openssl/openssl-gcc-attributes.patch

--- openssl-1.0.1g.orig/crypto/cryptlib.h
+++ openssl-1.0.1g/crypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta,...);
+void OPENSSL_showfatal(const char *fmta,...) __attribute__ ((format (printf, 1, 2)));
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 
--- openssl-1.0.1g.orig/crypto/crypto.h
+++ openssl-1.0.1g/crypto/crypto.h
@@ -487,15 +487,15 @@ void CRYPTO_get_mem_debug_functions(void
 				    void (**so)(long),
 				    long (**go)(void));
 
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
+void *CRYPTO_malloc_locked(int num, const char *file, int line) __attribute__((alloc_size(1)));
 void CRYPTO_free_locked(void *ptr);
-void *CRYPTO_malloc(int num, const char *file, int line);
+void *CRYPTO_malloc(int num, const char *file, int line) __attribute__((alloc_size(1)));
 char *CRYPTO_strdup(const char *str, const char *file, int line);
 void CRYPTO_free(void *ptr);
-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+void *CRYPTO_realloc(void *addr,int num, const char *file, int line) __attribute__((alloc_size(2)));
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
-			   int line);
-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+			   int line) __attribute__((alloc_size(3)));
+void *CRYPTO_remalloc(void *addr,int num, const char *file, int line) __attribute__((alloc_size(2)));
 
 void OPENSSL_cleanse(void *ptr, size_t len);
 
--- openssl-1.0.1g.orig/crypto/buffer/buffer.h
+++ openssl-1.0.1g/crypto/buffer/buffer.h
@@ -87,7 +87,7 @@ int	BUF_MEM_grow(BUF_MEM *str, size_t le
 int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *	BUF_strdup(const char *str);
 char *	BUF_strndup(const char *str, size_t siz);
-void *	BUF_memdup(const void *data, size_t siz);
+void *	BUF_memdup(const void *data, size_t siz) __attribute__((alloc_size(2)));
 void	BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 
 /* safe string functions */
osc copypac from project:openSUSE:Factory package:openssl revision:111 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=113 2014-04-18 11:07:25 +02:00			`--- openssl-1.0.1g.orig/crypto/cryptlib.h`
			`+++ openssl-1.0.1g/crypto/cryptlib.h`
			`@@ -100,7 +100,7 @@ extern "C" {`

			`void OPENSSL_cpuid_setup(void);`
			`extern unsigned int OPENSSL_ia32cap_P[];`
			`-void OPENSSL_showfatal(const char *fmta,...);`
			`+void OPENSSL_showfatal(const char *fmta,...) __attribute__ ((format (printf, 1, 2)));`
			`void *OPENSSL_stderr(void);`
			`extern int OPENSSL_NONPIC_relocated;`

			`--- openssl-1.0.1g.orig/crypto/crypto.h`
			`+++ openssl-1.0.1g/crypto/crypto.h`
			`@@ -487,15 +487,15 @@ void CRYPTO_get_mem_debug_functions(void`
			`void (**so)(long),`
			`long (**go)(void));`

			`-void CRYPTO_malloc_locked(int num, const char file, int line);`
			`+void CRYPTO_malloc_locked(int num, const char file, int line) __attribute__((alloc_size(1)));`
			`void CRYPTO_free_locked(void *ptr);`
			`-void CRYPTO_malloc(int num, const char file, int line);`
			`+void CRYPTO_malloc(int num, const char file, int line) __attribute__((alloc_size(1)));`
			`char CRYPTO_strdup(const char str, const char *file, int line);`
			`void CRYPTO_free(void *ptr);`
			`-void CRYPTO_realloc(void addr,int num, const char *file, int line);`
			`+void CRYPTO_realloc(void addr,int num, const char *file, int line) __attribute__((alloc_size(2)));`
			`void CRYPTO_realloc_clean(void addr,int old_num,int num,const char *file,`
			`- int line);`
			`-void CRYPTO_remalloc(void addr,int num, const char *file, int line);`
Accepting request 231108 from Base:System - Build everything with full RELRO (-Wl,-z,relro,-z,now) - Remove -fstack-protector from the hardcoded build options it is already in RPM_OPT_FLAGS and is replaced by -fstack-protector-strong with gcc 4.9 - Remove the "gmp" and "capi" shared engines, nobody noticed but they are just dummies that do nothing. - Use enable-rfc3779 to allow projects such as rpki.net to work in openSUSE and match the functionality available in Debian/Fedora/etc - openssl-buffreelistbug-aka-CVE-2010-5298.patch fix CVE-2010-5298 and disable the internal BUF_FREELISTS functionality. it hides bugs like heartbleed and is there only for systems on which malloc() free() are slow. - ensure we export MALLOC_CHECK and PERTURB during the test suite, now that the freelist functionality is disabled it will help to catch bugs before they hit users. - openssl-libssl-noweakciphers.patch do not offer "export" or "low" quality ciphers by default. using such ciphers is not forbidden but requires an explicit request - openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does not return memory of "num * old_num" but only "num" size fortunately this function is currently unused. (forwarded request 230868 from elvigia) OBS-URL: https://build.opensuse.org/request/show/231108 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=114 2014-04-26 17:01:45 +02:00			`+ int line) __attribute__((alloc_size(3)));`
osc copypac from project:openSUSE:Factory package:openssl revision:111 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=113 2014-04-18 11:07:25 +02:00			`+void CRYPTO_remalloc(void addr,int num, const char *file, int line) __attribute__((alloc_size(2)));`

			`void OPENSSL_cleanse(void *ptr, size_t len);`

Accepting request 232889 from Base:System - 0005-libssl-Hide-library-private-symbols.patch Update to hide more symbols that are not part of the public API - openssl-gcc-attributes.patch BUF_memdup also needs attribute alloc_size as it returns memory of size of the second parameter. - openssl-ocloexec.patch Update, accept() also needs O_CLOEXEC. - 0009-Fix-double-frees.patch, 0017-Double-free-in-i2o_ECPublicKey.patch fix various double frees (from upstream) - 012-Fix-eckey_priv_encode.patch eckey_priv_encode should return an error inmediately on failure of i2d_ECPrivateKey (from upstream) - 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch From libressl, modified to work on linux systems that do not have funopen() but fopencookie() instead. Once upon a time, OS didn't have snprintf, which caused openssl to bundle a *printf implementation. We know better nowadays, the glibc implementation has buffer overflow checking, has sane failure modes deal properly with threads, signals..etc.. - build with -fno-common as well. (forwarded request 232752 from elvigia) OBS-URL: https://build.opensuse.org/request/show/232889 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=116 2014-05-09 06:57:35 +02:00			`--- openssl-1.0.1g.orig/crypto/buffer/buffer.h`
			`+++ openssl-1.0.1g/crypto/buffer/buffer.h`
			`@@ -87,7 +87,7 @@ int BUF_MEM_grow(BUF_MEM *str, size_t le`
			`int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);`
			`char * BUF_strdup(const char *str);`
			`char * BUF_strndup(const char *str, size_t siz);`
			`-void * BUF_memdup(const void *data, size_t siz);`
			`+void * BUF_memdup(const void *data, size_t siz) __attribute__((alloc_size(2)));`
			`void BUF_reverse(unsigned char out, const unsigned char in, size_t siz);`

			`/* safe string functions */`