diff --git a/openssl-1.1.1-pre9.tar.gz b/openssl-1.1.1-pre9.tar.gz deleted file mode 100644 index 27ae134..0000000 --- a/openssl-1.1.1-pre9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c -size 8411103 diff --git a/openssl-1.1.1-pre9.tar.gz.asc b/openssl-1.1.1-pre9.tar.gz.asc deleted file mode 100644 index f666333..0000000 --- a/openssl-1.1.1-pre9.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlt8Ah8ACgkQ2cTSbQ5g -RJG1ZQf+OUe+cQhEUtUrDrNSxyIG1V19YRRCo3phQ3wpSs2rvxo7Ngyk339iGTBL -SWau3y/SJZAl98XeeQO4KCD6/zSgEnqI3zPBhuJ97PPBojqEfbBNPD9ymu/CYlJJ -c9SLqFuJs4mF9mDWOT5lA5b871lnY7Pi/dgx8T6Cue4b182AnbvlqYNphv/Q5Cns -52tsa9vMqazinePxRK0Obs8Mc/dmlOqINr7WjrovWJdUXc6DdAhyslPqZSjzb7s5 -1+3MSVKnYl3QReovrg3brLl4m3NRFxGpisaSD8MmCR/BJsJDyiVZa0Q3YJ+cShL4 -+bmfg6hTchbZIBg3H/dAgrKdKIXbFw== -=ufCN ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1.tar.gz b/openssl-1.1.1.tar.gz new file mode 100644 index 0000000..0c9bd81 --- /dev/null +++ b/openssl-1.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d +size 8337920 diff --git a/openssl-1.1.1.tar.gz.asc b/openssl-1.1.1.tar.gz.asc new file mode 100644 index 0000000..5a62893 --- /dev/null +++ b/openssl-1.1.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAluXuZ8ACgkQ2cTSbQ5g +RJE8LQgAiaOFIraF4VQu/mWxUKiO0IkoH//tgorru7XBnhG1F4RgCGNtoiACUgDz +uWZDiFusutYQtZ6ANekBkqDwN1FhUhjg929jDuYhQEKGgncxkjHK8mWrObSY73TC +16AOV21GH0rCrwBotdGO2eLgae2Qgrrek/3a7O0iRWKugwZoKB4D9a/JJc2LGkQJ +UwIO7jx5RHEVoSPr1mQcquF0qGKDXtN575AGk1Kl1W5M3s0Zaemtl1gxCqDYYF0U +dPlP6beEM6r9LuNJtO/rjXz+ZJD9CzF3+O/fgCdxvkmjRklBaOf8qMJdlrkpsURQ +S0ulq/7KguoluU1IJxnF5XsK+yQKWw== +=wvEX +-----END PGP SIGNATURE----- diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 75890b7..6f3852e 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Sep 11 13:49:06 UTC 2018 - Vítězslav Čížek + +- Update to 1.1.1 release + * This is the first official release of the OpenSSL 1.1.1 branch + which brings TLS 1.3 support +- remove all TLS 1.3 ciphers from the DEFAULT_SUSE cipher list as they + are configured differently + * modified openssl-DEFAULT_SUSE_cipher.patch +- drop obsolete openssl-pretend_we_are_not_beta.patch + ------------------------------------------------------------------- Thu Aug 23 13:21:00 UTC 2018 - vcizek@suse.com diff --git a/openssl-1_1.spec b/openssl-1_1.spec index d94aaf1..46267c4 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -19,21 +19,19 @@ %define ssletcdir %{_sysconfdir}/ssl %define maj_min 1.1 %define _rname openssl -%define pre_version pre9 -%define xversion 1.1.1-%{pre_version} Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1~%{pre_version} +Version: 1.1.1 Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security URL: https://www.openssl.org/ -Source: https://www.%{_rname}.org/source/%{_rname}-%{xversion}.tar.gz +Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz # to get mtime of file: Source1: %{name}.changes Source2: baselibs.conf -Source3: https://www.