Accepting request 906781 from security:tls:unstable

OBS-URL: https://build.opensuse.org/request/show/906781 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=27
2021-07-17 09:30:23 +00:00 · 2021-07-17 09:30:23 +00:00 · 687459c580
commit 687459c580
parent 2830ba6131
7 changed files with 123 additions and 18 deletions
--- a/openssl-3.0.0-alpha16.tar.gz
+++ b/openssl-3.0.0-alpha16.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08ce8244b59d75f40f91170dfcb012bf25309cdcb1fef9502e39d694f883d1d1
-size 14491795
--- a/openssl-3.0.0-alpha16.tar.gz.asc
+++ b/openssl-3.0.0-alpha16.tar.gz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEyBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3csACgkQ2cTSbQ5g
-RJHKXQf4pr540Byd8XODtO0TE/CL1LSRKMGfkA7b0gtjApNQinuF75RjMAwFrGCe
-kR+ghu+JiSgH7oavVSwzappJcjKhfG0bu6HHUPnss07h3pB22SPuF9dc6DUP62t0
-l1ML0gyBpG/zUI83L8a7Zi7LmVXjgKf18Ie0KPa7NjCdpqmGKICCLxt/fyFGBiaK
-Z9yXYswFHwK8B+pjTn/Fc9LUL5Pwqmhu8plt9XAklT0ANmogoAoazuotAup5nUbf
-uzYvFy3VRanPi0/3xToefG/EjuFCsWnldmpEiCuGBNpsu33N3v2+vzeNK6NEYKKc
-VMmnPyM2kMd4ZeJ5xapUKELS5jzX
-=8r5H
-----END PGP SIGNATURE-----
--- a/openssl-3.0.0-beta1.tar.gz
+++ b/openssl-3.0.0-beta1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7bfedc9a1062cbd2aabc294acc93cbd5259e6e7bd5bbe38e454cc6a32564029f
+size 14878832
--- a/openssl-3.0.0-beta1.tar.gz.asc
+++ b/openssl-3.0.0-beta1.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmDLSDUACgkQ2cTSbQ5g
+RJHqsQgAqrgdOsgiCVf9PXigEr27njVGZ8t/qSsqJOKQ+MTf6Fpu66yj4h6bJOF+
+0dODk+ahur4Aw70Zi1BDG5xqo95KhdgFioGorE7+JxapNh5p/mYqlddFVhGUmNaR
+9HjKOLSKolQ2vJ1SdNlO8xXFeHcdALuDQUo3M5ql+pDIhses5vWKntR3u0UxYSu1
+VLiP1ERv8VzC7Fc62yX0pKifVATr/vub+KCxbVl4v8ESdggKYLeqIbFJlGdO8Wfs
+jEiG3mLe/WMdgiVbzPLRrAHvlcuf6gLKy/AG0vRT9qIgjO0ZvAER2mglDRsRIIMJ
+Oh3N7eRWL4syrorPRV+h+AHyvKQ9WA==
+=YLhM
+-----END PGP SIGNATURE-----
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Mon Jul  5 14:29:05 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.0 Beta 1
+  * Add a configurable flag to output date formats as ISO 8601.
+    Does not change the default date format.
+  * Version of MSVC earlier than 1300 could get link warnings, which
+    could be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049
+    was set. Support for this flag has been removed.
+  * Rework and make DEBUG macros consistent. Remove unused
+    -DCONF_DEBUG, -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing
+    category and use it for printing reference counts. Rename
+    -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG. Fix BN_DEBUG_RAND so it
+    compiles and, when set, force DEBUG_RAND to be set also. Rename
+    engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
+  * The public definitions of conf_method_st and conf_st have been
+    deprecated. They will be made opaque in a future release.
+  * Many functions in the EVP_ namespace that are getters of values
+    from implementations or contexts were renamed to include get or
+    get0 in their names. Old names are provided as macro aliases for
+    compatibility and are not deprecated.
+  * PKCS#5 PBKDF1 key derivation has been moved from PKCS5_PBE_keyivgen()
+    into the legacy crypto provider as an EVP_KDF. Applications requiring
+    this KDF will need to load the legacy crypto provider. This includes
+    these PBE algorithms which use this KDF:
+     - NID_pbeWithMD2AndDES_CBC     - NID_pbeWithMD5AndDES_CBC
+     - NID_pbeWithSHA1AndRC2_CBC    - NID_pbeWithMD2AndRC2_CBC
+     - NID_pbeWithMD5AndRC2_CBC     - NID_pbeWithSHA1AndDES_CBC
+  * Deprecated obsolete BIO_set_callback(), BIO_get_callback(), and
+    BIO_debug_callback() functions.
+- Fix build on ppc and ppc64
+  * Add openssl-ppc64-fix-build.patch
+  * See https://github.com/openssl/openssl/issues/15923
+
+-------------------------------------------------------------------
+Fri Jun 11 13:17:54 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.0 Alpha 17
+  * Added migration guide to man7
+  * Implemented support for fully "pluggable" TLSv1.3 groups
+  * Added convenience functions for generating asymmetric key pairs.
+  * Added a proper HTTP client supporting GET with optional redirection,
+    POST, arbitrary request and response content types, TLS, persistent
+    connections, connections via HTTP(s) proxies, connections and
+    exchange via user-defined BIOs (allowing implicit connections), and
+    timeout checks.
+
 -------------------------------------------------------------------
 Mon May 10 02:13:06 UTC 2021 - Jason Sikes <jsikes@suse.com>

