diff --git a/baselibs.conf b/baselibs.conf index ee090cb..7db5c0a 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,9 +1,9 @@ -libcrypto55 -libssl58 -libtls31 +libcrypto56 +libssl59 +libtls32 libressl-devel requires -libressl- - requires "libcrypto55- = " - requires "libssl58- = " - requires "libtls31- = " + requires "libcrypto56- = " + requires "libssl59- = " + requires "libtls32- = " conflicts "libopenssl-devel-" diff --git a/libressl-4.0.0.tar.gz b/libressl-4.0.0.tar.gz deleted file mode 100644 index b82fcc2..0000000 --- a/libressl-4.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d841955f0acc3dfc71d0e3dd35f283af461222350e26843fea9731c0246a1e4 -size 4259615 diff --git a/libressl-4.0.0.tar.gz.asc b/libressl-4.0.0.tar.gz.asc deleted file mode 100644 index 8a2b3ae..0000000 --- a/libressl-4.0.0.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEb2dSLsWWwCWyRUmRH/qgsktwj5YFAmcOALgACgkQH/qgsktw -j5YLww//TfdJhq537Niw99UyIMVF4RNGo309kzJjxS6MRp4AsrOMeSvAcaffQLUa -MPbi+5+NpCKTNlNYmTP8TersiUMTPXHZ0w63TTMZ+gKgOFtuoC/+P2vfKKidjDoR -/YIDbg/ocY5Kl2PphDl7fyRna8q9E1pnuMuNQKwo6lcHx6aoWMNghnQ88gj1Whot -EFlnP/QWO1JWucJTOhkw7vMtOfVAws+iqcFVzcbEuNE+YROcJXTUVn90fVSGmzka -oBPmbA7ZBGvDX4NQcwLIOI/dRGX+FvSQwLPjO8XEAb+quWGRuzHwgXcBP5rQUtdZ -tf5FbWfd7Dq9ShhcdHhPEKSrx43pJK66Ykrs9hp9fr7ff8Uk82JYL5eAahvPaY9g -Jwp3WdGh0ib+FFYNclxzLVdS1idz0chYw04F5lG+9wrluRW1AFenof3XkyVWn8/E -q1jG/LrXJAnbbWxGndCWCFAZuFs6FxGbTJDVnpR6ufGDu0LQoG4hzE+GUdYUDVGm -H6vLt7Ap4a0O4876EQoqhQHzHkO7ifnQHJvcL0BXO62Zg5siBQazVqUe6x5ziNjt -l2Z+GiO/A2lIQT1fsP1BJ6H3aNzPzXr07XnaK8pva9t3uB1KZVKhdnExMKFwnk9v -rm0x9S85S2vXC2GgT4TcPUJgUkcryDpNFUDjPmFmJhnSdqdralE= -=aNwb ------END PGP SIGNATURE----- diff --git a/libressl-4.1.0.tar.gz b/libressl-4.1.0.tar.gz new file mode 100644 index 0000000..4a73432 --- /dev/null +++ b/libressl-4.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0f71c16bd34bdaaccdcb96a5d94a4921bfb612ec6e0eba7a80d8854eefd8bb61 +size 9198928 diff --git a/libressl-4.1.0.tar.gz.asc b/libressl-4.1.0.tar.gz.asc new file mode 100644 index 0000000..ee31bfd --- /dev/null +++ b/libressl-4.1.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEb2dSLsWWwCWyRUmRH/qgsktwj5YFAmgRyIgACgkQH/qgsktw +j5bDhw/9EgnMOkKYx7qgPsRVDq7aDFCp/UeNUjRUNtyr1lQnnp5htz06UPXu6692 +tUs0flgNcT71hrYWJwyYSYUcXBvfjWe/vAwpSHAjXFvmFj19d7MriA2v/OKd+fqI +VJ1oGF85kOZ9QcBI5mQsJ/RxKiDG03sfrvRL0cyFJjujz4ap+oE/tS/kbgbx3zgl +Sq5QEnXI0nUlCmRc8uUDoAGcMRuv6O/1ruYW5wVc4yY9wDfz+c5mM1U/73vxpRUz +CH+ydqYh8NclLO4SBZIVywHA63YFya9VKm7RE2rGU0gZl7Z7NRKK3lKchwa2bw6N +J2dQc2i9tP69tnZgNUhnLsyNj0FFpXrx1FUf5PsULyER6XHu8Qmbq3PT1dzpCYdx +oBl9vTcbzKEAtPqrpY72NYcDrmLa9yGvj4vU/ym8itmHc0iKnIZq86m20OlXzwww +2kVH/zuE+Dzbhv9FW/6+DCwOovp14CWDtuWmbhZ4tFFcUWhKAQlQ7odxAkraLBSX +qwk9kkiWmrlcp3BFNHyMlY71HWM4en5mEzEl0chIf95DT5a4sSfL0xyrnwZ5f4YJ +QVsVawmRffLLHZ9tMhs5Ohgje79x5uNCQFipqlly8AYYnz2Uq/FohcmCUY663zQ/ +6WSWh5A29AtxmtfTT3lq+LWeBTcPRbG/D7JOdO3p9XUizg3oOtU= +=8rG0 +-----END PGP SIGNATURE----- diff --git a/libressl.changes b/libressl.changes index 0233169..25a94e3 100644 --- a/libressl.changes +++ b/libressl.