diff --git a/openssl-3.0.0-alpha4.tar.gz b/openssl-3.0.0-alpha4.tar.gz deleted file mode 100644 index cbc39f0..0000000 --- a/openssl-3.0.0-alpha4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d930b650e0899f5baca8b80c50e7401620c129fef6c50198400999776a39bd37 -size 13884897 diff --git a/openssl-3.0.0-alpha4.tar.gz.asc b/openssl-3.0.0-alpha4.tar.gz.asc deleted file mode 100644 index 26bd9c6..0000000 --- a/openssl-3.0.0-alpha4.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl70rYcACgkQ2cTSbQ5g -RJFsRwgAlrEhcEjqVsAVXNB9q7vGKkGzugDwKydXJuYel95dQFR9doiRDPG1iHXa -MVXIcZoSsOdm+DBm9qRzTbYQgVKbtFJYQVO/Q+AzSi9HihS9Nq9vdXt2xkpQhb5N -KewzA8LSZOZWJBaqP1JAyAECl8bfgln4x05vrDNpzJfDOkO8z+tgI1BZNaGZk81s -C5l3MP35gOj7XAdwCQBzRY/0S6OppUL+qtdyORQPf2PcjXoXZ90ncHISb7nMR5Io -uw2K/AiDSPcoIAuku1JO5HSgr8Py5FfrJMWrfJnsrHRX48wTV2EwDutjWYSd892C -ft7Yy8C7VFnY6NLB4ts/zmgApScMBA== -=k+We ------END PGP SIGNATURE----- diff --git a/openssl-3.0.0-alpha5.tar.gz b/openssl-3.0.0-alpha5.tar.gz new file mode 100644 index 0000000..f849d2c --- /dev/null +++ b/openssl-3.0.0-alpha5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:09ad89af04cbf36dbbce1fc7063e18fcc333fcaaf3eccecf22c4a99bac83e139 +size 13919931 diff --git a/openssl-3.0.0-alpha5.tar.gz.asc b/openssl-3.0.0-alpha5.tar.gz.asc new file mode 100644 index 0000000..1cc761f --- /dev/null +++ b/openssl-3.0.0-alpha5.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJIBAABCgAyFiEEeVOsH7w9yLOykjk+1enkP3357owFAl8QVLgUHGxldml0dGVA +b3BlbnNzbC5vcmcACgkQ1enkP3357oxYpA//REAEr+T8YIxYRWxLUAayzxuWMA1a +vYWUg6Z2CJWVG1w/JNmrbWNgoeJNdnYe80uFeMLBvJhe7nbq2mOrUQ/IrlzVyT5F +Tg5upCRTeiCnX36sOG+Bkw6RMIccqQH1Rjrmib6TAfvlmqOoALDM9COSqIEDpG9L +h0B++LjDfeFwsbXR5dvU5ZJCv+RvO7vg+uTOryphEi8XeyNmelQJSpH7XNVnw81i ++/dac5rup/wkTHA8yUJQ4OpSy2tC8Ht+WdluNEsT6+ewxiuVM3PQ7NAWSYtNiWzG +eEZPM27yrY+xSBkIPvtzWDZ0e7EUU/SH2dsSYBsuk7lO2fSqBS9er3oe67tw/Gax +W67ei+aMbEGoSkN1JCtsCjzcMp/QZ+5932pWy/d76I4smCxdmaJd5O/B0y4O1FQv +6jrquxowzPtirKEm5qEW9xC85fsrCj6kFp3YhhlRh9I4UtZ9DX7cM+FwVE71khE8 ++hyZqjGT4aE9auxMI7+rk/xirEmNbIQhEwDVQhuSgSHLDC4P1ITPS8MPMasFLfdI +crhpjA+N1Q2sSzB2/mlGvgTtvin+Plj7rDJawd69drm59y59Z19nfMYkRPxzXDS/ +kSYAOF42KrUMZf9+MP8hWiaeC1nM8iqz619NNF/WbBh583ujaFNbThgbJoPgTQLD +fA3L8F13TU3zuXE= +=L52Y +-----END PGP SIGNATURE----- diff --git a/openssl-3.changes b/openssl-3.changes index 57b488f..3f4ac8e 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Fri Jul 17 08:34:45 UTC 2020 - Pedro Monreal Gonzalez + +- Update to 3.0.0 Alpha 5 + * Deprecated the 'ENGINE' API. Engines should be replaced with + providers going forward. + * Reworked the recorded ERR codes to make better space for system errors. + To distinguish them, the macro 'ERR_SYSTEM_ERROR()' indicates + if the given code is a system error (true) or an OpenSSL error (false). + * Reworked the test perl framework to better allow parallel testing. + * Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and + AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported. + * 'Configure' has been changed to figure out the configuration target if + none is given on the command line. Consequently, the 'config' script is + now only a mere wrapper. All documentation is changed to only mention + 'Configure'. + * Added a library context that applications as well as other libraries can use + to form a separate context within which libcrypto operations are performed. + - There are two ways this can be used: + 1) Directly, by passing a library context to functions that take + such an argument, such as 'EVP_CIPHER_fetch' and similar algorithm + fetching functions. + 2) Indirectly, by creating a new library context and then assigning + it as the new default, with 