--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -20,7 +20,7 @@
 %define sover 3
 %define _rname  openssl
 %define vernum 3.0.0
-%define relnum alpha16
+%define relnum beta1
 %define dash_version %{vernum}-%{relnum}
 Name:           openssl-3
 # Don't forget to update the version in the "openssl" package!
@ -42,9 +42,11 @@ Source5:        showciphers.c
 Patch1:         openssl-1.1.0-no-html.patch
 Patch2:         openssl-truststore.patch
 Patch3:         openssl-pkgconfig.patch
-#Patch4:         openssl-DEFAULT_SUSE_cipher.patch
+Patch4:         openssl-DEFAULT_SUSE_cipher.patch
 Patch5:         openssl-ppc64-config.patch
 Patch6:         openssl-no-date.patch
+# Fix build on ppc/ppc64: github.com/openssl/openssl/issues/15923
+Patch7:         openssl-ppc64-fix-build.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
@ -114,6 +116,7 @@ export MACHINE=armv6l

 ./config \
    no-idea \
+    no-ec2m \
    enable-rfc3779 \
 %ifarch x86_64 aarch64 ppc64le
    enable-ec_nistp_64_gcc_128 \
@ -204,7 +207,7 @@ cp %{SOURCE5} .
 %{_libdir}/libcrypto.so.%{sover}
 %{_libdir}/engines-%{sover}
 %dir %{_libdir}/ossl-modules
-#%{_libdir}/ossl-modules/fips.so
+#%%{_libdir}/ossl-modules/fips.so
 %{_libdir}/ossl-modules/legacy.so

 %files -n libopenssl-3-devel
--- a/openssl-ppc64-fix-build.patch
+++ b/openssl-ppc64-fix-build.patch
@ -0,0 +1,55 @@
+From d18f9e0354894a5d3d86b9b0b09acc5953766e54 Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Thu, 1 Jul 2021 14:23:50 +1000
+Subject: [PATCH 1/3] bn: Use a basic branch-if-not-zero
+
+Ancient toolchains fail the build because they don't like the hints,
+newer ISAs recommend not using the hints and relying on dynamic branch
+prediction.
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+---
+ crypto/bn/asm/ppc64-mont-fixed.pl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: openssl-3.0.0-beta1/crypto/bn/asm/ppc64-mont-fixed.pl
+===================================================================
+--- openssl-3.0.0-beta1.orig/crypto/bn/asm/ppc64-mont-fixed.pl
+++ openssl-3.0.0-beta1/crypto/bn/asm/ppc64-mont-fixed.pl
+@@ -267,7 +267,7 @@ ___
+ 	addze		$tp[$n],$tp[$n+1]
+ 
+ 	addi		$i,$i,$SIZE_T
+-	bc		25,0,$label->{"outer"}
+	bdnz		$label->{"outer"}
+ 
+ 	and.		$tp[$n],$tp[$n],$tp[$n]
+ 	bne		$label->{"sub"}
+@@ -322,7 +322,7 @@ ___
+ 	$self->add_code(<<___);
+ 	li		r3,1
+ 	blr
+-.size ${fname},.-${fname}
+.size .${fname},.-.${fname}
+ ___
+ 
+ }
+Index: openssl-3.0.0-beta1/crypto/ppccap.c
+===================================================================
+--- openssl-3.0.0-beta1.orig/crypto/ppccap.c
+++ openssl-3.0.0-beta1/crypto/ppccap.c
+@@ -68,12 +68,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U
+      * no opportunity to figure it out...
+      */
+ 
+#if defined(_ARCH_PPC64)
+     if (num == 6) {
+         if (OPENSSL_ppccap_P & PPC_MADD300)
+             return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
+         else
+             return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
+     }
+#endif
+ 
+     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+ }