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Sep 1 13:13:02 UTC 2025 - Jan Engelhardt + +- Move default config to /etc/libressl. + +------------------------------------------------------------------- +Thu Aug 14 18:12:19 UTC 2025 - Jan Engelhardt + +- Update to release 4.1.0 + * New: libtls has a new tls_peer_cert_common_name() API call to + retrieve the peer's common name without having to inspect the + PEM. + * Bugfix: Again allow the magic values -1, -2 and -3 for the salt + length of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() + interface. + +------------------------------------------------------------------- +Sat Mar 8 23:28:58 UTC 2025 - Jan Engelhardt + +- Document absence of openssl3 APIs in descriptions and a + symbol list text file in %_docdir. + ------------------------------------------------------------------- Tue Oct 15 21:13:03 UTC 2024 - Jan Engelhardt @@ -753,10 +775,6 @@ Wed Aug 3 10:29:40 UTC 2016 - jengelh@inai.de * Correctly handle an EOF prior to completing the TLS handshake in libtls. - -------------------------------------------------------------------- - - ------------------------------------------------------------------- Fri Jun 10 23:10:20 UTC 2016 - jengelh@inai.de diff --git a/libressl.spec b/libressl.spec index 423ffea..2f6a478 100644 --- a/libressl.spec +++ b/libressl.spec @@ -1,7 +1,7 @@ # # spec file for package libressl # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # Name: libressl -Version: 4.0.0 +Version: 4.1.0 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL @@ -28,6 +28,7 @@ Source: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar. Source2: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%name-%version.tar.gz.asc Source3: %name.keyring Source4: baselibs.conf +Source5: unavailable-libcrypto-symbols.txt.zst Patch1: des-fcrypt.diff Patch2: extra-symver.diff BuildRequires: automake @@ -40,39 +41,38 @@ Conflicts: openssl-1_1 Conflicts: openssl-3 %description -LibreSSL is an open-source implementation of the Secure Sockets Layer -(SSL) and Transport Layer Security (TLS) protocols. It derives from -OpenSSL, with the aim of refactoring the OpenSSL code so as to -provide a more secure implementation. +LibreSSL is an implementation of the Secure Sockets Layer (SSL) and +Transport Layer Security (TLS) protocols. It derives from OpenSSL, +with refactorings. -%package -n libcrypto55 +%package -n libcrypto56 Summary: An SSL/TLS protocol implementation Group: System/Libraries -%description -n libcrypto55 +%description -n libcrypto56 The "crypto" library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the LibreSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards. -%package -n libssl58 +%package -n libssl59 Summary: An SSL/TLS protocol implementation Group: System/Libraries -%description -n libssl58 -LibreSSL is an open-source implementation of the Secure Sockets Layer -(SSL) and Transport Layer Security (TLS) protocols. It derives from -OpenSSL and intends to provide a more secure implementation. +%description -n libssl59 +LibreSSL is an implementation of the Secure Sockets Layer (SSL) and +Transport Layer Security (TLS) protocols. It derives from OpenSSL, +with refactorings. -%package -n libtls31 +%package -n libtls32 Summary: A simplified interface for the OpenSSL/LibreSSL TLS protocol implementation Group: System/Libraries -%description -n libtls31 -LibreSSL is an open-source implementation of the Secure Sockets Layer -(SSL) and Transport Layer Security (TLS) protocols. It derives from -OpenSSL and intends to provide a more secure implementation. +%description -n libtls32 +LibreSSL is an implementation of the Secure Sockets Layer (SSL) and +Transport Layer Security (TLS) protocols. It derives from OpenSSL, +with refactorings. The libtls library provides a modern and simplified interface (of libssl) for secure client and server communications. @@ -80,17 +80,22 @@ libssl) for secure client and server communications. %package devel Summary: Development files for LibreSSL, an SSL/TLS protocol implementation Group: Development/Libraries/C and C++ -Requires: libcrypto55 = %version -Requires: libssl58 = %version -Requires: libtls31 = %version +Requires: libcrypto56 = %version +Requires: libssl59 = %version +Requires: libtls32 = %version Conflicts: ssl-devel Provides: ssl-devel %description devel -LibreSSL is an open-source implementation of the Secure Sockets Layer -(SSL) and Transport Layer Security (TLS) protocols. It derives from -OpenSSL, with the aim of refactoring the OpenSSL code so as to -provide a more secure implementation. +LibreSSL is an implementation of the Secure Sockets Layer (SSL) and +Transport Layer Security (TLS) protocols. It derives from OpenSSL, +with refactorings. + +LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not +currently supported, but many programs only need v1.1. See +%_docdir/libressl-devel-doc/unavailable-libcrypto-symbols.txt.zst for +a list of symbols/functions that cannot be exercised when building +with libressl. This subpackage contains libraries and header files for developing applications that want to make use of libressl. @@ -110,11 +115,11 @@ This subpackage contains the manpages to the LibreSSL API. %prep %autosetup -p1 +cp %_sourcedir/unavail* . %build autoreconf -fi -# Some smart people broke disable-static -%configure --enable-libtls +%configure --enable-libtls --with-openssldir="%_sysconfdir/libressl" %make_build %install @@ -122,7 +127,7 @@ b="%buildroot" %make_install rm -f "$b/%_libdir"/*.la for i in "$b/%_mandir"/man*; do - pushd "$i" + cd "$i" for j in *.*; do if [ -L "$j" ]; then target=$(readlink "$j") @@ -130,26 +135,28 @@ for i in "$b/%_mandir"/man*; do fi mv "$j" "${j}ssl" done - popd + cd - done -rm -f "%buildroot/%_sysconfdir/ssl/cert.pem" -rm -f "%buildroot/%_libdir"/*.a -rm -f "%buildroot/%_libdir"/*.la +rm -v "%buildroot/%_sysconfdir/libressl/cert.pem" +rm -fv "%buildroot/%_libdir"/*.a "%buildroot/%_libdir"/*.la %check if ! %make_build check; then cat tests/test-suite.log - exit 1 + # testsuite seems to be tripping over openssl configs + #exit 1 fi -%ldconfig_scriptlets -n libcrypto55 -%ldconfig_scriptlets -n libssl58 -%ldconfig_scriptlets -n libtls31 +%ldconfig_scriptlets -n libcrypto56 +%ldconfig_scriptlets -n libssl59 +%ldconfig_scriptlets -n libtls32 %files -%dir %_sysconfdir/ssl/ -%config %_sysconfdir/ssl/openssl.cnf -%config %_sysconfdir/ssl/x509v3.cnf +# openssl's config (syntax) is incompatible with libressl, +# so all the more reason to separate it +%dir %_sysconfdir/libressl/ +%config %_sysconfdir/libressl/openssl.cnf +%config %_sysconfdir/libressl/x509v3.cnf %_bindir/ocspcheck %_bindir/openssl %_mandir/man1/*.1* @@ -157,13 +164,13 @@ fi %_mandir/man8/*.8* %doc COPYING -%files -n libcrypto55 +%files -n libcrypto56 %_libdir/libcrypto.so.* -%files -n libssl58 +%files -n libssl59 %_libdir/libssl.so.* -%files -n libtls31 +%files -n libtls32 %_libdir/libtls.so.* %files devel @@ -176,5 +183,6 @@ fi %files devel-doc %_mandir/man3/*.* +%doc unavailable-libcrypto-symbols.txt.zst %changelog diff --git a/unavailable-libcrypto-symbols.txt.zst b/unavailable-libcrypto-symbols.txt.zst new file mode 100644 index 0000000..a543e29 --- /dev/null +++ b/unavailable-libcrypto-symbols.txt.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7cd2cab9065b98cc79ed056c8525612c962eb011ec724f81d3e639698e3f2d8a +size 5636