From 11127842fa96ec7e2c21ee5f31dea0d4e8c708d065cea7a1af9bab41e10b5cf2 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Sun, 4 Aug 2013 14:59:21 +0000 Subject: [PATCH] Accepting request 185827 from Base:System - 0005-libssl-Hide-library-private-symbols.patch: hide private symbols, this *only* applies to libssl where it is straightforward to do so as applications should not be using any of the symbols declared/defined in headers that the library does not install. A separate patch MAY be provided in the future for libcrypto where things are much more complicated and threfore requires careful testing. (forwarded request 185819 from elvigia) OBS-URL: https://build.opensuse.org/request/show/185827 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=93 --- ...-libssl-Hide-library-private-symbols.patch | 67 +++++++++++++++++++ openssl.changes | 12 ++++ openssl.spec | 2 + 3 files changed, 81 insertions(+) create mode 100644 0005-libssl-Hide-library-private-symbols.patch diff --git a/0005-libssl-Hide-library-private-symbols.patch b/0005-libssl-Hide-library-private-symbols.patch new file mode 100644 index 0000000..1920d45 --- /dev/null +++ b/0005-libssl-Hide-library-private-symbols.patch @@ -0,0 +1,67 @@ +From 89d5aecbc62842651cf22e48c405eb435feb0df3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Wed, 24 Jul 2013 23:29:05 -0400 +Subject: [PATCH 5/5] libssl: Hide library private symbols + +This patch only contains the libssl part (the easy one) +patch to libcrypto will follow after it is complete and good enough. + +It hides all the library symbols that are not part of the public +API/ABI when GCC 4 or later is used. +--- + ssl/kssl_lcl.h | 9 +++++++++ + ssl/ssl_locl.h | 8 ++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h +index c039c91..69972b1 100644 +--- a/ssl/kssl_lcl.h ++++ b/ssl/kssl_lcl.h +@@ -61,6 +61,10 @@ + + #include + ++#if defined(__GNUC__) && __GNUC__ >= 4 ++#pragma GCC visibility push(hidden) ++#endif ++ + #ifndef OPENSSL_NO_KRB5 + + #ifdef __cplusplus +@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); + } + #endif + #endif /* OPENSSL_NO_KRB5 */ ++ ++#if defined(__GNUC__) && __GNUC__ >= 4 ++#pragma GCC visibility pop ++#endif ++ + #endif /* KSSL_LCL_H */ +diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h +index 56f9b4b..dde4e3e 100644 +--- a/ssl/ssl_locl.h ++++ b/ssl/ssl_locl.h +@@ -165,6 +165,10 @@ + #include + #include + ++#if defined(__GNUC__) && __GNUC__ >= 4 ++#pragma GCC visibility push(hidden) ++#endif ++ + #ifdef OPENSSL_BUILD_SHLIBSSL + # undef OPENSSL_EXTERN + # define OPENSSL_EXTERN OPENSSL_EXPORT +@@ -1357,4 +1361,8 @@ void tls_fips_digest_extra( + const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, + const unsigned char *data, size_t data_len, size_t orig_len); + ++#if defined(__GNUC__) && __GNUC__ >= 4 ++#pragma GCC visibility pop ++#endif ++ + #endif +-- +1.8.3.1 + diff --git a/openssl.changes b/openssl.changes index f531d23..3db9cf6 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Sat Aug 3 21:15:07 UTC 2013 - crrodriguez@opensuse.org + +- 0005-libssl-Hide-library-private-symbols.patch: hide + private symbols, this *only* applies to libssl where + it is straightforward to do so as applications should + not be using any of the symbols declared/defined in headers + that the library does not install. + A separate patch MAY be provided in the future for libcrypto + where things are much more complicated and threfore requires + careful testing. + ------------------------------------------------------------------- Mon Jul 29 08:06:48 UTC 2013 - meissner@suse.com diff --git a/openssl.spec b/openssl.spec index e473bef..f33cc1c 100644 --- a/openssl.spec +++ b/openssl.spec @@ -50,6 +50,7 @@ Patch4: VIA_padlock_support_on_64systems.patch Patch5: openssl-fix-pod-syntax.diff Patch6: openssl-1.0.1e-truststore.diff Patch7: compression_methods_switch.patch +Patch8: 0005-libssl-Hide-library-private-symbols.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -133,6 +134,7 @@ this package's base documentation. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags