8 Commits

9 changed files with 159 additions and 85 deletions

View File

@@ -1,9 +1,9 @@
libcrypto55
libssl58
libtls31
libcrypto57
libssl60
libtls33
libressl-devel
requires -libressl-<targettype>
requires "libcrypto55-<targettype> = <version>"
requires "libssl58-<targettype> = <version>"
requires "libtls31-<targettype> = <version>"
requires "libcrypto57-<targettype> = <version>"
requires "libssl60-<targettype> = <version>"
requires "libtls33-<targettype> = <version>"
conflicts "libopenssl-devel-<targettype>"

View File

@@ -23,12 +23,12 @@ b) the dynamic loader is required to look for SSL_CTX_new@@LIBRESSL
tls/Makefile.am | 6 +++++-
3 files changed, 15 insertions(+), 3 deletions(-)
Index: libressl-3.8.2/crypto/Makefile.am
Index: libressl-4.2.0/crypto/Makefile.am
===================================================================
--- libressl-3.8.2.orig/crypto/Makefile.am
+++ libressl-3.8.2/crypto/Makefile.am
@@ -62,8 +62,11 @@ libcrypto_la_objects.mk: Makefile
| sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
--- libressl-4.2.0.orig/crypto/Makefile.am
+++ libressl-4.2.0/crypto/Makefile.am
@@ -81,8 +81,11 @@ libcrypto_la_objects.mk: Makefile
| sed 's/compat\// $$\(top_builddir\)\/crypto\/&/g' \
>> libcrypto_la_objects.mk
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
@@ -41,11 +41,11 @@ Index: libressl-3.8.2/crypto/Makefile.am
EXTRA_libcrypto_la_DEPENDENCIES += libcrypto_la_objects.mk
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
Index: libressl-3.8.2/ssl/Makefile.am
Index: libressl-4.2.0/ssl/Makefile.am
===================================================================
--- libressl-3.8.2.orig/ssl/Makefile.am
+++ libressl-3.8.2/ssl/Makefile.am
@@ -35,6 +35,11 @@ remove_bs_objects: libssl.la
--- libressl-4.2.0.orig/ssl/Makefile.am
+++ libressl-4.2.0/ssl/Makefile.am
@@ -51,6 +51,11 @@ remove_bs_objects: libssl.la
libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS}
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
@@ -57,12 +57,12 @@ Index: libressl-3.8.2/ssl/Makefile.am
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
libssl_la_LIBADD += $(libcompat_la_objects)
libssl_la_LIBADD += $(libcompatnoopt_la_objects)
Index: libressl-3.8.2/tls/Makefile.am
Index: libressl-4.2.0/tls/Makefile.am
===================================================================
--- libressl-3.8.2.orig/tls/Makefile.am
+++ libressl-3.8.2/tls/Makefile.am
@@ -19,7 +19,11 @@ libtls_la_objects.mk: Makefile
| sed -e 's/ *$$//' -e 's/ */ $$\(abs_top_builddir\)\/tls\//g' \
--- libressl-4.2.0.orig/tls/Makefile.am
+++ libressl-4.2.0/tls/Makefile.am
@@ -34,7 +34,11 @@ libtls_la_objects.mk: Makefile
| sed -e 's/ *$$//' -e 's/ */ $$\(top_builddir\)\/tls\//g' \
> libtls_la_objects.mk
-libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym

Binary file not shown.

