commit openssl for openSUSE:Factory
Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2012-02-03 10:24:53 Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) Package is "openssl", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2011-10-19 13:42:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2012-02-03 10:25:02.0 +0100 @@ -1,0 +2,16 @@ +Thu Feb 2 06:55:12 UTC 2012 - g...@suse.com + +- Update to version 1.0.0g fix the following: + DTLS DoS attack (CVE-2012-0050) + +--- +Wed Jan 11 05:35:18 UTC 2012 - g...@suse.com + +- Update to version 1.0.0f fix the following: + DTLS Plaintext Recovery Attack (CVE-2011-4108) + Uninitialized SSL 3.0 Padding (CVE-2011-4576) + Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) + SGC Restart DoS Attack (CVE-2011-4619) + Invalid GOST parameters DoS Attack (CVE-2012-0027) + +--- Old: openssl-1.0.0e.tar.bz2 New: openssl-1.0.0g.tar.bz2 Other differences: -- ++ openssl.spec ++ --- /var/tmp/diff_new_pack.Ij5yxf/_old 2012-02-03 10:25:03.0 +0100 +++ /var/tmp/diff_new_pack.Ij5yxf/_new 2012-02-03 10:25:03.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,9 +30,7 @@ %ifarch ppc64 Obsoletes: openssl-64bit %endif -# -#Version:1.0.0 -Version:1.0.0e +Version:1.0.0g Release:1 Summary:Secure Sockets and Transport Layer Security Url:http://www.openssl.org/ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2012-03-07 20:09:51
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2012-02-03
10:25:02.0 +0100
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2012-03-07
20:09:59.0 +0100
@@ -1,0 +2,6 @@
+Fri Feb 24 02:33:22 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
+ asn1 parser.
+
+---
New:
Bug748738_Tolerate_bad_MIME_headers.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.cUqlj4/_old 2012-03-07 20:10:00.0 +0100
+++ /var/tmp/diff_new_pack.cUqlj4/_new 2012-03-07 20:10:00.0 +0100
@@ -49,6 +49,7 @@
Patch7: openssl-1.0.0b-aesni.patch
#Patch8: CVE-2011-0014.patch
Patch10:openssl-call-engine-reg-comp.patch
+Patch11:Bug748738_Tolerate_bad_MIME_headers.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -186,6 +187,7 @@
%patch7
#%patch8 -p1
%patch10
+%patch11 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ Bug748738_Tolerate_bad_MIME_headers.patch ++
Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
===
--- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c
+++ openssl-1.0.0g/crypto/asn1/asn_mime.c
@@ -858,6 +858,10 @@ static int mime_hdr_addparam(MIME_HEADER
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
+ if ((*a)->name == NULL || (*b)->name == NULL)
+ return (*a)->name - (*b)->name < 0 ? -1 :
+ (*a)->name - (*b)->name > 0 ? 1 : 0;
+
return(strcmp((*a)->name, (*b)->name));
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Fri Sep 9 11:49:18 CEST 2011.
--- openssl/openssl.changes 2011-08-06 02:37:39.0 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-09-07
16:32:25.0 +0200
@@ -1,0 +2,6 @@
+Wed Sep 7 14:29:41 UTC 2011 - crrodrig...@opensuse.org
+
+- Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210
+ see http://openssl.org/news/secadv_20110906.txt for details.
