Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-cal for openSUSE:Factory checked in at 2024-09-01 19:21:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-cal (Old) and /work/SRC/openSUSE:Factory/.aws-c-cal.new.2698 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-cal" Sun Sep 1 19:21:42 2024 rev:10 rq:1197832 version:0.7.4 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-cal/aws-c-cal.changes 2024-07-22 17:16:15.565098963 +0200 +++ /work/SRC/openSUSE:Factory/.aws-c-cal.new.2698/aws-c-cal.changes 2024-09-01 19:22:01.101468398 +0200 @@ -1,0 +2,9 @@ +Mon Aug 26 15:14:13 UTC 2024 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.7.4 + * OpenSSL Runtime and Compile Time Mismatch Fix by @waahm7 in (#198) +- from version 0.7.3 + * Update MacOS CI to arm64 by @waahm7 in (#196) + * Use prebuilt aws-lc by @sfod in (#197) + +------------------------------------------------------------------- Old: ---- v0.7.2.tar.gz New: ---- v0.7.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-cal.spec ++++++ --- /var/tmp/diff_new_pack.CH4XwV/_old 2024-09-01 19:22:02.433522934 +0200 +++ /var/tmp/diff_new_pack.CH4XwV/_new 2024-09-01 19:22:02.437523099 +0200 @@ -19,7 +19,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-cal -Version: 0.7.2 +Version: 0.7.4 Release: 0 Summary: AWS C99 wrapper for cryptography primitives License: Apache-2.0 ++++++ v0.7.2.tar.gz -> v0.7.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.7.2/.github/workflows/ci.yml new/aws-c-cal-0.7.4/.github/workflows/ci.yml --- old/aws-c-cal-0.7.2/.github/workflows/ci.yml 2024-07-15 19:42:43.000000000 +0200 +++ new/aws-c-cal-0.7.4/.github/workflows/ci.yml 2024-08-23 23:35:42.000000000 +0200 @@ -6,7 +6,7 @@ - 'main' env: - BUILDER_VERSION: v0.9.61 + BUILDER_VERSION: v0.9.62 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-cal @@ -177,8 +177,8 @@ run: | python .\aws-c-cal\build\deps\aws-c-common\scripts\appverifier_ctest.py --build_directory .\aws-c-cal\build\aws-c-cal - osx: - runs-on: macos-12 # latest + macos: + runs-on: macos-14 # latest steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | @@ -186,8 +186,17 @@ chmod a+x builder ./builder build -p ${{ env.PACKAGE_NAME }} - osx-min-deployment-target: - runs-on: macos-12 # latest + macos-x64: + runs-on: macos-14-large # latest + steps: + - name: Build ${{ env.PACKAGE_NAME }} + consumers + run: | + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} + + macos-min-deployment-target: + runs-on: macos-14 # latest steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.7.2/CMakeLists.txt new/aws-c-cal-0.7.4/CMakeLists.txt --- old/aws-c-cal-0.7.2/CMakeLists.txt 2024-07-15 19:42:43.000000000 +0200 +++ new/aws-c-cal-0.7.4/CMakeLists.txt 2024-08-23 23:35:42.000000000 +0200 @@ -101,10 +101,14 @@ elseif(NOT USE_OPENSSL AND IN_SOURCE_BUILD) if (TARGET crypto) message(STATUS "Using libcrypto from AWS-LC") + set(PLATFORM_LIBS crypto) + elseif(AWSLC_PREBUILT) + message(STATUS "Using prebuilt libcrypto from AWS-LC") + find_package(crypto REQUIRED) + set(PLATFORM_LIBS AWS::crypto) else() message(FATAL_ERROR "Target crypto is not defined, failed to find libcrypto.") endif() - set(PLATFORM_LIBS crypto) else() # note aws_use_package() does this for you, except it appends to the public link targets # which we probably don't want for this case where we want the crypto dependency private diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.7.2/source/unix/openssl_platform_init.c new/aws-c-cal-0.7.4/source/unix/openssl_platform_init.c --- old/aws-c-cal-0.7.2/source/unix/openssl_platform_init.c 2024-07-15 19:42:43.000000000 +0200 +++ new/aws-c-cal-0.7.4/source/unix/openssl_platform_init.c 2024-08-23 23:35:42.000000000 +0200 @@ -493,38 +493,82 @@ return found_version; } -static enum aws_libcrypto_version s_resolve_libcrypto_lib(void) { - const char *libcrypto_102 = "libcrypto.so.1.0.0"; - const char *libcrypto_111 = "libcrypto.so.1.1"; +static enum aws_libcrypto_version s_libcrypto_version_at_compile_time(void) { +#ifdef OPENSSL_IS_OPENSSL + /* + * Currently, this only checks for 1.0.2 vs 1.1. As a future optimization, we can also add a branch for OpenSSL 3.0. + * OpenSSL 3.0 is compatible with OpenSSL 1.1, so it works currently. + */ + if (OPENSSL_VERSION_NUMBER < 0x10100000L) { + return AWS_LIBCRYPTO_1_0_2; + } else { + return AWS_LIBCRYPTO_1_1_1; + } +#endif + /* + * Follow the default path instead of prioritizing the compiled version. This works, since we enforce that + * the compiled