%{_rname}.org/source/%{_rname}-%{xversion}.tar.gz.asc +Source3: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc # https://www.openssl.org/about/ # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring Source4: %{_rname}.keyring @@ -45,7 +43,6 @@ Patch3: openssl-pkgconfig.patch Patch4: openssl-DEFAULT_SUSE_cipher.patch Patch5: openssl-ppc64-config.patch Patch6: openssl-no-date.patch -Patch7: openssl-pretend_we_are_not_beta.patch BuildRequires: bc BuildRequires: ed BuildRequires: pkgconfig @@ -108,7 +105,7 @@ This package contains optional documentation provided in addition to this package's base documentation. %prep -%setup -q -n %{_rname}-%{xversion} +%setup -q -n %{_rname}-%{version} %autopatch -p1 %build diff --git a/openssl-DEFAULT_SUSE_cipher.patch b/openssl-DEFAULT_SUSE_cipher.patch index bf23b4a..769929d 100644 --- a/openssl-DEFAULT_SUSE_cipher.patch +++ b/openssl-DEFAULT_SUSE_cipher.patch @@ -1,7 +1,7 @@ -Index: openssl-1.1.1-pre9/ssl/ssl_ciph.c +Index: openssl-1.1.1/ssl/ssl_ciph.c =================================================================== ---- openssl-1.1.1-pre9.orig/ssl/ssl_ciph.c 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/ssl/ssl_ciph.c 2018-08-24 11:06:56.552423004 +0200 +--- openssl-1.1.1.orig/ssl/ssl_ciph.c 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/ssl/ssl_ciph.c 2018-09-11 16:38:40.412543331 +0200 @@ -1567,7 +1567,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; @@ -18,16 +18,15 @@ Index: openssl-1.1.1-pre9/ssl/ssl_ciph.c ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, ca_list, c); rule_p += 7; -Index: openssl-1.1.1-pre9/include/openssl/ssl.h +Index: openssl-1.1.1/include/openssl/ssl.h =================================================================== ---- openssl-1.1.1-pre9.orig/include/openssl/ssl.h 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/ssl.h 2018-08-24 11:14:42.067529045 +0200 -@@ -171,6 +171,12 @@ extern "C" { +--- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/ssl.h 2018-09-11 16:45:20.979303981 +0200 +@@ -171,6 +171,11 @@ extern "C" { * This applies to ciphersuites for TLSv1.2 and below. */ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" -+# define SSL_DEFAULT_SUSE_CIPHER_LIST "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"\ -+ "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\ ++# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\ + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\ + "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ @@ -35,10 +34,10 @@ Index: openssl-1.1.1-pre9/include/openssl/ssl.h /* This is the default set of TLSv1.3 ciphersuites */ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ -Index: openssl-1.1.1-pre9/test/recipes/99-test_suse_default_ciphers.t +Index: openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1-pre9/test/recipes/99-test_suse_default_ciphers.t 2018-08-24 11:46:43.464529473 +0200 ++++ openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t 2018-09-11 16:38:23.292423281 +0200 @@ -0,0 +1,23 @@ +#! /usr/bin/env perl + diff --git a/openssl-pretend_we_are_not_beta.patch b/openssl-pretend_we_are_not_beta.patch deleted file mode 100644 index 98826d3..0000000 --- a/openssl-pretend_we_are_not_beta.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: openssl-1.1.1-pre9/include/openssl/opensslv.h -=================================================================== ---- openssl-1.1.1-pre9.orig/include/openssl/opensslv.h 2018-08-22 14:07:29.797858054 +0200 -+++ openssl-1.1.1-pre9/include/openssl/opensslv.h 2018-08-22 14:07:57.718041454 +0200 -@@ -39,7 +39,7 @@ extern "C" { - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --# define OPENSSL_VERSION_NUMBER 0x10101009L -+# define OPENSSL_VERSION_NUMBER 0x1010100fL - # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018" - - /*-