+
+---
calling whatdependson for head-i586
Old:
ECDSA_signatures_timing_attack.patch
openssl-1.0.0d.tar.bz2
New:
openssl-1.0.0e.tar.bz2
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.ThJV88/_old 2011-09-09 11:49:11.0 +0200
+++ /var/tmp/diff_new_pack.ThJV88/_new 2011-09-09 11:49:11.0 +0200
@@ -32,8 +32,8 @@
%endif
#
#Version:1.0.0
-Version:1.0.0d
-Release:31
+Version:1.0.0e
+Release:1
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -50,7 +50,6 @@
#Patch6: CVE-2010-3864.patch
Patch7: openssl-1.0.0b-aesni.patch
#Patch8: CVE-2011-0014.patch
-Patch9: ECDSA_signatures_timing_attack.patch
Patch10:openssl-call-engine-reg-comp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -188,7 +187,6 @@
#%patch6 -p1
%patch7 -p1
#%patch8 -p1
-%patch9 -p1
%patch10
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
++ openssl-1.0.0d.tar.bz2 -> openssl-1.0.0e.tar.bz2 ++
9639 lines of diff (skipped)
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2012-03-20 17:49:15
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2012-03-07
20:09:59.0 +0100
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2012-03-20
17:49:17.0 +0100
@@ -1,0 +2,6 @@
+Tue Mar 20 14:29:24 UTC 2012 - cfarr...@suse.com
+
+- license update: OpenSSL
+
+
+---
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.XMQ0rp/_old 2012-03-20 17:49:19.0 +0100
+++ /var/tmp/diff_new_pack.XMQ0rp/_new 2012-03-20 17:49:19.0 +0100
@@ -22,7 +22,7 @@
BuildRequires: bc ed pkg-config zlib-devel
%define ssletcdir %{_sysconfdir}/ssl
%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
-License:BSD-3-Clause
+License:OpenSSL
Group: Productivity/Networking/Security
Provides: ssl
AutoReqProv:on
@@ -82,7 +82,7 @@
Paul C. Sutton
%package -n libopenssl1_0_0
-License:BSD-3-Clause
+License:OpenSSL
Summary:Secure Sockets and Transport Layer Security
Group: Productivity/Networking/Security
Recommends: openssl-certs
@@ -122,7 +122,7 @@
Paul C. Sutton
%package -n libopenssl-devel
-License:BSD-3-Clause
+License:OpenSSL
Summary:Include Files and Libraries mandatory for Development
Group: Development/Libraries/C and C++
Obsoletes: openssl-devel < %{version}
@@ -153,7 +153,7 @@
Paul C. Sutton
%package doc
-License:BSD-3-Clause
+License:OpenSSL
Summary:Additional Package Documentation
Group: Productivity/Networking/Security
BuildArch: noarch
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2012-04-17 22:00:24
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2012-03-20
17:49:17.0 +0100
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2012-04-17
22:00:29.0 +0200
@@ -1,0 +2,19 @@
+Tue Mar 27 09:16:37 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#749735] - Memory leak when creating public keys.
+ fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack
+ CVE-2012-0884
+
+---
+Thu Mar 22 03:24:20 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#751946] - S/MIME verification may erroneously fail
+ CVE-2012-1165
+
+---
+Wed Mar 21 02:44:41 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#749213]-Free headers after use in error message
+ and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
+
+---
@@ -6 +24,0 @@
-
@@ -11,0 +30 @@
+ CVE-2006-7250
New:
CVE-2012-0884.patch
CVE-2012-1165.patch
bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
bug749213-Free-headers-after-use.patch
bug749735.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.WvLsxJ/_old 2012-04-17 22:00:31.0 +0200
+++ /var/tmp/diff_new_pack.WvLsxJ/_new 2012-04-17 22:00:31.0 +0200
@@ -50,6 +50,11 @@
#Patch8: CVE-2011-0014.patch
Patch10:openssl-call-engine-reg-comp.patch
Patch11:Bug748738_Tolerate_bad_MIME_headers.patch
+Patch12:bug749213-Free-headers-after-use.patch
+Patch13:bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
+Patch14:CVE-2012-1165.patch
+Patch15:CVE-2012-0884.patch
+Patch16:bug749735.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -188,6 +193,11 @@
#%patch8 -p1
%patch10
%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ CVE-2012-0884.patch ++
Index: openssl-1.0.0c/crypto/cms/cms.h
===
--- openssl-1.0.0c.orig/crypto/cms/cms.h
+++ openssl-1.0.0c/crypto/cms/cms.h
