From 7713de0e6571f33074a6c579c8965e0c5d61e6f0563c60ef31cd4c304373f027 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 16 Sep 2019 17:15:28 +0000 Subject: [PATCH] Accepting request 731275 from home:vitezslav_cizek:branches:security - Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792) * add fipscheck-fips.h_not_needed.patch - Drop obsolete openssl-1_1-port.patch (upstream) OBS-URL: https://build.opensuse.org/request/show/731275 OBS-URL: https://build.opensuse.org/package/show/security/fipscheck?expand=0&rev=21 --- fipscheck-dont_generate_manpages.patch | 2 +- fipscheck-fips.h_not_needed.patch | 12 +++++++ fipscheck.changes | 8 +++++ fipscheck.spec | 14 ++------ openssl-1_1-port.patch | 50 -------------------------- 5 files changed, 24 insertions(+), 62 deletions(-) create mode 100644 fipscheck-fips.h_not_needed.patch delete mode 100644 openssl-1_1-port.patch diff --git a/fipscheck-dont_generate_manpages.patch b/fipscheck-dont_generate_manpages.patch index 414849b..03f2164 100644 --- a/fipscheck-dont_generate_manpages.patch +++ b/fipscheck-dont_generate_manpages.patch @@ -1,7 +1,7 @@ Index: fipscheck-1.5.0/man/Makefile.in =================================================================== --- fipscheck-1.5.0.orig/man/Makefile.in 2017-02-23 15:49:16.000000000 +0100 -+++ fipscheck-1.5.0/man/Makefile.in 2019-01-03 12:03:26.003429620 +0100 ++++ fipscheck-1.5.0/man/Makefile.in 2019-09-16 12:46:20.335487000 +0200 @@ -567,7 +567,7 @@ uninstall-man: uninstall-man3 uninstall- diff --git a/fipscheck-fips.h_not_needed.patch b/fipscheck-fips.h_not_needed.patch new file mode 100644 index 0000000..38128ed --- /dev/null +++ b/fipscheck-fips.h_not_needed.patch @@ -0,0 +1,12 @@ +Index: fipscheck-1.5.0/src/filehmac.c +=================================================================== +--- fipscheck-1.5.0.orig/src/filehmac.c 2019-09-16 12:47:15.843827233 +0200 ++++ fipscheck-1.5.0/src/filehmac.c 2019-09-16 12:47:20.847857908 +0200 +@@ -41,7 +41,6 @@ + #include + + #if defined(WITH_OPENSSL) +-#include + #include + #include + #elif defined(WITH_NSS) diff --git a/fipscheck.changes b/fipscheck.changes index a8bc7cd..2a5e44c 100644 --- a/fipscheck.changes +++ b/fipscheck.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Sep 16 10:48:51 UTC 2019 - Vítězslav Čížek + +- Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 + (bsc#1149792) + * add fipscheck-fips.h_not_needed.patch +- Drop obsolete openssl-1_1-port.patch (upstream) + ------------------------------------------------------------------- Thu Jan 3 11:08:27 UTC 2019 - Vítězslav Čížek diff --git a/fipscheck.spec b/fipscheck.spec index 4d66cb1..d6af6f8 100644 --- a/fipscheck.spec +++ b/fipscheck.spec @@ -26,20 +26,14 @@ Summary: A library for integrity verification of FIPS validated modules License: BSD-2-Clause Group: Development/Libraries/C and C++ URL: https://releases.pagure.org/%{name}/ -# Source0 is a local file because current version is 1.5.0, -# but the latest in the official release folder is 1.4.1 Source0: https://releases.pagure.org/fipscheck/%{name}-%{version}.tar.bz2 Source1: baselibs.conf -Patch0: openssl-1_1-port.patch Patch1: fipscheck-dont_generate_manpages.patch +Patch2: fipscheck-fips.h_not_needed.patch BuildRequires: autoconf BuildRequires: automake -%if 0%{?suse_version} >= 1500 -BuildRequires: libopenssl-1_0_0-devel -%else -BuildRequires: libopenssl-devel -%endif BuildRequires: libtool +BuildRequires: pkgconfig(openssl) Requires: %{lname} = %{version} %description @@ -65,10 +59,8 @@ This package contains development files for %{name}. %prep %setup -q -if pkg-config --atleast-version=1.1 openssl; then -%patch0 -p1 -fi %patch1 -p1 +%patch2 -p1 %build %configure --disable-static --libdir=/%{_lib} diff --git a/openssl-1_1-port.patch b/openssl-1_1-port.patch deleted file mode 100644 index 3bc44d1..0000000 --- a/openssl-1_1-port.patch +++ /dev/null @@ -1,50 +0,0 @@ -Index: fipscheck-1.4.1/src/filehmac.c -=================================================================== ---- fipscheck-1.4.1.orig/src/filehmac.c -+++ fipscheck-1.4.1/src/filehmac.c -@@ -166,7 +166,7 @@ compute_file_hmac(const char *path, void - int prelink = 0; - #endif - int rv = -1; -- HMAC_CTX c; -+ HMAC_CTX *c; - unsigned char rbuf[READ_BUFFER_LENGTH]; - size_t len; - unsigned int hlen; -@@ -178,7 +178,7 @@ compute_file_hmac(const char *path, void - } - } - -- HMAC_CTX_init(&c); -+ c = HMAC_CTX_new(); - - #ifdef CALL_PRELINK - if (access(PATH_PRELINK, X_OK) == 0) { -@@ -197,15 +197,15 @@ compute_file_hmac(const char *path, void - goto end; - } - -- HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256()); -+ HMAC_Init_ex(c, hmackey, sizeof(hmackey)-1, EVP_sha256(), NULL); - - while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) { -- HMAC_Update(&c, rbuf, len); -+ HMAC_Update(c, rbuf, len); - } - - len = sizeof(rbuf); - /* reuse rbuf for hmac */ -- HMAC_Final(&c, rbuf, &hlen); -+ HMAC_Final(c, rbuf, &hlen); - - *buf = malloc(hlen); - if (*buf == NULL) { -@@ -219,7 +219,7 @@ compute_file_hmac(const char *path, void - - rv = 0; - end: -- HMAC_CTX_cleanup(&c); -+ HMAC_CTX_free(c); - - if (f) - fclose(f);