diff --git a/openssl-3.changes b/openssl-3.changes index bfe1d99..ba1c6d8 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Sat Mar 19 10:05:22 UTC 2022 - Pedro Monreal + +- Enable zlib compression support [bsc#1195149] + +------------------------------------------------------------------- +Fri Mar 18 22:27:34 UTC 2022 - Pedro Monreal + +- Add crypto-policies support. + * Fix some tests that couldn't find the openssl3.cnf location + * Rebase patch: + openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch + ------------------------------------------------------------------- Tue Mar 15 17:41:47 UTC 2022 - Pedro Monreal diff --git a/openssl-3.spec b/openssl-3.spec index b60c87f..dd60dd1 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -49,8 +49,12 @@ Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch Patch9: openssl-use-versioned-config.patch Patch10: fix-config-in-tests.patch BuildRequires: pkgconfig +BuildRequires: pkgconfig(zlib) # Add requires for ct_log_list.cnf{,.dist} Requires: openssl +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies +%endif %description OpenSSL is a software library to be used in applications that need to @@ -60,6 +64,9 @@ OpenSSL contains an implementation of the SSL and TLS protocols. %package -n libopenssl3 Summary: Secure Sockets and Transport Layer Security +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies +%endif Recommends: ca-certificates-mozilla %description -n libopenssl3 @@ -71,6 +78,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols. %package -n libopenssl-3-devel Summary: Development files for OpenSSL Requires: libopenssl3 = %{version} +Requires: pkgconfig(zlib) Recommends: %{name} = %{version} # We need to have around only the exact version we are able to operate with Conflicts: libopenssl-devel < %{version} @@ -112,6 +120,7 @@ export MACHINE=armv6l enable-ec_nistp_64_gcc_128 \ %endif enable-camellia \ + zlib \ --prefix=%{_prefix} \ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ @@ -125,7 +134,8 @@ export MACHINE=armv6l -DOPENSSL_NO_BUF_FREELISTS \ $(getconf LFS_CFLAGS) \ -Wall \ - --with-rand-seed=getrandom + --with-rand-seed=getrandom \ + --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config # Show build configuration perl configdata.pm --dump @@ -135,16 +145,14 @@ perl configdata.pm --dump %make_build all %check + +# We must revert patch8 before running tests, otherwise they will fail. +patch -p1 -R < %{P:8} + export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) # export HARNESS_VERBOSE=yes -LD_LIBRARY_PATH="$PWD" make TESTS='-test_req\ - -test_verify_store\ - -test_evp_fetch_prov\ - -test_ca\ - -test_ssl_old\ - -test_tsa'\ - test -j1 +LD_LIBRARY_PATH="$PWD" make TESTS='-test_evp_fetch_prov -test_tsa' test -j1 # show ciphers gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers diff --git a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index e98b342..2f3a8ef 100644 --- a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -216,14 +216,6 @@ Index: openssl-3.0.1/ssl/ssl_ciph.c /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1656,6 +1713,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - if (!sk_SSL_CIPHER_push(cipherstack, sslc)) { - OPENSSL_free(co_list); - sk_SSL_CIPHER_free(cipherstack); -+ OPENSSL_free(co_list); - return NULL; - } - } @@ -1690,6 +1748,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ *cipher_list = cipherstack;