forked from pool/fipscheck
Accepting request 1186220 from home:jamborm:gcc14fixes
- Backport upstream patches fipscheck-fix_check_openssl_version.patch and fipscheck-fix_incorrect_length_type.patch to fix C99 violations which are errors by default with GCC 14 [boo#1221714] - although the first one looks like it possibly fixes some more substantial error. Please (assuming the request is OK), forward this to Factory soonish so that we can switch the default compiler. OBS-URL: https://build.opensuse.org/request/show/1186220 OBS-URL: https://build.opensuse.org/package/show/security/fipscheck?expand=0&rev=27
This commit is contained in:
Wolfgang Frisch
Git OBS Bridge
parent
c5f3dec557
commit
0912f26a18
36
fipscheck-fix_check_openssl_version.patch
Normal file
36
fipscheck-fix_check_openssl_version.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 8e8fb5a47d19bc4bb589af06623e710d755bb963 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Doug.Smith" <doug.smith@lairdconnect.com>
|
||||||
|
Date: Tue, 23 Aug 2022 15:13:02 -0400
|
||||||
|
Subject: [PATCH] BZ22308: fipscheck for openssl-3 fails
|
||||||
|
|
||||||
|
Fix openssl version check -- missing include
|
||||||
|
of version <opensslv.h> before check.
|
||||||
|
|
||||||
|
Fix loading of openssl fips provider.
|
||||||
|
|
||||||
|
Bug: 22308
|
||||||
|
---
|
||||||
|
src/filehmac.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/filehmac.c b/src/filehmac.c
|
||||||
|
index 87ad15f..f9b5310 100644
|
||||||
|
--- a/src/filehmac.c
|
||||||
|
+++ b/src/filehmac.c
|
||||||
|
@@ -41,6 +41,7 @@
|
||||||
|
#include <sys/wait.h>
|
||||||
|
|
||||||
|
#if defined(WITH_OPENSSL)
|
||||||
|
+#include <openssl/opensslv.h>
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
#include <openssl/provider.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
@@ -215,7 +216,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips)
|
||||||
|
size_t len;
|
||||||
|
unsigned int hlen;
|
||||||
|
|
||||||
|
- if (force_fips && fips != NULL) {
|
||||||
|
+ if (force_fips && fips == NULL) {
|
||||||
|
fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||||
|
if (fips == NULL) {
|
||||||
|
debug_log("Failed to load FIPS provider\n");
|
||||||
26
fipscheck-fix_incorrect_length_type.patch
Normal file
26
fipscheck-fix_incorrect_length_type.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 05f84f7ec315f1251ffaa151e3b69df68f31c9e9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Isaac Lee <isaac.lee@alliedtelesis.co.nz>
|
||||||
|
Date: Thu, 16 Feb 2023 19:21:59 +1300
|
||||||
|
Subject: [PATCH] filehmac: fix incorrect length type
|
||||||
|
|
||||||
|
EVP_MAC_final() expects a size_t type variable for storing the number of
|
||||||
|
bytes written, but the the variable was declared as unsigned int, causing
|
||||||
|
the function to write 0 to the variable while the actual hmac computation
|
||||||
|
actually successfully completes.
|
||||||
|
---
|
||||||
|
src/filehmac.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/filehmac.c b/src/filehmac.c
|
||||||
|
index f9b5310..f59f09e 100644
|
||||||
|
--- a/src/filehmac.c
|
||||||
|
+++ b/src/filehmac.c
|
||||||
|
@@ -214,7 +214,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips)
|
||||||
|
OSSL_PARAM params[2];
|
||||||
|
unsigned char rbuf[READ_BUFFER_LENGTH];
|
||||||
|
size_t len;
|
||||||
|
- unsigned int hlen;
|
||||||
|
+ size_t hlen;
|
||||||
|
|
||||||
|
if (force_fips && fips == NULL) {
|
||||||
|
fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||||
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 8 15:29:36 UTC 2024 - Martin Jambor <mjambor@suse.com>
|
||||||
|
|
||||||
|
- Backport upstream patches fipscheck-fix_check_openssl_version.patch
|
||||||
|
and fipscheck-fix_incorrect_length_type.patch to fix C99 violations
|
||||||
|
which are errors by default with GCC 14 [boo#1221714] - although the
|
||||||
|
first one looks like it possibly fixes some more substantial error.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 2 14:30:29 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
Wed Nov 2 14:30:29 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package fipscheck
|
# spec file for package fipscheck
|
||||||
#
|
#
|
||||||
# Copyright (c) 2022 SUSE LLC
|
# Copyright (c) 2024 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -28,6 +28,8 @@ Group: Development/Libraries/C and C++
|
|||||||
URL: https://github.com/LairdCP/fipscheck
|
URL: https://github.com/LairdCP/fipscheck
|
||||||
Source0: fipscheck-%version.tar.bz2
|
Source0: fipscheck-%version.tar.bz2
|
||||||
Source1: baselibs.conf
|
Source1: baselibs.conf
|
||||||
|
Patch0: fipscheck-fix_check_openssl_version.patch
|
||||||
|
Patch1: fipscheck-fix_incorrect_length_type.patch
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
@ -57,6 +59,8 @@ This package contains development files for %{name}.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch -P0 -p1
|
||||||
|
%patch -P1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --disable-static
|
%configure --disable-static
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user