Accepting request 1172786 from home:gbelinassi:branches:security:tls

- Enable livepatching support (bsc#1223428) OBS-URL: https://build.opensuse.org/request/show/1172786 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=98
2024-05-09 13:24:04 +00:00 · 2024-05-09 13:24:04 +00:00 · 6ed66302c1
commit 6ed66302c1
parent b5e1eac45b
2 changed files with 18 additions and 0 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue May  7 13:35:31 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Enable livepatching support (bsc#1223428)
+
 -------------------------------------------------------------------
 Tue May  7 11:51:38 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>

--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -22,6 +22,10 @@
 %define man_suffix 3ssl
 %global sslengcnf %{ssletcdir}/engines%{sover}.d
 %global sslengdef %{ssletcdir}/engdef%{sover}.d
+
+# Enable userspace livepatching.
+%define livepatchable 1
+
 Name:           openssl-3
 # Don't forget to update the version in the "openssl" meta-package!
 Version:        3.1.4
@ -86,6 +90,13 @@ Patch27:        openssl-CVE-2024-0727.patch
 # PATCH-FIX-UPSTREAM: bsc#1222548 CVE-2024-2511: Unbounded memory growth with session handling in TLSv1.3
 Patch28:        openssl-CVE-2024-2511.patch
 BuildRequires:  pkgconfig
+%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
+BuildRequires:  ulp-macros
+%else
+# Define ulp-macros macros as empty
+%define cflags_livepatching ""
+%define pack_ipa_dumps      echo "Livepatching is disabled in this build"
+%endif
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}
 Requires:       openssl
@ -188,6 +199,7 @@ export MACHINE=armv6l
    --libdir=%{_lib} \
    --openssldir=%{ssletcdir} \
    %{optflags} \
+    %{cflags_livepatching} \
    -Wa,--noexecstack \
    -Wl,-z,relro,-z,now \
    -fno-common \
@ -252,6 +264,7 @@ gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{build
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers

 %install
+%{pack_ipa_dumps}
 %make_install %{?_smp_mflags} MANSUFFIX=%{man_suffix}

 rename so.%{sover} so.%{version} %{buildroot}%{_libdir}/*.so.%{sover}