version and runtime version must be the same for BoringSSL and AWS-LC in + * `s_validate_libcrypto_linkage()`. + */ + return AWS_LIBCRYPTO_NONE; +} + +/* Given libcrypto version, return the filename of the .so */ +static char *s_libcrypto_sharedlib_filename(enum aws_libcrypto_version version) { + switch (version) { + case AWS_LIBCRYPTO_1_0_2: + return "libcrypto.so.1.0.0"; + case AWS_LIBCRYPTO_1_1_1: + return "libcrypto.so.1.1"; + default: + return "libcrypto.so"; + } +} + +static bool s_load_libcrypto_sharedlib(enum aws_libcrypto_version version) { + const char *libcrypto_version = s_libcrypto_sharedlib_filename(version); - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading libcrypto 1.0.2"); - void *module = dlopen(libcrypto_102, RTLD_NOW); + AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading %s", libcrypto_version); + void *module = dlopen(libcrypto_version, RTLD_NOW); if (module) { - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "resolving against libcrypto 1.0.2"); - enum aws_libcrypto_version result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_0_2, module); - if (result == AWS_LIBCRYPTO_1_0_2) { - return result; + AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "resolving against %s", libcrypto_version); + enum aws_libcrypto_version result = s_resolve_libcrypto_symbols(version, module); + if (result == version) { + return true; } dlclose(module); } else { - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto 1.0.2 not found"); + AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "%s not found", libcrypto_version); } - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading libcrypto 1.1.1"); - module = dlopen(libcrypto_111, RTLD_NOW); - if (module) { - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "resolving against libcrypto 1.1.1"); - enum aws_libcrypto_version result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_1_1, module); - if (result == AWS_LIBCRYPTO_1_1_1) { - return result; + return false; +} + +static enum aws_libcrypto_version s_resolve_libcrypto_sharedlib(void) { + /* First try to load the same version as the compiled libcrypto version */ + const enum aws_libcrypto_version compiled_version = s_libcrypto_version_at_compile_time(); + if (compiled_version != AWS_LIBCRYPTO_NONE) { + if (s_load_libcrypto_sharedlib(compiled_version)) { + return compiled_version; + } + } + + /* If compiled_version is AWS_LIBCRYPTO_1_1_1, we have already tried to load it and failed. So, skip it here. */ + if (compiled_version != AWS_LIBCRYPTO_1_1_1) { + if (s_load_libcrypto_sharedlib(AWS_LIBCRYPTO_1_1_1)) { + return AWS_LIBCRYPTO_1_1_1; + } + } + + /* If compiled_version is AWS_LIBCRYPTO_1_0_2, we have already tried to load it and failed. So, skip it here. */ + if (compiled_version != AWS_LIBCRYPTO_1_0_2) { + if (s_load_libcrypto_sharedlib(AWS_LIBCRYPTO_1_0_2)) { + return AWS_LIBCRYPTO_1_0_2; } - dlclose(module); - } else { - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto 1.1.1 not found"); } AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "loading libcrypto.so"); - module = dlopen("libcrypto.so", RTLD_NOW); + void *module = dlopen("libcrypto.so", RTLD_NOW); if (module) { unsigned long (*openssl_version_num)(void) = NULL; *(void **)(&openssl_version_num) = dlsym(module, "OpenSSL_version_num"); @@ -612,20 +656,20 @@ } if (result == AWS_LIBCRYPTO_NONE) { AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find boringssl symbols linked"); - result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_0_2, process); + result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_1_1, process); } if (result == AWS_LIBCRYPTO_NONE) { - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find libcrypto 1.0.2 symbols linked"); - result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_1_1, process); + AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find libcrypto 1.1.1 symbols linked"); + result = s_resolve_libcrypto_symbols(AWS_LIBCRYPTO_1_0_2, process); } dlclose(process); if (result == AWS_LIBCRYPTO_NONE) { - AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find libcrypto 1.1.1 symbols linked"); + AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "did not find libcrypto 1.0.2 symbols linked"); AWS_LOGF_DEBUG( AWS_LS_CAL_LIBCRYPTO_RESOLVE, "libcrypto symbols were not statically linked, searching for shared libraries"); - result = s_resolve_libcrypto_lib(); + result = s_resolve_libcrypto_sharedlib(); } s_validate_libcrypto_linkage();
