_sess_set_cache_size(ctx2,128);
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
{
ERR_print_errors(bio_err);
}
diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
--- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000
+0200
+++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100
@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ if (CAfile == NULL && CApath == NULL)
{
- /* BIO_printf(bio_err,"error setting default verify
locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
+ {
+ ERR_print_errors(bio_err);
+ }
+ }
+ else
+ {
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
}
if (tm_cipher == NULL)
++++++ openssl-pkgconfig.patch ++++++
--- openssl-1.0.1e.orig/Makefile.org
+++ openssl-1.0.1e/Makefile.org
@@ -366,7 +366,7 @@ libcrypto.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}
$(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -380,7 +380,7 @@ libssl.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}
$(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -394,7 +394,7 @@ openssl.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}
$(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