@@ -111,6 +111,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentI
#define CMS_PARTIAL0x4000
#define CMS_REUSE_DIGEST 0x8000
#define CMS_USE_KEYID 0x1
+#define CMS_DEBUG_DECRYPT 0x2
const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
Index: openssl-1.0.0c/crypto/cms/cms_enc.c
===
--- openssl-1.0.0c.orig/crypto/cms/cms_enc.c
+++ openssl-1.0.0c/crypto/cms/cms_enc.c
@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
const EVP_CIPHER *ciph;
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+ unsigned char *tkey = NULL;
+ size_t tkeylen;
int ok = 0;
@@ -139,30 +141,55 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
}
- if (enc && !ec->key)
+ /* Generate random session key */
+ if (!enc || !ec->key)
{
- /* Generate random key */
- if (!ec->keylen)
- ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
- ec->key = OPENSSL_malloc(ec->keylen);
- if (!ec->key)
+ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+ tkey = OPENSSL_malloc(tkeylen);
+ if (!tkey)
{
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
ERR_R_MALLOC_FAILURE);
goto err;
}
- if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+ if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
goto err;
- keep_key = 1;
}
- else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+ if (!ec->key)
+ {
+ ec->key = tkey;
+ ec->keylen = tkeylen;
+ tkey = NULL;
+ if (enc)
+ keep_key = 1;
+ else
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2012-04-23 17:40:09
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2012-04-17
22:00:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2012-04-23
17:40:11.0 +0200
@@ -1,0 +2,13 @@
+Mon Apr 23 05:57:35 UTC 2012 - g...@suse.com
+
+- update to latest stable verison 1.0.0i
+ including the following patches:
+ CVE-2012-2110.path
+ Bug748738_Tolerate_bad_MIME_headers.patch
+ bug749213-Free-headers-after-use.patch
+ bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
+ CVE-2012-1165.patch
+ CVE-2012-0884.patch
+ bug749735.patch
+
+---
Old:
Bug748738_Tolerate_bad_MIME_headers.patch
CVE-2012-0884.patch
CVE-2012-1165.patch
bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
bug749213-Free-headers-after-use.patch
bug749735.patch
openssl-1.0.0g.tar.bz2
New:
openssl-1.0.0i.tar.bz2
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.0yOMFp/_old 2012-04-23 17:40:13.0 +0200
+++ /var/tmp/diff_new_pack.0yOMFp/_new 2012-04-23 17:40:13.0 +0200
@@ -30,7 +30,7 @@
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
-Version:1.0.0g
+Version:1.0.0i
Release:1
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
@@ -49,12 +49,12 @@
Patch7: openssl-1.0.0b-aesni.patch
#Patch8: CVE-2011-0014.patch
Patch10:openssl-call-engine-reg-comp.patch
-Patch11:Bug748738_Tolerate_bad_MIME_headers.patch
-Patch12:bug749213-Free-headers-after-use.patch
-Patch13:bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
-Patch14:CVE-2012-1165.patch
-Patch15:CVE-2012-0884.patch
-Patch16:bug749735.patch
+#Patch11:Bug748738_Tolerate_bad_MIME_headers.patch
+#Patch12:bug749213-Free-headers-after-use.patch
+#Patch13:bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
+#Patch14:CVE-2012-1165.patch
+#Patch15:CVE-2012-0884.patch
+#Patch16:bug749735.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -192,12 +192,12 @@
%patch7
#%patch8 -p1
%patch10
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
+#%patch11 -p1
+#%patch12 -p1
+#%patch13 -p1
+#%patch14 -p1
+#%patch15 -p1
+#%patch16 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Fri Apr 15 09:20:25 CEST 2011.
--- openssl/openssl.changes 2011-02-10 08:45:42.0 +0100
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-04-13
05:21:06.0 +0200
@@ -1,0 +2,19 @@
+Wed Apr 13 02:03:02 UTC 2011 - crrodrig...@opensuse.org
+
+- Fix engine loading issues [bnc#660452]
+- Update AES-NI patch to upstream version 4
+- Drop CVE-2011-0014.patch and replace it with pristine tarball
+ of 1.0.0d which only fixes this vulnerability.
+
+---
+Sat Apr 9 18:18:42 UTC 2011 - crrodrig...@opensuse.org
+
+- Correct last change
+
+---
+Sat Apr 9 15:00:33 UTC 2011 - crrodrig...@opensuse.org
+
+- Disable SSLv2 support permanently,it must not be used.