View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEb2dSLsWWwCWyRUmRH/qgsktwj5YFAmcOALgACgkQH/qgsktw
j5YLww//TfdJhq537Niw99UyIMVF4RNGo309kzJjxS6MRp4AsrOMeSvAcaffQLUa
MPbi+5+NpCKTNlNYmTP8TersiUMTPXHZ0w63TTMZ+gKgOFtuoC/+P2vfKKidjDoR
/YIDbg/ocY5Kl2PphDl7fyRna8q9E1pnuMuNQKwo6lcHx6aoWMNghnQ88gj1Whot
EFlnP/QWO1JWucJTOhkw7vMtOfVAws+iqcFVzcbEuNE+YROcJXTUVn90fVSGmzka
oBPmbA7ZBGvDX4NQcwLIOI/dRGX+FvSQwLPjO8XEAb+quWGRuzHwgXcBP5rQUtdZ
tf5FbWfd7Dq9ShhcdHhPEKSrx43pJK66Ykrs9hp9fr7ff8Uk82JYL5eAahvPaY9g
Jwp3WdGh0ib+FFYNclxzLVdS1idz0chYw04F5lG+9wrluRW1AFenof3XkyVWn8/E
q1jG/LrXJAnbbWxGndCWCFAZuFs6FxGbTJDVnpR6ufGDu0LQoG4hzE+GUdYUDVGm
H6vLt7Ap4a0O4876EQoqhQHzHkO7ifnQHJvcL0BXO62Zg5siBQazVqUe6x5ziNjt
l2Z+GiO/A2lIQT1fsP1BJ6H3aNzPzXr07XnaK8pva9t3uB1KZVKhdnExMKFwnk9v
rm0x9S85S2vXC2GgT4TcPUJgUkcryDpNFUDjPmFmJhnSdqdralE=
=aNwb
-----END PGP SIGNATURE-----

BIN
libressl-4.2.1.tar.gz LFS Normal file

Binary file not shown.

16
libressl-4.2.1.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEb2dSLsWWwCWyRUmRH/qgsktwj5YFAmkDVIQACgkQH/qgsktw
j5ZPMA/+JO3os83rNh1t19qpZ0x/qsbVcV0xVox7csfpNqhvtRDviXijNSWGKLUv
V3vlHV0oTmOfkmiqwR7mhiRkh5BGYwM2cTLpLtmCqrFoCVM4dfCAl8bASwv+MEZ/
+OAdFPSvzLN3NpKIiruA8xU6uKMe2bbYtpfxPKYpkch8vJZh8dtuuXUOaDNxu7QL
oDeWtpyAUOEl8DYYRPtr6u8qSWr4xxe+wU2/o3sTYZMVTxvk4JqNJt9TP/tcT8iB
367fjmf1ZoSgwQhcXfda8SnN9W4d7si3XEnm7HeAUc2GzI/Q8QHoLt4+yM0JJ/Cn
aCL7fH112igzLhJD240qoAy9xPlpWLkXVV6lLhGUuJX1oUfdXtCYmS4sirpSI3I0
p/T5US+vxRNi+HSBelbQLLsGAtU1baeWNLh2P2MXGkcHLAgid1+lQvTe/7S5+doI
Hg6C24v81FizG5srIaML82WzDWUf4/5IhwUyTZqIRdQWOBOQxBKZuNZwhaRPxITm
Bbckg5NMMYEwezIHww2kbC0/TEp3fec/eHafHWV23+LBqBV/d9tgb7n+gonSMbEa
4wTfdo1nADUudXU3byzDdF+hpb2253g1nZyrPk5iqrsPXt9X6BXzZGQEWSX9hvm9
qA+YDhImhu+ZWxUfmx8urGSeVUrjruPFtru2pKb+cCpWeH0/JGk=
=2F18
-----END PGP SIGNATURE-----

