From 687459c580ab466d41c4d58216fdabc521ca2b90cb8af7e35c36af4729b5d9e0 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Sat, 17 Jul 2021 09:30:23 +0000
Subject: [PATCH] Accepting request 906781 from security:tls:unstable

OBS-URL: https://build.opensuse.org/request/show/906781
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=27
---
 openssl-3.0.0-alpha16.tar.gz     |  3 --
 openssl-3.0.0-alpha16.tar.gz.asc | 11 -------
 openssl-3.0.0-beta1.tar.gz       |  3 ++
 openssl-3.0.0-beta1.tar.gz.asc   | 11 +++++++
 openssl-3.changes                | 49 +++++++++++++++++++++++++++-
 openssl-3.spec                   |  9 ++++--
 openssl-ppc64-fix-build.patch    | 55 ++++++++++++++++++++++++++++++++
 7 files changed, 123 insertions(+), 18 deletions(-)
 delete mode 100644 openssl-3.0.0-alpha16.tar.gz
 delete mode 100644 openssl-3.0.0-alpha16.tar.gz.asc
 create mode 100644 openssl-3.0.0-beta1.tar.gz
 create mode 100644 openssl-3.0.0-beta1.tar.gz.asc
 create mode 100644 openssl-ppc64-fix-build.patch

diff --git a/openssl-3.0.0-alpha16.tar.gz b/openssl-3.0.0-alpha16.tar.gz
deleted file mode 100644
index b7a3da7..0000000
--- a/openssl-3.0.0-alpha16.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08ce8244b59d75f40f91170dfcb012bf25309cdcb1fef9502e39d694f883d1d1
-size 14491795
diff --git a/openssl-3.0.0-alpha16.tar.gz.asc b/openssl-3.0.0-alpha16.tar.gz.asc
deleted file mode 100644
index 1d6a65d..0000000
--- a/openssl-3.0.0-alpha16.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEyBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3csACgkQ2cTSbQ5g
-RJHKXQf4pr540Byd8XODtO0TE/CL1LSRKMGfkA7b0gtjApNQinuF75RjMAwFrGCe
-kR+ghu+JiSgH7oavVSwzappJcjKhfG0bu6HHUPnss07h3pB22SPuF9dc6DUP62t0
-l1ML0gyBpG/zUI83L8a7Zi7LmVXjgKf18Ie0KPa7NjCdpqmGKICCLxt/fyFGBiaK
-Z9yXYswFHwK8B+pjTn/Fc9LUL5Pwqmhu8plt9XAklT0ANmogoAoazuotAup5nUbf
-uzYvFy3VRanPi0/3xToefG/EjuFCsWnldmpEiCuGBNpsu33N3v2+vzeNK6NEYKKc
-VMmnPyM2kMd4ZeJ5xapUKELS5jzX
-=8r5H
------END PGP SIGNATURE-----
diff --git a/openssl-3.0.0-beta1.tar.gz b/openssl-3.0.0-beta1.tar.gz
new file mode 100644
index 0000000..5be8995
--- /dev/null
+++ b/openssl-3.0.0-beta1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7bfedc9a1062cbd2aabc294acc93cbd5259e6e7bd5bbe38e454cc6a32564029f
+size 14878832
diff --git a/openssl-3.0.0-beta1.tar.gz.asc b/openssl-3.0.0-beta1.tar.gz.asc
new file mode 100644
index 0000000..0d506fc
--- /dev/null
+++ b/openssl-3.0.0-beta1.tar.gz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmDLSDUACgkQ2cTSbQ5g
+RJHqsQgAqrgdOsgiCVf9PXigEr27njVGZ8t/qSsqJOKQ+MTf6Fpu66yj4h6bJOF+
+0dODk+ahur4Aw70Zi1BDG5xqo95KhdgFioGorE7+JxapNh5p/mYqlddFVhGUmNaR
+9HjKOLSKolQ2vJ1SdNlO8xXFeHcdALuDQUo3M5ql+pDIhses5vWKntR3u0UxYSu1
+VLiP1ERv8VzC7Fc62yX0pKifVATr/vub+KCxbVl4v8ESdggKYLeqIbFJlGdO8Wfs
+jEiG3mLe/WMdgiVbzPLRrAHvlcuf6gLKy/AG0vRT9qIgjO0ZvAER2mglDRsRIIMJ
+Oh3N7eRWL4syrorPRV+h+AHyvKQ9WA==
+=YLhM
+-----END PGP SIGNATURE-----
diff --git a/openssl-3.changes b/openssl-3.changes
index 5413f0f..a780c5b 100644
--- a/openssl-3.changes
+++ b/openssl-3.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Mon Jul  5 14:29:05 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.0 Beta 1
+  * Add a configurable flag to output date formats as ISO 8601.
+    Does not change the default date format.
+  * Version of MSVC earlier than 1300 could get link warnings, which
+    could be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049
+    was set. Support for this flag has been removed.
+  * Rework and make DEBUG macros consistent. Remove unused
+    -DCONF_DEBUG, -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing
+    category and use it for printing reference counts. Rename
+    -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG. Fix BN_DEBUG_RAND so it
+    compiles and, when set, force DEBUG_RAND to be set also. Rename
+    engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
+  * The public definitions of conf_method_st and conf_st have been
+    deprecated. They will be made opaque in a future release.
+  * Many functions in the EVP_ namespace that are getters of values
+    from implementations or contexts were renamed to include get or
+    get0 in their names. Old names are provided as macro aliases for
+    compatibility and are not deprecated.
+  * PKCS#5 PBKDF1 key derivation has been moved from PKCS5_PBE_keyivgen()
+    into the legacy crypto provider as an EVP_KDF. Applications requiring
+    this KDF will need to load the legacy crypto provider. This includes
+    these PBE algorithms which use this KDF:
+     - NID_pbeWithMD2AndDES_CBC     - NID_pbeWithMD5AndDES_CBC
+     - NID_pbeWithSHA1AndRC2_CBC    - NID_pbeWithMD2AndRC2_CBC
+     - NID_pbeWithMD5AndRC2_CBC     - NID_pbeWithSHA1AndDES_CBC
+  * Deprecated obsolete BIO_set_callback(), BIO_get_callback(), and
+    BIO_debug_callback() functions.
+- Fix build on ppc and ppc64
+  * Add openssl-ppc64-fix-build.patch
+  * See https://github.com/openssl/openssl/issues/15923
+
+-------------------------------------------------------------------
+Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.0 Alpha 17
+  * Added migration guide to man7
+  * Implemented support for fully "pluggable" TLSv1.3 groups
+  * Added convenience functions for generating asymmetric key pairs.
+  * Added a proper HTTP client supporting GET with optional redirection,
+    POST, arbitrary request and response content types, TLS, persistent
+    connections, connections via HTTP(s) proxies, connections and
+    exchange via user-defined BIOs (allowing implicit connections), and
+    timeout checks.
+
 -------------------------------------------------------------------
 Mon May 10 02:13:06 UTC 2021 - Jason Sikes <jsikes@suse.com>
 