+- No longer requires -fno-strict-aliasing
+
+---
calling whatdependson for head-i586
Old:
CVE-2011-0014.patch
openssl-1.0.0b-aesni.patch
openssl-1.0.0c.tar.bz2
New:
_service
_service:download_url:openssl-1.0.0d.tar.gz
openssl-1.0.0-aesni-v4.patch
openssl-padlock-x86_64-head.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.zKHfJF/_old 2011-04-15 09:13:22.0 +0200
+++ /var/tmp/diff_new_pack.zKHfJF/_new 2011-04-15 09:13:22.0 +0200
@@ -32,11 +32,11 @@
%endif
#
#Version:1.0.0
-Version:1.0.0c
-Release:20
+Version:1.0.0d
+Release:1
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
-Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
+Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz
# to get mtime of file:
Source1:openssl.changes
Source2:baselibs.conf
@@ -48,8 +48,9 @@
#Patch4: patchset-19727.diff
#Patch5: CVE-2010-2939.patch
#Patch6: CVE-2010-3864.patch
-Patch7: openssl-1.0.0b-aesni.patch
-Patch8: CVE-2011-0014.patch
+Patch7: openssl-1.0.0-aesni-v4.patch
+#PATCH_FIX-UPSTREAM Fix padlock engine in x86_64 hosts
+Patch8: openssl-padlock-x86_64-head.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -178,12 +179,12 @@
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
+%patch2
#%patch3 -p1
#%patch4 -p1
#%patch5 -p1
#%patch6 -p1
-%patch7 -p1
+%patch7
%patch8 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
@@ -224,6 +225,9 @@
./config --test-sanity
#
config_flags="threads shared no-rc5 no-idea \
+%if 0%{suse_version} > 1140
+no-ssl2 \
+%endif
enable-camellia \
zlib \
--prefix=%{_prefix} \
@@ -232,7 +236,6 @@
$RPM_OPT_FLAGS \
-Wa,--noexecstack \
-fomit-frame-pointer \
--fno-strict-aliasing \
-DTERMIO \
-DPURIFY \
%ifnarch hppa
@@ -337,7 +340,7 @@
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
- meth = SSLv2_client_method();
+ meth = SSLv23_client_method();
SSLeay_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (ctx == NULL) return 0;
@@ -370,14 +373,36 @@
ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
+#ugly artifact to delete engines that are disabled/unusable in LINUX
+#that for some reason the build system insist on creating.
+
+# CAPI, Windows specific
+rm %{buildroot}/%_lib/engines/libcapi.so
+# GMP, has been always non-functional
+rm %{buildroot}/%_lib/engines/libgmp.so
+# Requires propietary Broadcom library, not available
+rm %{buildroot}/%_lib/engines/libubsec.so
+#Requires library called libnfhwcrhk.so which is not available
+rm %{buildroot}/%_lib/engines/libchil.so
+#requires library named "SureWareHook" which is not available
+rm %{buildroot}/%_lib/engines/libsureware.so
+#requires DSO "libswift.so",propietary and not available
+rm %{buildroot}/%_lib/engines/libcswift.so
+#requires DSO "nuronssl.so", propietary and not available
+rm %{buildroot}/%_lib/engines/libnuron.so
+#only supported in AIX and Windows...
+rm %{buildroot}/%_lib/engines/lib4758cca.so
+# deprecated in favor of http://sourceforge.net/projects/opencryptoki/files/
(??)
+rm %{buildroot}/%_lib/engines/libaep.so
+# HP Atalla AXL600L SSL Accelerator Card, EOL, linux 2.4/SLE8, useless nowdays
+rm %{buildroot}/%_lib/engines/libatalla.so
+
%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
-%post -n libopenssl1_0_0
-/sbin/ldconfig
+%post -n libopenssl1_0_0 -p /sbin/ldconfig
-%postun -n libopenssl1_0_0
-/sbin/ldconfig
+%postun -n libopenssl1_0_0 -p /sbin/ldconfig
%files -n libopenssl1_0_0
%defattr(-, root, root)
++ _service ++
http
www.openssl.org
/source/openssl-1.0.0
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Thu Apr 21 13:51:13 CEST 2011.
--- openssl/openssl.changes 2011-04-13 05:21:06.0 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-02-10
08:45:42.0 +0100
@@ -2,19 +1,0 @@
-Wed Apr 13 02:03:02 UTC 2011 - crrodrig...@opensuse.org
-
-- Fix engine loading issues [bnc#660452]
-- Update AES-NI patch to upstream version 4
-- Drop CVE-2011-0014.patch and replace it with pristine tarball
- of 1.0.0d which only fixes this vulnerability.
