From 165c77cea85f2d0f6ab1c70fe812924eef13992bd506cb8ad1aa09080f701a3e Mon Sep 17 00:00:00 2001
From: Stephan Kulow <coolo@suse.com>
Date: Tue, 15 Apr 2014 05:34:09 +0000
Subject: [PATCH] Accepting request 229715 from Base:System

- openssl-gcc-attributes.patch
  * annotate memory allocation wrappers with attribute(alloc_size)
    so the compiler can tell us if it knows they are being misused
  * OPENSSL_showfatal is annotated with attribute printf to detect
    format string problems.
- It is time to try to disable SSLv2 again, it was tried a while
  ago but broke too many things, nowadays Debian, Ubuntu, the BSDs
  all have disabled it, most components are already fixed.
  I will fix the remaining fallout if any. (email me) (forwarded request 229674 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/229715
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=111
---
 openssl-gcc-attributes.patch | 34 ++++++++++++++++++++++++++++++++++
 openssl.changes              | 14 ++++++++++++++
 openssl.spec                 |  6 +++++-
 3 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 openssl-gcc-attributes.patch

diff --git a/openssl-gcc-attributes.patch b/openssl-gcc-attributes.patch
new file mode 100644
index 0000000..de2826f
--- /dev/null
+++ b/openssl-gcc-attributes.patch
@@ -0,0 +1,34 @@
+--- openssl-1.0.1g.orig/crypto/cryptlib.h
++++ openssl-1.0.1g/crypto/cryptlib.h
+@@ -100,7 +100,7 @@ extern "C" {
+ 
+ void OPENSSL_cpuid_setup(void);
+ extern unsigned int OPENSSL_ia32cap_P[];
+-void OPENSSL_showfatal(const char *fmta,...);
++void OPENSSL_showfatal(const char *fmta,...) __attribute__ ((format (printf, 1, 2)));
+ void *OPENSSL_stderr(void);
+ extern int OPENSSL_NONPIC_relocated;
+ 
+--- openssl-1.0.1g.orig/crypto/crypto.h
++++ openssl-1.0.1g/crypto/crypto.h
+@@ -487,15 +487,15 @@ void CRYPTO_get_mem_debug_functions(void
+ 				    void (**so)(long),
+ 				    long (**go)(void));
+ 
+-void *CRYPTO_malloc_locked(int num, const char *file, int line);
++void *CRYPTO_malloc_locked(int num, const char *file, int line) __attribute__((alloc_size(1)));
+ void CRYPTO_free_locked(void *ptr);
+-void *CRYPTO_malloc(int num, const char *file, int line);
++void *CRYPTO_malloc(int num, const char *file, int line) __attribute__((alloc_size(1)));
+ char *CRYPTO_strdup(const char *str, const char *file, int line);
+ void CRYPTO_free(void *ptr);
+-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
++void *CRYPTO_realloc(void *addr,int num, const char *file, int line) __attribute__((alloc_size(2)));
+ void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
+-			   int line);
+-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
++			   int line) __attribute__((alloc_size(2, 3)));
++void *CRYPTO_remalloc(void *addr,int num, const char *file, int line) __attribute__((alloc_size(2)));
+ 
+ void OPENSSL_cleanse(void *ptr, size_t len);
+ 
diff --git a/openssl.changes b/openssl.changes
index 63f1b51..45784b5 100644
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Apr 11 02:40:34 UTC 2014 - crrodriguez@opensuse.org
+
+- openssl-gcc-attributes.patch 
+  * annotate memory allocation wrappers with attribute(alloc_size)
+    so the compiler can tell us if it knows they are being misused
+  * OPENSSL_showfatal is annotated with attribute printf to detect
+    format string problems.
+
+- It is time to try to disable SSLv2 again, it was tried a while
+  ago but broke too many things, nowadays Debian, Ubuntu, the BSDs
+  all have disabled it, most components are already fixed.
+  I will fix the remaining fallout if any. (email me)
+
 -------------------------------------------------------------------
 Tue Apr  8 08:12:38 UTC 2014 - dmueller@suse.com
 
diff --git a/openssl.spec b/openssl.spec
index 2bb154b..b83e774 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -64,6 +64,7 @@ Patch15:        openssl-1.0.1e-fips.patch
 Patch16:        openssl-1.0.1e-fips-ec.patch
 Patch17:        openssl-1.0.1e-fips-ctor.patch
 Patch18:        openssl-1.0.1e-new-fips-reqs.patch
+Patch19:        openssl-gcc-attributes.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -169,7 +170,7 @@ this package's base documentation.
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
-
+%patch19 -p1
 cp -p %{S:10} .
 cp -p %{S:11} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
@@ -217,6 +218,9 @@ export MACHINE=armv6l
 #
 config_flags="threads shared no-rc5 no-idea \
 fips \
+%if 0%{suse_version} > 1310
+no-ssl2 \
+%endif
 %ifarch x86_64 
 enable-ec_nistp_64_gcc_128 \
 %endif