From 111e45e6ea638d40b41fcd078f3cf5ad74339802f165a1cb63ce2d564f97438f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 12 Jun 2017 14:36:49 +0000 Subject: [PATCH] Accepting request 503203 from home:dmolkentin:branches:security - Port to OpenSSL 1.1 (osc#1042649) Adds openssl-1_1-port.patch OBS-URL: https://build.opensuse.org/request/show/503203 OBS-URL: https://build.opensuse.org/package/show/security/fipscheck?expand=0&rev=12 --- fipscheck.changes | 6 +++++ fipscheck.spec | 4 +++- openssl-1_1-port.patch | 50 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 openssl-1_1-port.patch diff --git a/fipscheck.changes b/fipscheck.changes index 31cc4f0..61842e7 100644 --- a/fipscheck.changes +++ b/fipscheck.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 12 14:21:41 UTC 2017 - daniel.molkentin@suse.com + +- Port to OpenSSL 1.1 (osc#1042649) + Adds openssl-1_1-port.patch + ------------------------------------------------------------------- Mon Apr 13 08:50:02 UTC 2015 - jengelh@inai.de diff --git a/fipscheck.spec b/fipscheck.spec index 1c5b10a..ed19aa7 100644 --- a/fipscheck.spec +++ b/fipscheck.spec @@ -1,7 +1,7 @@ # # spec file for package fipscheck # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,7 @@ Group: Development/Libraries/C and C++ Url: http://fedorahosted.org/fipscheck/ Source0: http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2 Source1: baselibs.conf +Patch0: openssl-1_1-port.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libopenssl-devel >= 0.9.8j Requires: %{lname} = %{version} @@ -57,6 +58,7 @@ This package contains development files for %{name}. %prep %setup -q +%patch0 -p1 %build %configure --disable-static --libdir=/%{_lib} diff --git a/openssl-1_1-port.patch b/openssl-1_1-port.patch new file mode 100644 index 0000000..3bc44d1 --- /dev/null +++ b/openssl-1_1-port.patch @@ -0,0 +1,50 @@ +Index: fipscheck-1.4.1/src/filehmac.c +=================================================================== +--- fipscheck-1.4.1.orig/src/filehmac.c ++++ fipscheck-1.4.1/src/filehmac.c +@@ -166,7 +166,7 @@ compute_file_hmac(const char *path, void + int prelink = 0; + #endif + int rv = -1; +- HMAC_CTX c; ++ HMAC_CTX *c; + unsigned char rbuf[READ_BUFFER_LENGTH]; + size_t len; + unsigned int hlen; +@@ -178,7 +178,7 @@ compute_file_hmac(const char *path, void + } + } + +- HMAC_CTX_init(&c); ++ c = HMAC_CTX_new(); + + #ifdef CALL_PRELINK + if (access(PATH_PRELINK, X_OK) == 0) { +@@ -197,15 +197,15 @@ compute_file_hmac(const char *path, void + goto end; + } + +- HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256()); ++ HMAC_Init_ex(c, hmackey, sizeof(hmackey)-1, EVP_sha256(), NULL); + + while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) { +- HMAC_Update(&c, rbuf, len); ++ HMAC_Update(c, rbuf, len); + } + + len = sizeof(rbuf); + /* reuse rbuf for hmac */ +- HMAC_Final(&c, rbuf, &hlen); ++ HMAC_Final(c, rbuf, &hlen); + + *buf = malloc(hlen); + if (*buf == NULL) { +@@ -219,7 +219,7 @@ compute_file_hmac(const char *path, void + + rv = 0; + end: +- HMAC_CTX_cleanup(&c); ++ HMAC_CTX_free(c); + + if (f) + fclose(f);