pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 934684 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/934684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=28
This commit is contained in:
Dominique Leuenberger 2021-12-05 21:45:45 +00:00 committed by Git OBS Bridge
commit de911df7f8
3 changed files with 64 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
openssl-1_1.changes
View File

@ -1,8 +1,23 @@
-------------------------------------------------------------------
Thu Nov 11 18:50:47 UTC 2021 - Giuliano Belinassi <giuliano.belinassi@suse.com>
- Add support for livepatches (jsc#SLE-20049).
- Generate ipa-clones tarball artifact when livepatching is enabled.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Nov 2 11:34:56 UTC 2021 - Andreas Schneider <asn@cryptomilk.org> Tue Nov 2 11:34:56 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>
- Add missing libopenssl1_1-hmac 32bit package - Add missing libopenssl1_1-hmac 32bit package
-------------------------------------------------------------------
Mon Nov 1 08:51:22 UTC 2021 - Dan Čermák <dcermak@suse.com>
- Drop openssl-no-date.patch
Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in
https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231
thereby making this patch obsolete as builds *should* still be reproducible.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 24 19:32:25 UTC 2021 - Pedro Monreal <pmonreal@suse.com> Tue Aug 24 19:32:25 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

50
openssl-1_1.spec
View File

@ -16,6 +16,26 @@
# #
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
# Enable livepatching support for SLE15-SP4 onwards. It requires
# compiler support introduced there.
%define livepatchable 1
# Set variables for livepatching.
%define _other %{_topdir}/OTHER
%define tar_basename %{_rname}-livepatch-%{version}-%{release}
%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
%define clones_dest_dir %{tar_basename}/%{_arch}
%else
# Unsupported operating system.
%define livepatchable 0
%endif
%ifnarch x86_64
# Unsupported architectures must have livepatch disabled.
%define livepatchable 0
%endif
%define ssletcdir %{_sysconfdir}/ssl %define ssletcdir %{_sysconfdir}/ssl
%define maj_min 1.1 %define maj_min 1.1
%define _rname openssl %define _rname openssl
@ -42,7 +62,6 @@ Patch2: openssl-truststore.patch
Patch3: openssl-pkgconfig.patch Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch Patch5: openssl-ppc64-config.patch
Patch6: openssl-no-date.patch
# PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129 # PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129
Patch8: 0001-s390x-assembly-pack-perlasm-support.patch Patch8: 0001-s390x-assembly-pack-perlasm-support.patch
Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
@ -199,6 +218,9 @@ export MACHINE=armv6l
--libdir=%{_lib} \ --libdir=%{_lib} \
--openssldir=%{ssletcdir} \ --openssldir=%{ssletcdir} \
%{optflags} \ %{optflags} \
%if %{livepatchable}
-fpatchable-function-entry=16,14 -fdump-ipa-clones \
%endif
-Wa,--noexecstack \ -Wa,--noexecstack \
-Wl,-z,relro,-z,now \ -Wl,-z,relro,-z,now \
-fno-common \ -fno-common \
@ -229,6 +251,32 @@ gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{build
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
%install %install
%if %{livepatchable}
# Ipa-clones are files generated by gcc which logs changes made across
# functions, and we need to know such changes to build livepatches
# correctly. These files are intended to be used by the livepatch
# developers and may be retrieved by using `osc getbinaries`.
#
# Create list of ipa-clones.
find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list
# Create ipa-clones destination folder and move clones there.
mkdir -p ipa-clones/%{clones_dest_dir}
while read f; do
_dest=ipa-clones/%{clones_dest_dir}/$f
mkdir -p ${_dest%/*}
cp $f $_dest
done < ipa-clones.list
# Create tar package with the clone files.
tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename}
# Copy tar package to the OTHERS folder
cp %{tar_package_name} %{_other}
%endif # livepatchable
%make_install %{?_smp_mflags} %make_install %{?_smp_mflags}
# kill static libs # kill static libs
rm -f %{buildroot}%{_libdir}/lib*.a rm -f %{buildroot}%{_libdir}/lib*.a

13
openssl-no-date.patch
View File

@ -1,13 +0,0 @@
Index: openssl-1.1.1-pre1/util/mkbuildinf.pl
===================================================================
--- openssl-1.1.1-pre1.orig/util/mkbuildinf.pl 2018-02-13 16:31:28.011389734 +0100
+++ openssl-1.1.1-pre1/util/mkbuildinf.pl 2018-02-13 16:31:51.539764582 +0100
@@ -28,7 +28,7 @@ print <<"END_OUTPUT";
*/
#define PLATFORM "platform: $platform"
-#define DATE "built on: $date"
+#define DATE ""
/*
* Generate compiler_flags as an array of individual characters. This is a