Accepting request 635009 from home:vitezslav_cizek:branches:security:tls

- Update to 1.1.1 release
  * This is the first official release of the OpenSSL 1.1.1 branch
    which brings TLS 1.3 support
- remove all TLS 1.3 ciphers from the DEFAULT_SUSE cipher list as they
  are configured differently
  * modified openssl-DEFAULT_SUSE_cipher.patch
- drop obsolete openssl-pretend_we_are_not_beta.patch

OBS-URL: https://build.opensuse.org/request/show/635009
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=22

openssl-1.1.1-pre9.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c
-size 8411103

openssl-1.1.1-pre9.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlt8Ah8ACgkQ2cTSbQ5g
-RJG1ZQf+OUe+cQhEUtUrDrNSxyIG1V19YRRCo3phQ3wpSs2rvxo7Ngyk339iGTBL
-SWau3y/SJZAl98XeeQO4KCD6/zSgEnqI3zPBhuJ97PPBojqEfbBNPD9ymu/CYlJJ
-c9SLqFuJs4mF9mDWOT5lA5b871lnY7Pi/dgx8T6Cue4b182AnbvlqYNphv/Q5Cns
-52tsa9vMqazinePxRK0Obs8Mc/dmlOqINr7WjrovWJdUXc6DdAhyslPqZSjzb7s5
-1+3MSVKnYl3QReovrg3brLl4m3NRFxGpisaSD8MmCR/BJsJDyiVZa0Q3YJ+cShL4
-+bmfg6hTchbZIBg3H/dAgrKdKIXbFw==
-=ufCN
------END PGP SIGNATURE-----

openssl-1.1.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d
+size 8337920

openssl-1.1.1.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAluXuZ8ACgkQ2cTSbQ5g
+RJE8LQgAiaOFIraF4VQu/mWxUKiO0IkoH//tgorru7XBnhG1F4RgCGNtoiACUgDz
+uWZDiFusutYQtZ6ANekBkqDwN1FhUhjg929jDuYhQEKGgncxkjHK8mWrObSY73TC
+16AOV21GH0rCrwBotdGO2eLgae2Qgrrek/3a7O0iRWKugwZoKB4D9a/JJc2LGkQJ
+UwIO7jx5RHEVoSPr1mQcquF0qGKDXtN575AGk1Kl1W5M3s0Zaemtl1gxCqDYYF0U
+dPlP6beEM6r9LuNJtO/rjXz+ZJD9CzF3+O/fgCdxvkmjRklBaOf8qMJdlrkpsURQ
+S0ulq/7KguoluU1IJxnF5XsK+yQKWw==
+=wvEX
+-----END PGP SIGNATURE-----

openssl-1_1.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Sep 11 13:49:06 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Update to 1.1.1 release
+  * This is the first official release of the OpenSSL 1.1.1 branch
+    which brings TLS 1.3 support
+- remove all TLS 1.3 ciphers from the DEFAULT_SUSE cipher list as they
+  are configured differently
+  * modified openssl-DEFAULT_SUSE_cipher.patch
+- drop obsolete openssl-pretend_we_are_not_beta.patch
+
 -------------------------------------------------------------------
 Thu Aug 23 13:21:00 UTC 2018 - vcizek@suse.com
 

openssl-1_1.spec

@@ -19,21 +19,19 @@
 %define ssletcdir %{_sysconfdir}/ssl
 %define maj_min 1.1
 %define _rname  openssl
-%define pre_version pre9
-%define xversion 1.1.1-%{pre_version}
 Name:           openssl-1_1
 # Don't forget to update the version in the "openssl" package!
-Version:        1.1.1~%{pre_version}
+Version:        1.1.1
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
 Group:          Productivity/Networking/Security
 URL:            https://www.openssl.org/
-Source:         https://www.%{_rname}.org/source/%{_rname}-%{xversion}.tar.gz
+Source:         https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
 # to get mtime of file:
 Source1:        %{name}.changes
 Source2:        baselibs.conf
-Source3:        https://www.%{_rname}.org/source/%{_rname}-%{xversion}.tar.gz.asc
+Source3:        https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
 # https://www.openssl.org/about/
 # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
 Source4:        %{_rname}.keyring
@@ -45,7 +43,6 @@ Patch3:         openssl-pkgconfig.patch
 Patch4:         openssl-DEFAULT_SUSE_cipher.patch
 Patch5:         openssl-ppc64-config.patch
 Patch6:         openssl-no-date.patch
-Patch7:         openssl-pretend_we_are_not_beta.patch
 BuildRequires:  bc
 BuildRequires:  ed
 BuildRequires:  pkgconfig
@@ -108,7 +105,7 @@ This package contains optional documentation provided in addition to
 this package's base documentation.
 