'OPENSSL_CTX_set0_default'. + - All public OpenSSL functions that take an 'OPENSSL_CTX' pointer, + apart from the functions directly related to 'OPENSSL_CTX', accept + NULL to indicate that the default library context should be used. + - Library code that changes the default library context using + 'OPENSSL_CTX_set0_default' should take care to restore it with a + second call before returning to the caller. + * The security strength of SHA1 and MD5 based signatures in TLS has been + reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer + working at the default security level of 1 and instead requires security + level 0. The security level can be changed either using the cipher string + with @SECLEVEL, or calling SSL_CTX_set_security_level(). + * The SSL option SSL_OP_CLEANSE_PLAINTEXT is introduced. If that option is + set, openssl cleanses (zeroize) plaintext bytes from internal buffers + after delivering them to the application. Note, the application is still + responsible for cleansing other copies (e.g.: data received by SSL_read(3)). +- Update openssl-ppc64-config.patch + ------------------------------------------------------------------- Fri Jun 26 07:20:40 UTC 2020 - Vítězslav Čížek diff --git a/openssl-3.spec b/openssl-3.spec index a5557ba..ee7eddf 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -20,7 +20,7 @@ %define sover 3 %define _rname openssl %define vernum 3.0.0 -%define relnum alpha4 +%define relnum alpha5 %define dash_version %{vernum}-%{relnum} Name: openssl-3 # Don't forget to update the version in the "openssl" package! @@ -199,7 +199,7 @@ cp %{SOURCE5} . %postun -n libopenssl3 -p /sbin/ldconfig %files -n libopenssl3 -%license LICENSE +%license LICENSE.txt %{_libdir}/libssl.so.%{sover} %{_libdir}/libcrypto.so.%{sover} %{_libdir}/engines-%{sover} diff --git a/openssl-ppc64-config.patch b/openssl-ppc64-config.patch index 02724c0..1efc39d 100644 --- a/openssl-ppc64-config.patch +++ b/openssl-ppc64-config.patch @@ -1,18 +1,32 @@ -Index: openssl-1.1.1-pre3/config +Index: openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm =================================================================== ---- openssl-1.1.1-pre3.orig/config 2018-03-20 15:24:38.037441210 +0100 -+++ openssl-1.1.1-pre3/config 2018-03-20 15:26:20.163043492 +0100 -@@ -552,12 +552,7 @@ case "$GUESSOS" in - OUT="linux-ppc64" - else - OUT="linux-ppc" -- if (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null); then -- :; -- else -- __CNF_CFLAGS="$__CNF_CFLAGS -m32" -- __CNF_CXXFLAGS="$__CNF_CXXFLAGS -m32" -- fi -+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || OUT="linux-ppc64" - fi - ;; - ppc64le-*-linux2) OUT="linux-ppc64le" ;; +--- openssl-3.0.0-alpha5.orig/util/perl/OpenSSL/config.pm ++++ openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm +@@ -525,14 +525,19 @@ EOF + return { target => "linux-ppc64" } if $KERNEL_BITS eq '64'; + + my %config = (); +- if (!okrun('echo __LP64__', +- 'gcc -E -x c - 2>/dev/null', +- 'grep "^__LP64__" 2>&1 >/dev/null') ) { +- %config = ( cflags => [ '-m32' ], +- cxxflags => [ '-m32' ] ); +- } +- return { target => "linux-ppc", +- %config }; ++ # ## ++ # if (!okrun('echo __LP64__', 'gcc -E -x c - 2>/dev/null', 'grep "^__LP64__" 2>&1 >/dev/null') ) { %config = ( cflags => [ '-m32' ], cxxflags => [ '-m32' ] ); } ++ # return { target => "linux-ppc", ++ # %config }; ++ # ## ++ if (okrun('echo __LP64__', 'gcc -E -x c - 2>/dev/null', ++ 'grep "^__LP64__" 2>&1 >/dev/null') ) ++ { ++ return { target => "linux-ppc", %config }; ++ } else { ++ return { target => "linux-ppc64", %config }; ++ } ++ ## + } + ], + [ 'ppc64le-.*-linux2', { target => "linux-ppc64le" } ],