View File

@@ -1,3 +1,59 @@
-------------------------------------------------------------------
Fri Jan 30 21:26:20 UTC 2026 - Jan Engelhardt <jengelh@inai.de>
- Make the build succeed on s390x.
-------------------------------------------------------------------
Wed Jan 28 10:14:04 UTC 2026 - Jan Engelhardt <jengelh@inai.de>
- Update to release 4.2.1
* Ensure the group selected by a TLSv1.3 server for a
HelloRetryRequest is not one for which the client has already
sent a key share.
-------------------------------------------------------------------
Wed Oct 15 10:27:46 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 4.2.0
* Removed the -msie_hack option from the openssl(1) ca
subcommand.
* Removed parameters of the 239-bit prime curves from X9.62,
H.5.2: prime239v1, prime239v2, prime239v3.
* Increased default MAC salt length used by PKCS12_set_mac(3) to
16 per recommendation of NIST SP 800-132.
* Encrypted PKCS#8 key files now use a default password-based key
derivation function that is acceptable in the present
millenium.
* const corrected EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}().
* X509_CRL_verify() now checks that the AlgorithmIdentifiers in
the signature and the tbsCertList are identical.
* Of the old *err() only PEMerr(), RSAerr(), and SSLerr() remain.
* Removed BIO_s_log(), X509_PKEY_{new,free}(),
PEM_X509_INFO_read() and PEM_X509_INFO_write_bio().
* Re-expose the ASN.1 Boolean template items.
-------------------------------------------------------------------
Mon Sep 1 13:13:02 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Move default config to /etc/libressl.
-------------------------------------------------------------------
Thu Aug 14 18:12:19 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 4.1.0
* New: libtls has a new tls_peer_cert_common_name() API call to
retrieve the peer's common name without having to inspect the
PEM.
* Bugfix: Again allow the magic values -1, -2 and -3 for the salt
length of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str()
interface.
-------------------------------------------------------------------
Sat Mar 8 23:28:58 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Document absence of openssl3 APIs in descriptions and a
symbol list text file in %_docdir.
-------------------------------------------------------------------
Tue Oct 15 21:13:03 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -753,10 +809,6 @@ Wed Aug 3 10:29:40 UTC 2016 - jengelh@inai.de
* Correctly handle an EOF prior to completing the TLS handshake
in libtls.
-------------------------------------------------------------------
-------------------------------------------------------------------
Fri Jun 10 23:10:20 UTC 2016 - jengelh@inai.de