 %prep
-%setup -q -n %{_rname}-%{xversion}
+%setup -q -n %{_rname}-%{version}
 %autopatch -p1
 
 %build

openssl-DEFAULT_SUSE_cipher.patch

@@ -1,7 +1,7 @@
-Index: openssl-1.1.1-pre9/ssl/ssl_ciph.c
+Index: openssl-1.1.1/ssl/ssl_ciph.c
 ===================================================================
---- openssl-1.1.1-pre9.orig/ssl/ssl_ciph.c	2018-08-21 14:14:15.000000000 +0200
+--- openssl-1.1.1.orig/ssl/ssl_ciph.c	2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1-pre9/ssl/ssl_ciph.c	2018-08-24 11:06:56.552423004 +0200
++++ openssl-1.1.1/ssl/ssl_ciph.c	2018-09-11 16:38:40.412543331 +0200
 @@ -1567,7 +1567,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
       */
      ok = 1;
@@ -18,16 +18,15 @@ Index: openssl-1.1.1-pre9/ssl/ssl_ciph.c
          ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
                                          &head, &tail, ca_list, c);
          rule_p += 7;
-Index: openssl-1.1.1-pre9/include/openssl/ssl.h
+Index: openssl-1.1.1/include/openssl/ssl.h
 ===================================================================
---- openssl-1.1.1-pre9.orig/include/openssl/ssl.h	2018-08-21 14:14:15.000000000 +0200
+--- openssl-1.1.1.orig/include/openssl/ssl.h	2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1-pre9/include/openssl/ssl.h	2018-08-24 11:14:42.067529045 +0200
++++ openssl-1.1.1/include/openssl/ssl.h	2018-09-11 16:45:20.979303981 +0200
-@@ -171,6 +171,12 @@ extern "C" {
+@@ -171,6 +171,11 @@ extern "C" {
   * This applies to ciphersuites for TLSv1.2 and below.
   */
  # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_SUSE_CIPHER_LIST "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"\
++# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
-+    "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
 +    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
 +    "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
 +    "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
@@ -35,10 +34,10 @@ Index: openssl-1.1.1-pre9/include/openssl/ssl.h
  /* This is the default set of TLSv1.3 ciphersuites */
  # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
-Index: openssl-1.1.1-pre9/test/recipes/99-test_suse_default_ciphers.t
+Index: openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.1.1-pre9/test/recipes/99-test_suse_default_ciphers.t	2018-08-24 11:46:43.464529473 +0200
++++ openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t	2018-09-11 16:38:23.292423281 +0200
 @@ -0,0 +1,23 @@
 +#! /usr/bin/env perl
 +

openssl-pretend_we_are_not_beta.patch

@@ -1,13 +0,0 @@
-Index: openssl-1.1.1-pre9/include/openssl/opensslv.h
-===================================================================
---- openssl-1.1.1-pre9.orig/include/openssl/opensslv.h	2018-08-22 14:07:29.797858054 +0200
-+++ openssl-1.1.1-pre9/include/openssl/opensslv.h	2018-08-22 14:07:57.718041454 +0200
-@@ -39,7 +39,7 @@ extern "C" {
-  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
-  *  major minor fix final patch/beta)
-  */
--# define OPENSSL_VERSION_NUMBER  0x10101009L
-+# define OPENSSL_VERSION_NUMBER  0x1010100fL
- # define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018"
- 
- /*-