@@ -45,7 +92,7 @@ Sat May  1 19:58:48 UTC 2021 - Jason Sikes <jsikes@suse.com>
   * Parameter and key generation is also reworked to make it possible
     to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
     SM2 keys directly and must not create an EVP_PKEY_EC key first.
-    
+
 -------------------------------------------------------------------
 Wed Apr 14 17:55:21 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/openssl-3.spec b/openssl-3.spec
index 32c83c0..7262017 100644
--- a/openssl-3.spec
+++ b/openssl-3.spec
@@ -20,7 +20,7 @@
 %define sover 3
 %define _rname  openssl
 %define vernum 3.0.0
-%define relnum alpha16
+%define relnum beta1
 %define dash_version %{vernum}-%{relnum}
 Name:           openssl-3
 # Don't forget to update the version in the "openssl" package!
@@ -42,9 +42,11 @@ Source5:        showciphers.c
 Patch1:         openssl-1.1.0-no-html.patch
 Patch2:         openssl-truststore.patch
 Patch3:         openssl-pkgconfig.patch
-#Patch4:         openssl-DEFAULT_SUSE_cipher.patch
+Patch4:         openssl-DEFAULT_SUSE_cipher.patch
 Patch5:         openssl-ppc64-config.patch
 Patch6:         openssl-no-date.patch
+# Fix build on ppc/ppc64: github.com/openssl/openssl/issues/15923
+Patch7:         openssl-ppc64-fix-build.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
@@ -114,6 +116,7 @@ export MACHINE=armv6l
 
 ./config \
     no-idea \
+    no-ec2m \
     enable-rfc3779 \
 %ifarch x86_64 aarch64 ppc64le
     enable-ec_nistp_64_gcc_128 \
@@ -204,7 +207,7 @@ cp %{SOURCE5} .
 %{_libdir}/libcrypto.so.%{sover}
 %{_libdir}/engines-%{sover}
 %dir %{_libdir}/ossl-modules
-#%{_libdir}/ossl-modules/fips.so
+#%%{_libdir}/ossl-modules/fips.so
 %{_libdir}/ossl-modules/legacy.so
 
 %files -n libopenssl-3-devel
diff --git a/openssl-ppc64-fix-build.patch b/openssl-ppc64-fix-build.patch
new file mode 100644
index 0000000..dcdd8f9
--- /dev/null
+++ b/openssl-ppc64-fix-build.patch
@@ -0,0 +1,55 @@
+From d18f9e0354894a5d3d86b9b0b09acc5953766e54 Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Thu, 1 Jul 2021 14:23:50 +1000
+Subject: [PATCH 1/3] bn: Use a basic branch-if-not-zero
+
+Ancient toolchains fail the build because they don't like the hints,
+newer ISAs recommend not using the hints and relying on dynamic branch
+prediction.
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+---
+ crypto/bn/asm/ppc64-mont-fixed.pl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: openssl-3.0.0-beta1/crypto/bn/asm/ppc64-mont-fixed.pl
+===================================================================
+--- openssl-3.0.0-beta1.orig/crypto/bn/asm/ppc64-mont-fixed.pl
++++ openssl-3.0.0-beta1/crypto/bn/asm/ppc64-mont-fixed.pl
+@@ -267,7 +267,7 @@ ___
+ 	addze		$tp[$n],$tp[$n+1]
+ 
+ 	addi		$i,$i,$SIZE_T
+-	bc		25,0,$label->{"outer"}
++	bdnz		$label->{"outer"}
+ 
+ 	and.		$tp[$n],$tp[$n],$tp[$n]
+ 	bne		$label->{"sub"}
+@@ -322,7 +322,7 @@ ___
+ 	$self->add_code(<<___);
+ 	li		r3,1
+ 	blr
+-.size ${fname},.-${fname}
++.size .${fname},.-.${fname}
+ ___
+ 
+ }
+Index: openssl-3.0.0-beta1/crypto/ppccap.c
+===================================================================
+--- openssl-3.0.0-beta1.orig/crypto/ppccap.c
++++ openssl-3.0.0-beta1/crypto/ppccap.c
+@@ -68,12 +68,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U
+      * no opportunity to figure it out...
+      */
+ 
++#if defined(_ARCH_PPC64)
+     if (num == 6) {
+         if (OPENSSL_ppccap_P & PPC_MADD300)
+             return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
+         else
+             return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
+     }
++#endif
+ 
+     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+ }