-
-Sat Apr 9 18:18:42 UTC 2011 - crrodrig...@opensuse.org
-
-- Correct last change
-
-Sat Apr 9 15:00:33 UTC 2011 - crrodrig...@opensuse.org
-
-- Disable SSLv2 support permanently,it must not be used.
-- No longer requires -fno-strict-aliasing
-
calling whatdependson for head-i586
Old:
_service
_service:download_url:openssl-1.0.0d.tar.gz
openssl-1.0.0-aesni-v4.patch
openssl-padlock-x86_64-head.patch
New:
CVE-2011-0014.patch
openssl-1.0.0b-aesni.patch
openssl-1.0.0c.tar.bz2
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.wNQ9BK/_old 2011-04-21 13:50:46.0 +0200
+++ /var/tmp/diff_new_pack.wNQ9BK/_new 2011-04-21 13:50:46.0 +0200
@@ -32,11 +32,11 @@
%endif
#
#Version:1.0.0
-Version:1.0.0d
-Release:1
+Version:1.0.0c
+Release:21
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
-Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz
+Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
# to get mtime of file:
Source1:openssl.changes
Source2:baselibs.conf
@@ -48,9 +48,8 @@
#Patch4: patchset-19727.diff
#Patch5: CVE-2010-2939.patch
#Patch6: CVE-2010-3864.patch
-Patch7: openssl-1.0.0-aesni-v4.patch
-#PATCH_FIX-UPSTREAM Fix padlock engine in x86_64 hosts
-Patch8: openssl-padlock-x86_64-head.patch
+Patch7: openssl-1.0.0b-aesni.patch
+Patch8: CVE-2011-0014.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -179,12 +178,12 @@
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2
+%patch2 -p1
#%patch3 -p1
#%patch4 -p1
#%patch5 -p1
#%patch6 -p1
-%patch7
+%patch7 -p1
%patch8 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
@@ -225,9 +224,6 @@
./config --test-sanity
#
config_flags="threads shared no-rc5 no-idea \
-%if 0%{suse_version} > 1140
-no-ssl2 \
-%endif
enable-camellia \
zlib \
--prefix=%{_prefix} \
@@ -236,6 +232,7 @@
$RPM_OPT_FLAGS \
-Wa,--noexecstack \
-fomit-frame-pointer \
+-fno-strict-aliasing \
-DTERMIO \
-DPURIFY \
%ifnarch hppa
@@ -340,7 +337,7 @@
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
- meth = SSLv23_client_method();
+ meth = SSLv2_client_method();
SSLeay_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (ctx == NULL) return 0;
@@ -373,36 +370,14 @@
ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
-#ugly artifact to delete engines that are disabled/unusable in LINUX
-#that for some reason the build system insist on creating.
-
-# CAPI, Windows specific
-rm %{buildroot}/%_lib/engines/libcapi.so
-# GMP, has been always non-functional
-rm %{buildroot}/%_lib/engines/libgmp.so
-# Requires propietary Broadcom library, not available
-rm %{buildroot}/%_lib/engines/libubsec.so
-#Requires library called libnfhwcrhk.so which is not available
-rm %{buildroot}/%_lib/engines/libchil.so
-#requires library named "SureWareHook" which is not available
-rm %{buildroot}/%_lib/engines/libsureware.so
-#requires DSO "libswift.so",propietary and not available
-rm %{buildroot}/%_lib/engines/libcswift.so
-#requires DSO "nuronssl.so", propietary and not available
-rm %{buildroot}/%_lib/engines/libnuron.so
-#only supported in AIX and Windows...
-rm %{buildroot}/%_lib/engines/lib4758cca.so
-# deprecated in favor of http://sourceforge.net/projects/opencryptoki/files/
(??)
