Accepting request 186710 from Base:System

Fix bug[ bnc#832833] openssl ssl_set_cert_masks() is broken; Add patch file: SSL_get_certificate-broken.patch (forwarded request 186693 from shawn2012) OBS-URL: https://build.opensuse.org/request/show/186710 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=94
2013-08-13 09:00:53 +00:00
parent 11127842fa
commit a79c9d166c
5 changed files with 206 additions and 0 deletions
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Mon Aug 12 06:05:03 UTC 2013 - shchang@suse.com
+
+- Fix bug[ bnc#832833] openssl ssl_set_cert_masks() is broken
+  modify patch file: SSL_get_certificate-broken.patch
+
+-------------------------------------------------------------------
+Fri Aug  9 23:24:14 UTC 2013 - crrodriguez@opensuse.org
+
+- Via padlock is only found in x86 and x86_64 CPUs, remove 
+  the shared module for other archs.
+
+-------------------------------------------------------------------
+Wed Aug  7 18:30:45 UTC 2013 - crrodriguez@opensuse.org
+
+- Cleanup engines that are of no use in a modern linux distro
+- The following engines stay:
+* libcapi.so --> usable in case you have third party /dev/crypto
+* libgmp.so --> may help to doing some maths using GMP
+* libgost.so --> implements the GOST block cipher
+* libpadlock.so --> VIA padlock support
+- Al other are removed because they require third party propietary 
+ shared libraries nowhere to be found or that we can test.
+
+-------------------------------------------------------------------
+Wed Aug  7 18:30:23 UTC 2013 - crrodriguez@opensuse.org
+
+- openssl-pkgconfig.patch: Here we go.. For applications 
+to benefit fully of features provided by openSSL engines 
+(rdrand, aes-ni..etc) either builtin or in DSO form applications 
+have to call ENGINE_load_builtin_engines() or OPENSSL_config()
+unfortunately from a total of 68 apps/libraries linked to libcrypto
+in a desktop system, only 4 do so, and there is a sea of buggy
+code that I dont feel like fixing.
+Instead we can pass -DOPENSSL_LOAD_CONF in the pkgconfig files
+so the needed operation becomes implicit the next time such apps
+are recompiled, see OPENSSL_config(3)
+Unfortunately this does not fix everything, because there are apps
+not using pkgconfig or using it incorrectly, but it is a good start.
+
+-------------------------------------------------------------------
+Wed Aug  7 09:33:55 UTC 2013 - dmueller@suse.com
+
+- add openssl-1.0.1c-default-paths.patch:
+  Fix from Fedora for openssl s_client not setting 
+  CApath by default
+
 -------------------------------------------------------------------
 Sat Aug  3 21:15:07 UTC 2013 - crrodriguez@opensuse.org