Accepting request 1130970 from home:ohollmann:branches:security:tls

- Add openssl-Fix_test_symbol_presence.patch OBS-URL: https://build.opensuse.org/request/show/1130970 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=81
2023-12-05 11:55:06 +00:00 · 2023-12-05 11:55:06 +00:00 · b29904586e
commit b29904586e
parent 259f0441ec
3 changed files with 139 additions and 4 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -269,6 +269,7 @@ Thu Nov 23 16:07:51 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
  Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in
  https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231
  thereby making this patch obsolete as builds *should* still be reproducible.
+- Add openssl-Fix_test_symbol_presence.patch

 -------------------------------------------------------------------
 Mon Nov 13 09:29:26 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -51,6 +51,8 @@ Patch8:         openssl-Revert-Makefile-Call-mknum.pl-on-make-ordinals-only-if.p
 # PATCH-FIX-FEDORA Add FIPS_mode compatibility macro and flag support
 Patch9:         openssl-Add-FIPS_mode-compatibility-macro.patch
 Patch10:        openssl-Add-Kernel-FIPS-mode-flag-support.patch
+# PATCH-FIX-UPSTREAM Fix test/recipes/01-test_symbol_presence.t
+Patch11:        openssl-Fix_test_symbol_presence.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}
@ -176,11 +178,7 @@ export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 #export HARNESS_VERBOSE=yes
-%ifarch %{ix86} #Skip test, see issue#22837
-LD_LIBRARY_PATH="$PWD" make TESTS='-test_symbol_presence' test -j16
-%else
 LD_LIBRARY_PATH="$PWD" make test -j16
-%endif

 # show ciphers
 gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
--- a/openssl-Fix_test_symbol_presence.patch
+++ b/openssl-Fix_test_symbol_presence.patch
@ -0,0 +1,136 @@
+From 38cf48b3044749fd5b37e36e5d9b2dc9fe7056ff Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Thu, 30 Nov 2023 08:48:33 +0100
+Subject: [PATCH 1/3] test/recipes/01-test_symbol_presence.t: Ignore symbols
+ starting with '__'
+
+On some platforms, the compiler may add symbols that aren't ours and that we
+should ignore.
+
+They are generally expected to start with a double underscore, and thereby
+easy to detect.
+
+Fixes #22869 (partially)
+---
+ test/recipes/01-test_symbol_presence.t | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 9efa9f8d2d6eb..66e5669e193c7 100644
+--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
+@@ -124,7 +124,13 @@ foreach (sort keys %stlibname) {
+                 # Return the result
+                 $_
+             }
+-            grep(m|.* [BCDST] .*|, @$_);
+            # Drop any symbol starting with a double underscore, they
+            # are reserved for the compiler / system ABI and are none
+            # of our business
+            grep !m|^__|,
+            # Only look at external definitions
+            grep m|.* [BCDST] .*|,
+            @$_ ),
+     }
+ 
+     # Massage the mkdef.pl output to only contain global symbols
+
+From feead62eb7873c6a8a95e75ad5ca3ac7b9ed8bcd Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Thu, 30 Nov 2023 09:02:25 +0100
+Subject: [PATCH 2/3] test/recipes/01-test_symbol_presence.t: Treat common
+ symbols specially
+
+Common symbols (type 'C' in the 'nm' output) are allowed to be defined more
+than once.  This makes test/recipes/01-test_symbol_presence.t reflect that.
+
+Fixes #22869 (partially)
+Fixes #22837
+---
+ test/recipes/01-test_symbol_presence.t | 45 +++++++++++++++++---------
+ 1 file changed, 30 insertions(+), 15 deletions(-)
+
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 66e5669e193c7..cd3ac48bae5e7 100644
+--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
+@@ -114,23 +114,38 @@ foreach (sort keys %stlibname) {
+     my @arrays = ( \@stlib_lines );
+     push @arrays, \@shlib_lines unless disabled('shared');
+     foreach (@arrays) {
+        my %commons;
+        foreach (@$_) {
+            if (m|^(.*) C .*|) {
+                $commons{$1}++;
+            }
+        }
+        foreach (sort keys %commons) {
+            note "Common symbol: $_";
+        }
+
+         @$_ =
+             sort
+-            map {
+-                # Drop the first space and everything following it
+-                s| .*||;
+-                # Drop OpenSSL dynamic version information if there is any
+-                s|\@\@.+$||;
+-                # Return the result
+-                $_
+-            }
+-            # Drop any symbol starting with a double underscore, they
+-            # are reserved for the compiler / system ABI and are none
+-            # of our business
+-            grep !m|^__|,
+-            # Only look at external definitions
+-            grep m|.* [BCDST] .*|,
+-            @$_ ),
+            ( map {
+                  # Drop the first space and everything following it
+                  s| .*||;
+                  # Drop OpenSSL dynamic version information if there is any
+                  s|\@\@.+$||;
+                  # Drop any symbol starting with a double underscore, they
+                  # are reserved for the compiler / system ABI and are none
+                  # of our business
+                  s|^__||;
+                  # Return the result
+                  $_
+              }
+              # Drop any symbol starting with a double underscore, they
+              # are reserved for the compiler / system ABI and are none
+              # of our business
+              grep !m|^__|,
+              # Only look at external definitions
+              grep m|.* [BDST] .*|,
+              @$_ ),
+            keys %commons;
+     }
+ 
+     # Massage the mkdef.pl output to only contain global symbols
+
+From 1055cefa6718167759e51165324b10345f8e7a99 Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Thu, 30 Nov 2023 10:09:41 +0100
+Subject: [PATCH 3/3] fixup! test/recipes/01-test_symbol_presence.t: Treat
+ common symbols specially
+
+---
+ test/recipes/01-test_symbol_presence.t | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index cd3ac48bae5e7..222b1886aec01 100644
+--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
+@@ -131,10 +131,6 @@ foreach (sort keys %stlibname) {
+                   s| .*||;
+                   # Drop OpenSSL dynamic version information if there is any
+                   s|\@\@.+$||;
+-                  # Drop any symbol starting with a double underscore, they
+-                  # are reserved for the compiler / system ABI and are none
+-                  # of our business
+-                  s|^__||;
+                   # Return the result
+                   $_
+               }