Accepting request 680106 from home:pmonrealgonzalez:branches:security:tls

OBS-URL: https://build.opensuse.org/request/show/680106
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=29

openssl-1.1.1a.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
-size 8350547

openssl-1.1.1a.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0DbMACgkQ2cTSbQ5g
-RJGUbggAl++4r/VsG6AN1h+yvJZuUtwE9mhTkiYvywhWOUOTdIJLzTUDaEhpgu6R
-uFCbdL2wazXWYVFvCl5MRX9wHkSPWoC9WB6SJe7fMC+NngnPHjcfw9jGSLJneEFn
-JaGyZMVaoiKelQpmlGRk8X2kLcdAe/c/L6WRvv89thxvlq2zJnjSH0UfqS9LOlP0
-5tVeSz85JhyVoRSxGl/2GhYN2WrI0cY8JN2tz62ijnC/J/LX5KhP0y4Qvh9nqW+m
-0apP+iabyUKdCabSjElEmLVg2CwieQYdN/gAQhpae4P6Qk0tC155xNbgDMgxVD+d
-/rgBC9pXpM1za7WxAq4iQ6C9zFYapA==
-=D+/A
------END PGP SIGNATURE-----

openssl-1.1.1b.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
+size 8213737

openssl-1.1.1b.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlx1SgkACgkQ2cTSbQ5g
+RJHsWwf7BqLAjJhHHU5aBqHCZgvn24wwGjiOsGjo0uNkjigM/1aZafB10CVhhTDA
+kHrZddEd6ZmC7b71WIn/2rVGNycHkSxzcpnLMZ0n6Y7/aqg/5ZeGj3sHPqBjIUWv
+A/uzRnaAxOXQC8bw1RgNKcQr/bP0ZTqWI5uaQR87fQ7Bh1TbKwc+ClvMZ679kx9S
+MHrcxjGmtlbxdkvMuKQMLqGNeaJAPgTAWNLTovawyq4HsFrM52etpAvqqb9MhHoR
+J7zi+PLY+9MUMuwEDVjnK6fCawMLr459c/VPzVcN0v6B5iAZQMVfuFu1INYAqxMC
+8tRz6DYabN1mpTCVTs6OV7IAzNYbjg==
+=B/je
+-----END PGP SIGNATURE-----

openssl-1_1.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 28 12:10:33 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Add strerror.patch to avoid problems with strerror_r() not setting
+  the provided buf
+
 -------------------------------------------------------------------
 Mon Feb 11 14:39:12 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
 

openssl-1_1.spec

@@ -21,7 +21,7 @@
 %define _rname  openssl
 Name:           openssl-1_1
 # Don't forget to update the version in the "openssl" package!
-Version:        1.1.1a
+Version:        1.1.1b
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
@@ -48,6 +48,7 @@ Patch7:         0001-s390x-assembly-pack-perlasm-support.patch
 Patch8:         0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
 # PATCH-FIX-UPSTREAM FATE#326351 Add vectorized poly1305 implementation for s390x (https://github.com/openssl/openssl/pull/7991)
 Patch9:         0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
+Patch10:        strerror.patch
 
 BuildRequires:  bc
 BuildRequires:  ed

strerror.patch

@@ -0,0 +1,30 @@
+Index: openssl-1.1.1b/crypto/o_str.c
+===================================================================
+--- openssl-1.1.1b.orig/crypto/o_str.c	2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/crypto/o_str.c	2019-02-28 13:07:50.382438959 +0100
+@@ -220,19 +220,6 @@ char *OPENSSL_buf2hexstr(const unsigned
+ 
+ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+ {
+-#if defined(_MSC_VER) && _MSC_VER>=1400
+-    return !strerror_s(buf, buflen, errnum);
+-#elif defined(_GNU_SOURCE)
+-    return strerror_r(errnum, buf, buflen) != NULL;
+-#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+-      (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+-    /*
+-     * We can use "real" strerror_r. The OpenSSL version differs in that it
+-     * gives 1 on success and 0 on failure for consistency with other OpenSSL
+-     * functions. Real strerror_r does it the other way around
+-     */
+-    return !strerror_r(errnum, buf, buflen);
+-#else
+     char *err;
+     /* Fall back to non-thread safe strerror()...its all we can do */
+     if (buflen < 2)
+@@ -244,5 +231,4 @@ int openssl_strerror_r(int errnum, char
+     strncpy(buf, err, buflen - 1);
+     buf[buflen - 1] = '\0';
+     return 1;
+-#endif
+ }