-rm %{buildroot}/%_lib/engines/libaep.so
-# HP Atalla AXL600L SSL Accelerator Card, EOL, linux 2.4/SLE8, useless nowdays
-rm %{buildroot}/%_lib/engines/libatalla.so
-
%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
-%post -n libopenssl1_0_0 -p /sbin/ldconfig
+%post -n libopenssl1_0_0
+/sbin/ldconfig
-%postun -n libopenssl1_0_0 -p /sbin/ldconfig
+%postun -n libopenssl1_0_0
+/sbin/ldconfig
%files -n libopenssl1_0_0
%defattr(-, root, root)
++ CVE-2011-0014.patch ++
Index: openssl-1.0.0c/ssl/t1_lib.c
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2011-12-06 18:34:43
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.lcta5C/_old 2011-12-06 18:56:18.0 +0100
+++ /var/tmp/diff_new_pack.lcta5C/_new 2011-12-06 18:56:18.0 +0100
@@ -22,7 +22,7 @@
BuildRequires: bc ed pkg-config zlib-devel
%define ssletcdir %{_sysconfdir}/ssl
%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
-License:BSD3c(or similar)
+License:BSD-3-Clause
Group: Productivity/Networking/Security
Provides: ssl
AutoReqProv:on
@@ -83,7 +83,7 @@
Paul C. Sutton
%package -n libopenssl1_0_0
-License:BSD3c(or similar)
+License:BSD-3-Clause
Summary:Secure Sockets and Transport Layer Security
Group: Productivity/Networking/Security
Recommends: openssl-certs
@@ -123,7 +123,7 @@
Paul C. Sutton
%package -n libopenssl-devel
-License:BSD3c(or similar)
+License:BSD-3-Clause
Summary:Include Files and Libraries mandatory for Development
Group: Development/Libraries/C and C++
Obsoletes: openssl-devel < %{version}
@@ -154,7 +154,7 @@
Paul C. Sutton
%package doc
-License:BSD3c(or similar)
+License:BSD-3-Clause
Summary:Additional Package Documentation
Group: Productivity/Networking/Security
BuildArch: noarch
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Tue Mar 15 09:28:50 CET 2011.
--- openssl/openssl.changes 2011-01-15 21:02:09.0 +0100
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-02-10
08:45:42.0 +0100
@@ -1,0 +2,6 @@
+Thu Feb 10 07:42:01 UTC 2011 - g...@novell.com
+
+- fix bug [bnc#670526]
+ CVE-2011-0014,OCSP stapling vulnerability
+
+---
calling whatdependson for head-i586
New:
CVE-2011-0014.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.N472WH/_old 2011-03-15 09:28:46.0 +0100
+++ /var/tmp/diff_new_pack.N472WH/_new 2011-03-15 09:28:46.0 +0100
@@ -33,7 +33,7 @@
#
#Version:1.0.0
Version:1.0.0c
-Release:3
+Release:20
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -49,6 +49,7 @@
#Patch5: CVE-2010-2939.patch
#Patch6: CVE-2010-3864.patch
Patch7: openssl-1.0.0b-aesni.patch
+Patch8: CVE-2011-0014.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -183,6 +184,7 @@
#%patch5 -p1
#%patch6 -p1
%patch7 -p1
+%patch8 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ CVE-2011-0014.patch ++
Index: openssl-1.0.0c/ssl/t1_lib.c
===
--- openssl-1.0.0c.orig/ssl/t1_lib.c
+++ openssl-1.0.0c/ssl/t1_lib.c
@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Tue Jul 26 13:47:35 CEST 2011.
--- openssl/openssl.changes 2011-06-24 07:11:45.0 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-07-25
21:07:45.0 +0200
@@ -1,0 +2,5 @@
+Mon Jul 25 19:07:32 UTC 2011 - jeng...@medozas.de
+
+- Edit baselibs.conf to provide libopenssl-devel-32bit too
+
+---
calling whatdependson for head-i586
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.CGmgnK/_old 2011-07-26 13:47:12.0 +0200
+++ /var/tmp/diff_new_pack.CGmgnK/_new 2011-07-26 13:47:12.0 +0200
@@ -33,7 +33,7 @@
#
#Version:1.0.0
Version:1.0.0d
-Release:22
+Release:27
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
++ baselibs.conf ++
--- /var/tmp/diff_new_pack.CGmgnK/_old 2011-07-26 13:47:12.0 +0200
+++ /var/tmp/diff_new_pack.CGmgnK/_new 2011-07-26 13:47:12.0 +0200
@@ -1,2 +1,5 @@
libopenssl1_0_0
obsoletes "openssl- <= "
+libopenssl-devel
+ requires -libopenssl-
+ requires "libopenssl1_0_0- = "
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Sat Aug 6 19:08:57 CEST 2011.
