3
0
forked from pool/fipscheck

Accepting request 731275 from home:vitezslav_cizek:branches:security

- Remove #include of unused fips.h to fix build with OpenSSL 1.1.1
  (bsc#1149792)
  * add fipscheck-fips.h_not_needed.patch
- Drop obsolete openssl-1_1-port.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/731275
OBS-URL: https://build.opensuse.org/package/show/security/fipscheck?expand=0&rev=21
This commit is contained in:
Marcus Meissner 2019-09-16 17:15:28 +00:00 committed by Git OBS Bridge
parent c70e068c2f
commit 7713de0e65
5 changed files with 24 additions and 62 deletions

View File

@ -1,7 +1,7 @@
Index: fipscheck-1.5.0/man/Makefile.in
===================================================================
--- fipscheck-1.5.0.orig/man/Makefile.in 2017-02-23 15:49:16.000000000 +0100
+++ fipscheck-1.5.0/man/Makefile.in 2019-01-03 12:03:26.003429620 +0100
+++ fipscheck-1.5.0/man/Makefile.in 2019-09-16 12:46:20.335487000 +0200
@@ -567,7 +567,7 @@ uninstall-man: uninstall-man3 uninstall-

View File

@ -0,0 +1,12 @@
Index: fipscheck-1.5.0/src/filehmac.c
===================================================================
--- fipscheck-1.5.0.orig/src/filehmac.c 2019-09-16 12:47:15.843827233 +0200
+++ fipscheck-1.5.0/src/filehmac.c 2019-09-16 12:47:20.847857908 +0200
@@ -41,7 +41,6 @@
#include <sys/wait.h>
#if defined(WITH_OPENSSL)
-#include <openssl/fips.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#elif defined(WITH_NSS)

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Sep 16 10:48:51 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Remove #include of unused fips.h to fix build with OpenSSL 1.1.1
(bsc#1149792)
* add fipscheck-fips.h_not_needed.patch
- Drop obsolete openssl-1_1-port.patch (upstream)
-------------------------------------------------------------------
Thu Jan 3 11:08:27 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>

View File

@ -26,20 +26,14 @@ Summary: A library for integrity verification of FIPS validated modules
License: BSD-2-Clause
Group: Development/Libraries/C and C++
URL: https://releases.pagure.org/%{name}/
# Source0 is a local file because current version is 1.5.0,
# but the latest in the official release folder is 1.4.1
Source0: https://releases.pagure.org/fipscheck/%{name}-%{version}.tar.bz2
Source1: baselibs.conf
Patch0: openssl-1_1-port.patch
Patch1: fipscheck-dont_generate_manpages.patch
Patch2: fipscheck-fips.h_not_needed.patch
BuildRequires: autoconf
BuildRequires: automake
%if 0%{?suse_version} >= 1500
BuildRequires: libopenssl-1_0_0-devel
%else
BuildRequires: libopenssl-devel
%endif
BuildRequires: libtool
BuildRequires: pkgconfig(openssl)
Requires: %{lname} = %{version}
%description
@ -65,10 +59,8 @@ This package contains development files for %{name}.
%prep
%setup -q
if pkg-config --atleast-version=1.1 openssl; then
%patch0 -p1
fi
%patch1 -p1
%patch2 -p1
%build
%configure --disable-static --libdir=/%{_lib}

View File

@ -1,50 +0,0 @@
Index: fipscheck-1.4.1/src/filehmac.c
===================================================================
--- fipscheck-1.4.1.orig/src/filehmac.c
+++ fipscheck-1.4.1/src/filehmac.c
@@ -166,7 +166,7 @@ compute_file_hmac(const char *path, void
int prelink = 0;
#endif
int rv = -1;
- HMAC_CTX c;
+ HMAC_CTX *c;
unsigned char rbuf[READ_BUFFER_LENGTH];
size_t len;
unsigned int hlen;
@@ -178,7 +178,7 @@ compute_file_hmac(const char *path, void
}
}
- HMAC_CTX_init(&c);
+ c = HMAC_CTX_new();
#ifdef CALL_PRELINK
if (access(PATH_PRELINK, X_OK) == 0) {
@@ -197,15 +197,15 @@ compute_file_hmac(const char *path, void
goto end;
}
- HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+ HMAC_Init_ex(c, hmackey, sizeof(hmackey)-1, EVP_sha256(), NULL);
while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
- HMAC_Update(&c, rbuf, len);
+ HMAC_Update(c, rbuf, len);
}
len = sizeof(rbuf);
/* reuse rbuf for hmac */
- HMAC_Final(&c, rbuf, &hlen);
+ HMAC_Final(c, rbuf, &hlen);
*buf = malloc(hlen);
if (*buf == NULL) {
@@ -219,7 +219,7 @@ compute_file_hmac(const char *path, void
rv = 0;
end:
- HMAC_CTX_cleanup(&c);
+ HMAC_CTX_free(c);
if (f)
fclose(f);