openssl/openssl-gcc-attributes.patch
Stephan Kulow 0bb9b0ad33 Accepting request 231108 from Base:System
- Build everything with full RELRO (-Wl,-z,relro,-z,now)
- Remove -fstack-protector from the hardcoded build options
  it is already in RPM_OPT_FLAGS and is replaced by 
  -fstack-protector-strong with gcc 4.9

- Remove the "gmp" and "capi" shared engines, nobody noticed 
  but they are just dummies that do nothing. 

- Use enable-rfc3779 to allow projects such as rpki.net 
  to work in openSUSE and match the functionality
  available in Debian/Fedora/etc

- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix 
  CVE-2010-5298 and disable the internal BUF_FREELISTS
  functionality. it hides bugs like heartbleed and is
  there only for systems on which malloc() free() are slow.
- ensure we export MALLOC_CHECK and PERTURB during the test
  suite, now that the freelist functionality is disabled it
  will help to catch bugs before they hit users.

- openssl-libssl-noweakciphers.patch do not offer "export"
  or "low" quality ciphers by default. using such ciphers
  is not forbidden but requires an explicit request

- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does 
  not return memory of "num * old_num" but only "num" size
  fortunately this function is currently unused. (forwarded request 230868 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/231108
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=114
2014-04-26 15:01:45 +00:00

35 lines
1.5 KiB
Diff

--- openssl-1.0.1g.orig/crypto/cryptlib.h
+++ openssl-1.0.1g/crypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
void OPENSSL_cpuid_setup(void);
extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta,...);
+void OPENSSL_showfatal(const char *fmta,...) __attribute__ ((format (printf, 1, 2)));
void *OPENSSL_stderr(void);
extern int OPENSSL_NONPIC_relocated;
--- openssl-1.0.1g.orig/crypto/crypto.h
+++ openssl-1.0.1g/crypto/crypto.h
@@ -487,15 +487,15 @@ void CRYPTO_get_mem_debug_functions(void
void (**so)(long),
long (**go)(void));
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
+void *CRYPTO_malloc_locked(int num, const char *file, int line) __attribute__((alloc_size(1)));
void CRYPTO_free_locked(void *ptr);
-void *CRYPTO_malloc(int num, const char *file, int line);
+void *CRYPTO_malloc(int num, const char *file, int line) __attribute__((alloc_size(1)));
char *CRYPTO_strdup(const char *str, const char *file, int line);
void CRYPTO_free(void *ptr);
-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+void *CRYPTO_realloc(void *addr,int num, const char *file, int line) __attribute__((alloc_size(2)));
void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
- int line);
-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+ int line) __attribute__((alloc_size(3)));
+void *CRYPTO_remalloc(void *addr,int num, const char *file, int line) __attribute__((alloc_size(2)));
void OPENSSL_cleanse(void *ptr, size_t len);