--- openssl/openssl.changes 2011-07-25 21:07:45.0 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-08-05
21:10:43.0 +0200
@@ -1,0 +2,6 @@
+Fri Aug 5 19:09:42 UTC 2011 - crrodrig...@opensuse.org
+
+- remove -fno-strict-aliasing from CFLAGS no longer needed
+ and is likely to slow down stuff.
+
+---
calling whatdependson for head-i586
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.SCyvo8/_old 2011-08-06 19:08:39.0 +0200
+++ /var/tmp/diff_new_pack.SCyvo8/_new 2011-08-06 19:08:39.0 +0200
@@ -33,7 +33,7 @@
#
#Version:1.0.0
Version:1.0.0d
-Release:27
+Release:29
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -235,7 +235,6 @@
$RPM_OPT_FLAGS \
-Wa,--noexecstack \
-fomit-frame-pointer \
--fno-strict-aliasing \
-DTERMIO \
-DPURIFY \
%ifnarch hppa
@@ -340,7 +339,7 @@
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
- meth = SSLv2_client_method();
+ meth = SSLv23_client_method();
SSLeay_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (ctx == NULL) return 0;
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Mon Aug 15 09:41:59 CEST 2011.
--- openssl/openssl.changes 2011-08-05 21:10:43.0 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-08-06
02:37:39.0 +0200
@@ -1,0 +2,7 @@
+Sat Aug 6 00:33:47 UTC 2011 - crrodrig...@opensuse.org
+
+- Add upstream patch that calls ENGINE_register_all_complete()
+ in ENGINE_load_builtin_engines() saving us from adding dozens
+ of calls to such function to calling applications.
+
+---
calling whatdependson for head-i586
New:
openssl-call-engine-reg-comp.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.w6LUgZ/_old 2011-08-15 09:41:26.0 +0200
+++ /var/tmp/diff_new_pack.w6LUgZ/_new 2011-08-15 09:41:26.0 +0200
@@ -33,7 +33,7 @@
#
#Version:1.0.0
Version:1.0.0d
-Release:29
+Release:31
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -51,6 +51,7 @@
Patch7: openssl-1.0.0b-aesni.patch
#Patch8: CVE-2011-0014.patch
Patch9: ECDSA_signatures_timing_attack.patch
+Patch10:openssl-call-engine-reg-comp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -188,6 +189,7 @@
%patch7 -p1
#%patch8 -p1
%patch9 -p1
+%patch10
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ openssl-call-engine-reg-comp.patch ++
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
Origin: UPSTREAM
URL: http://cvs.openssl.org/chngview?cn=19781
--- crypto/engine/eng_all.c.orig
+++ crypto/engine/eng_all.c
@@ -61,6 +61,8 @@
void ENGINE_load_builtin_engines(void)
{
+ /* Some ENGINEs need this */
+ OPENSSL_cpuid_setup();
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
@@ -115,6 +117,7 @@ void ENGINE_load_builtin_engines(void)
ENGINE_load_capi();
#endif
#endif
+ENGINE_register_all_complete();
}
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Mon May 30 09:05:51 CEST 2011.
--- openssl/openssl.changes 2011-02-10 08:45:42.0 +0100
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-05-16
16:38:57.0 +0200
@@ -1,0 +2,5 @@
+Mon May 16 14:38:26 UTC 2011 - and...@opensuse.org
+
+- added openssl as dependency in the devel package
+
+---
calling whatdependson for head-i586
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.VcMGII/_old 2011-05-30 09:05:09.0 +0200
+++ /var/tmp/diff_new_pack.VcMGII/_new 2011-05-30 09:05:09.0 +0200
@@ -33,7 +33,7 @@
#
#Version:1.0.0
Version:1.0.0c
-Release:21
+Release:25
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -127,6 +127,7 @@
Group: Development/Libraries/C and C++
Obsoletes: openssl-devel < %{version}
Requires: libopenssl1_0_0 = %{version} zlib-devel
+Requires: %name = %version
Provides: openssl-devel = %{version}
# bug437293
%ifarch ppc64
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory
checked in at Tue Jun 28 10:06:37 CEST 2011.