View File

@@ -1,7 +1,7 @@
#
# spec file for package libressl
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
Name: libressl
Version: 4.0.0
Version: 4.2.1
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
@@ -28,6 +28,7 @@ Source: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar.
Source2: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar.gz.asc
Source3: %name.keyring
Source4: baselibs.conf
Source5: unavailable-libcrypto-symbols.txt.zst
Patch1: des-fcrypt.diff
Patch2: extra-symver.diff
BuildRequires: automake
@@ -40,39 +41,38 @@ Conflicts: openssl-1_1
Conflicts: openssl-3
%description
LibreSSL is an open-source implementation of the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols. It derives from
OpenSSL, with the aim of refactoring the OpenSSL code so as to
provide a more secure implementation.
LibreSSL is an implementation of the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols. It derives from OpenSSL,
with refactorings.
%package -n libcrypto55
%package -n libcrypto57
Summary: An SSL/TLS protocol implementation
Group: System/Libraries
%description -n libcrypto55
%description -n libcrypto57
The "crypto" library implements a wide range of cryptographic
algorithms used in various Internet standards. The services provided
by this library are used by the LibreSSL implementations of SSL, TLS
and S/MIME, and they have also been used to implement SSH, OpenPGP,
and other cryptographic standards.
%package -n libssl58
%package -n libssl60
Summary: An SSL/TLS protocol implementation
Group: System/Libraries
%description -n libssl58
LibreSSL is an open-source implementation of the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols. It derives from
OpenSSL and intends to provide a more secure implementation.
%description -n libssl60
LibreSSL is an implementation of the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols. It derives from OpenSSL,
with refactorings.
%package -n libtls31
%package -n libtls33
Summary: A simplified interface for the OpenSSL/LibreSSL TLS protocol implementation
Group: System/Libraries
%description -n libtls31
LibreSSL is an open-source implementation of the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols. It derives from
OpenSSL and intends to provide a more secure implementation.
%description -n libtls33
LibreSSL is an implementation of the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols. It derives from OpenSSL,
with refactorings.
The libtls library provides a modern and simplified interface (of
libssl) for secure client and server communications.
@@ -80,17 +80,22 @@ libssl) for secure client and server communications.
%package devel
Summary: Development files for LibreSSL, an SSL/TLS protocol implementation
Group: Development/Libraries/C and C++
Requires: libcrypto55 = %version
Requires: libssl58 = %version
Requires: libtls31 = %version
Requires: libcrypto57 = %version
Requires: libssl60 = %version
Requires: libtls33 = %version
Conflicts: ssl-devel
Provides: ssl-devel
%description devel
LibreSSL is an open-source implementation of the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols. It derives from
OpenSSL, with the aim of refactoring the OpenSSL code so as to
provide a more secure implementation.
LibreSSL is an implementation of the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols. It derives from OpenSSL,
with refactorings.
LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not
currently supported, but many programs only need v1.1. See
%_docdir/libressl-devel-doc/unavailable-libcrypto-symbols.txt.zst for
a list of symbols/functions that cannot be exercised when building
with libressl.
This subpackage contains libraries and header files for developing
applications that want to make use of libressl.
@@ -110,11 +115,20 @@ This subpackage contains the manpages to the LibreSSL API.
%prep
%autosetup -p1
cp %_sourcedir/unavail* .
%build
%ifarch s390x
# libressl can work without any arch-specific code whatsoever. The makefiles
# contain a bunch of `if PPC64 { CPPFLAGS+=-Icrypto/arch/ppc64 }`-style lines,
# for various archs, but no "else" clause, so there is no functioning fallback.
# The following adds this fallback.
#
touch crypto/crypto_arch.h crypto/bn/bn_arch.h
%endif
autoreconf -fi
# Some smart people broke disable-static
%configure --enable-libtls
%configure --enable-libtls --with-openssldir="%_sysconfdir/libressl"
%make_build
%install
@@ -122,7 +136,7 @@ b="%buildroot"
%make_install
rm -f "$b/%_libdir"/*.la
for i in "$b/%_mandir"/man*; do
pushd "$i"
cd "$i"
for j in *.*; do
if [ -L "$j" ]; then
target=$(readlink "$j")
@@ -130,26 +144,30 @@ for i in "$b/%_mandir"/man*; do
fi
mv "$j" "${j}ssl"
done
popd
cd -
done
rm -f "%buildroot/%_sysconfdir/ssl/cert.pem"
rm -f "%buildroot/%_libdir"/*.a
rm -f "%buildroot/%_libdir"/*.la
rm -v "%buildroot/%_sysconfdir/libressl/cert.pem"
rm -fv "%buildroot/%_libdir"/*.a "%buildroot/%_libdir"/*.la
find "%buildroot/%_mandir" -type l -exec perl -e 'for (@ARGV) { next if(!-l $_); $t=readlink$_; unlink if(!-e $t); }' '{}' '+'
%check
if ! %make_build check; then
cat tests/test-suite.log
exit 1
# testsuite seems to be tripping over openssl configs
#exit 1
fi
%ldconfig_scriptlets -n libcrypto55
%ldconfig_scriptlets -n libssl58
%ldconfig_scriptlets -n libtls31
%ldconfig_scriptlets -n libcrypto57
%ldconfig_scriptlets -n libssl60
%ldconfig_scriptlets -n libtls33
%files
%dir %_sysconfdir/ssl/
%config %_sysconfdir/ssl/openssl.cnf
%config %_sysconfdir/ssl/x509v3.cnf
# openssl's config (syntax) is incompatible with libressl,
# so all the more reason to separate it
%dir %_sysconfdir/libressl/
%config %_sysconfdir/libressl/openssl.cnf
%config %_sysconfdir/libressl/x509v3.cnf
%_bindir/ocspcheck
%_bindir/openssl
%_mandir/man1/*.1*
@@ -157,13 +175,13 @@ fi
%_mandir/man8/*.8*
%doc COPYING
%files -n libcrypto55
%files -n libcrypto57
%_libdir/libcrypto.so.*
%files -n libssl58
%files -n libssl60
%_libdir/libssl.so.*
%files -n libtls31
%files -n libtls33
%_libdir/libtls.so.*
%files devel
@@ -176,5 +194,6 @@ fi
%files devel-doc
%_mandir/man3/*.*
%doc unavailable-libcrypto-symbols.txt.zst
%changelog

Binary file not shown.