pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1234612 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1234612
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=63
This commit is contained in:
Ana Guerrero 2025-01-06 15:05:02 +00:00 committed by Git OBS Bridge
commit 2cabd73528
2 changed files with 32 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssl-1_1.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Dec 23 21:26:53 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
- Add support for userspace livepatching on ppc64le (jsc#PED-11850).
- Use gcc-13 for ppc64le.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 15 12:46:08 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com> Tue Oct 15 12:46:08 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>

74
openssl-1_1.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package openssl-1_1 # spec file for package openssl-1_1
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,28 +16,13 @@
# #
%define livepatchable 1
%define ssletcdir %{_sysconfdir}/ssl %define ssletcdir %{_sysconfdir}/ssl
%define maj_min 1.1 %define maj_min 1.1
%define _rname openssl %define _rname openssl
%global sslengcnf %{ssletcdir}/engines1.1.d %global sslengcnf %{ssletcdir}/engines1.1.d
%global sslengdef %{ssletcdir}/engdef1.1.d %global sslengdef %{ssletcdir}/engdef1.1.d
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
# Enable livepatching support for SLE15-SP4 onwards. It requires
# compiler support introduced there.
%define livepatchable 1
# Set variables for livepatching.
%define _other %{_topdir}/OTHER
%define tar_basename %{_rname}-livepatch-%{version}-%{release}
%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
%define clones_dest_dir %{tar_basename}/%{_arch}
%else
# Unsupported operating system.
%define livepatchable 0
%endif
%ifnarch x86_64
# Unsupported architectures must have livepatch disabled.
%define livepatchable 0
%endif
Name: openssl-1_1 Name: openssl-1_1
# Don't forget to update the version in the "openssl" meta-package! # Don't forget to update the version in the "openssl" meta-package!
Version: 1.1.1w Version: 1.1.1w
@ -214,6 +199,18 @@ Obsoletes: openssl-1_1_0
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
Requires: crypto-policies Requires: crypto-policies
%endif %endif
# ulp-macros is available according to SUSE version.
%ifarch x86_64
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
BuildRequires: ulp-macros
%endif
%endif
%ifarch ppc64le
%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570
BuildRequires: gcc13
BuildRequires: ulp-macros
%endif
%endif
%description %description
OpenSSL is a software library to be used in applications that need to OpenSSL is a software library to be used in applications that need to
@ -288,6 +285,15 @@ export MACHINE=armv5el
export MACHINE=armv6l export MACHINE=armv6l
%endif %endif
# In ppc64le we need gcc-13 for userspace livepatching until we have the
# required -fpatchable-functions-entry patch merged into the mainline
%ifarch ppc64le
%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570
export CC=gcc-13
export CXX=g++-13
%endif
%endif
./config \ ./config \
no-idea \ no-idea \
no-afalgeng \ no-afalgeng \
@ -302,9 +308,7 @@ export MACHINE=armv6l
--libdir=%{_lib} \ --libdir=%{_lib} \
--openssldir=%{ssletcdir} \ --openssldir=%{ssletcdir} \
%{optflags} \ %{optflags} \
%if %{livepatchable} %{?cflags_livepatching} \
-fpatchable-function-entry=16,14 -fdump-ipa-clones \
%endif
-Wa,--noexecstack \ -Wa,--noexecstack \
-Wl,-z,relro,-z,now \ -Wl,-z,relro,-z,now \
-fno-common \ -fno-common \
@ -354,33 +358,7 @@ gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{build
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
%install %install
%{?pack_ipa_dumps}
%if %{livepatchable}
# Ipa-clones are files generated by gcc which logs changes made across
# functions, and we need to know such changes to build livepatches
# correctly. These files are intended to be used by the livepatch
# developers and may be retrieved by using `osc getbinaries`.
#
# Create list of ipa-clones.
find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list
# Create ipa-clones destination folder and move clones there.
mkdir -p ipa-clones/%{clones_dest_dir}
while read f; do
_dest=ipa-clones/%{clones_dest_dir}/$f
mkdir -p ${_dest%/*}
cp $f $_dest
done < ipa-clones.list
# Create tar package with the clone files.
tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename}
# Copy tar package to the OTHERS folder
cp %{tar_package_name} %{_other}
%endif # livepatchable
%make_install %{?_smp_mflags} %make_install %{?_smp_mflags}
# kill static libs # kill static libs
rm -f %{buildroot}%{_libdir}/lib*.a rm -f %{buildroot}%{_libdir}/lib*.a