--- openssl/openssl.changes 2011-05-16 16:38:57.0 +0200
+++ /mounts/work_src_done/STABLE/openssl/openssl.changes2011-06-24
07:11:45.0 +0200
@@ -1,0 +2,18 @@
+Fri Jun 24 04:51:50 UTC 2011 - g...@novell.com
+
+- update to latest stable version 1.0.0d.
+ patch removed(already in the new package):
+ CVE-2011-0014
+ patch added:
+ ECDSA_signatures_timing_attack.patch
+
+---
+Tue May 31 07:07:49 UTC 2011 - g...@novell.com
+
+- fix bug[bnc#693027].
+ Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+ http://eprint.iacr.org/2011/232.pdf
+ [Billy Bob Brumley and Nicola Tuveri]
+
+---
calling whatdependson for head-i586
Old:
CVE-2011-0014.patch
openssl-1.0.0c.tar.bz2
New:
ECDSA_signatures_timing_attack.patch
openssl-1.0.0d.tar.bz2
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.PF5Mos/_old 2011-06-28 10:04:13.0 +0200
+++ /var/tmp/diff_new_pack.PF5Mos/_new 2011-06-28 10:04:13.0 +0200
@@ -32,8 +32,8 @@
%endif
#
#Version:1.0.0
-Version:1.0.0c
-Release:25
+Version:1.0.0d
+Release:22
Summary:Secure Sockets and Transport Layer Security
Url:http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -49,7 +49,8 @@
#Patch5: CVE-2010-2939.patch
#Patch6: CVE-2010-3864.patch
Patch7: openssl-1.0.0b-aesni.patch
-Patch8: CVE-2011-0014.patch
+#Patch8: CVE-2011-0014.patch
+Patch9: ECDSA_signatures_timing_attack.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -185,7 +186,8 @@
#%patch5 -p1
#%patch6 -p1
%patch7 -p1
-%patch8 -p1
+#%patch8 -p1
+%patch9 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ ECDSA_signatures_timing_attack.patch ++
Index: openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
===
--- openssl-1.0.0c.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,16 @@ static int ecdsa_sign_setup(EC_KEY *ecke
}
while (BN_is_zero(k));
+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
+ /* We do not want timing information to leak the length of k,
+* so we compute G*k using an equivalent scalar of fixed
+* bit-length. */
+
+ if (!BN_add(k, k, order)) goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order)) goto err;
+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
+
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{
Index: openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
===
--- openssl-1.0.0c.orig/crypto/ocsp/ocsp_lib.c
+++ openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
@@ -170,13 +170,14 @@ int OCSP_parse_url(char *url, char **pho
char *host, *port;
+ *phost = NULL;
+ *pport = NULL;
+ *ppath = NULL;
+
/* dup the buffer since we are going to mess with it */
buf = BUF_strdup(url);
if (!buf) goto mem_err;
- *phost = NULL;
- *pport = NULL;
- *ppath = NULL;
/* Check for initial colon */
p = strchr(buf, ':');
++ openssl-1.0.0c.tar.bz2 -> openssl-1.0.0d.tar.bz2 ++
1724 lines of diff (skipped)
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:Factory
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked
in at 2012-05-08 12:28:22
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2012-04-23
17:40:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2012-05-08
12:28:29.0 +0200
@@ -1,0 +2,5 @@
+Fri May 4 12:09:57 UTC 2012 - lnus...@suse.de
+
+- don't install any demo or expired certs at all
+
+---
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.H7uZqm/_old 2012-05-08 12:28:31.0 +0200
+++ /var/tmp/diff_new_pack.H7uZqm/_new 2012-05-08 12:28:31.0 +0200
@@ -296,8 +296,7 @@
%install
rm -rf $RPM_BUILD_ROOT
make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install
-# install standard root certificates
-cp -pr certs/* $RPM_BUILD_ROOT%{ssletcdir}/certs
+install -d -m755 $RPM_BUILD_ROOT%{ssletcdir}/certs
ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl
mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl
mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/
@@ -421,7 +420,6 @@
%doc LICENSE NEWS README README.SuSE
%dir %{ssletcdir}
%dir %{ssletcdir}/certs
-%{ssletcdir}/certs/*
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%dir %{_datadir}/ssl
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
