Accepting request 503352 from security

- Port to OpenSSL 1.1 (bsc#1042649) Adds openssl-1_1-port.patch OBS-URL: https://build.opensuse.org/request/show/503352 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fipscheck?expand=0&rev=6
2017-06-20 09:00:59 +00:00 · 2017-06-20 09:00:59 +00:00 · af9732d021
commit af9732d021
parent 5b095a09a0 5a70e966be
3 changed files with 61 additions and 1 deletions
--- a/fipscheck.changes
+++ b/fipscheck.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jun 12 14:21:41 UTC 2017 - daniel.molkentin@suse.com
+
+- Port to OpenSSL 1.1 (bsc#1042649)
+  Adds openssl-1_1-port.patch
+
 -------------------------------------------------------------------
 Mon Apr 13 08:50:02 UTC 2015 - jengelh@inai.de

--- a/fipscheck.spec
+++ b/fipscheck.spec
@ -1,7 +1,7 @@
 #
 # spec file for package fipscheck
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -27,6 +27,7 @@ Group:          Development/Libraries/C and C++
 Url:            http://fedorahosted.org/fipscheck/
 Source0:        http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
+Patch0:         openssl-1_1-port.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libopenssl-devel >= 0.9.8j
 Requires:       %{lname} = %{version}
@ -57,6 +58,9 @@ This package contains development files for %{name}.

 %prep
 %setup -q
+if pkg-config --atleast-version=1.1 openssl; then
+%patch0 -p1
+fi

 %build
 %configure --disable-static --libdir=/%{_lib}
--- a/openssl-1_1-port.patch
+++ b/openssl-1_1-port.patch
@ -0,0 +1,50 @@
+Index: fipscheck-1.4.1/src/filehmac.c
+===================================================================
+--- fipscheck-1.4.1.orig/src/filehmac.c
+++ fipscheck-1.4.1/src/filehmac.c
+@@ -166,7 +166,7 @@ compute_file_hmac(const char *path, void
+ 	int prelink = 0;
+ #endif
+ 	int rv = -1;
+-	HMAC_CTX c;
+	HMAC_CTX *c;
+ 	unsigned char rbuf[READ_BUFFER_LENGTH];
+ 	size_t len;
+ 	unsigned int hlen;
+@@ -178,7 +178,7 @@ compute_file_hmac(const char *path, void
+ 		}
+ 	}
+ 
+-	HMAC_CTX_init(&c);
+	c = HMAC_CTX_new();
+ 
+ #ifdef CALL_PRELINK
+ 	if (access(PATH_PRELINK, X_OK) == 0) {
+@@ -197,15 +197,15 @@ compute_file_hmac(const char *path, void
+ 		goto end;
+ 	}
+ 
+-	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+	HMAC_Init_ex(c, hmackey, sizeof(hmackey)-1, EVP_sha256(), NULL);
+ 
+ 	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+-		HMAC_Update(&c, rbuf, len);
+		HMAC_Update(c, rbuf, len);
+ 	}
+ 
+ 	len = sizeof(rbuf);
+ 	/* reuse rbuf for hmac */
+-	HMAC_Final(&c, rbuf, &hlen);
+	HMAC_Final(c, rbuf, &hlen);
+ 
+ 	*buf = malloc(hlen);
+ 	if (*buf == NULL) {
+@@ -219,7 +219,7 @@ compute_file_hmac(const char *path, void
+ 
+ 	rv = 0;
+ end:
+-	HMAC_CTX_cleanup(&c);
+	HMAC_CTX_free(c);
+ 
+ 	if (f)
+ 		fclose(f);