Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2017-09-07 22:09:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Thu Sep 7 22:09:14 2017 rev:9 rq:520124 version:1.0.2l Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2017-08-22 11:04:08.722710376 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1_0_0.changes 2017-09-07 22:09:18.148054839 +0200 @@ -1,0 +2,7 @@ +Thu Aug 31 15:19:07 UTC 2017 - [email protected] + +- Add ECDSA ciphers to DEFAULT_SUSE cipher list (bsc#1055825) + * modified openssl-1.0.1e-add-suse-default-cipher.patch + * modified openssl-1.0.1e-add-test-suse-default-cipher-suite.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.zS6oZa/_old 2017-09-07 22:09:19.623846823 +0200 +++ /var/tmp/diff_new_pack.zS6oZa/_new 2017-09-07 22:09:19.627846259 +0200 @@ -22,8 +22,8 @@ %global __provides_exclude_from ^(%{_libdir}/pkgconfig/.*\\.pc|%{steamlibdir}/.*)$ %global __requires_exclude_from ^%{_libdir}/pkgconfig/.*\\.pc$ # Add path where to store steam patched library -%define steamprefix /usr/lib/steam -%define steamlibdir /usr/lib/steam/%_lib +%define steamprefix %{_prefix}/lib/steam +%define steamlibdir %{_prefix}/lib/steam/%{_lib} %define cavs_dir %{_libexecdir}/%{name}/cavs %define ssletcdir %{_sysconfdir}/ssl %define num_version 1.0.0 @@ -97,9 +97,8 @@ BuildRequires: ed BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) -Provides: ssl Conflicts: otherproviders(ssl) -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Provides: ssl %description OpenSSL is a software library to be used in applications that need to @@ -139,11 +138,11 @@ Requires: %{name} = %{version} Requires: libopenssl1_0_0 = %{version} Requires: pkgconfig(zlib) -Provides: ssl-devel -Conflicts: otherproviders(ssl-devel) # we need to have around only the exact version we are able to operate with Conflicts: libopenssl-devel < %{version} Conflicts: libopenssl-devel > %{version} +Conflicts: otherproviders(ssl-devel) +Provides: ssl-devel %description -n libopenssl-1_0_0-devel This subpackage contains header files for developing applications @@ -163,9 +162,9 @@ Summary: Additional Package Documentation License: OpenSSL Group: Productivity/Networking/Security +Conflicts: otherproviders(openssl-doc) Provides: openssl-doc = %{version} Obsoletes: openssl-doc < %{version} -Conflicts: otherproviders(openssl-doc) BuildArch: noarch %description doc @@ -385,14 +384,12 @@ %postun -n libopenssl1_0_0-steam -p /sbin/ldconfig %files -n libopenssl1_0_0 -%defattr(-, root, root) %{_libdir}/libssl.so.%{num_version} %{_libdir}/libcrypto.so.%{num_version} %dir %{_libdir}/engines-1.0 %{_libdir}/engines-1.0 %files -n libopenssl1_0_0-steam -%defattr(-, root, root) %doc LICENSE %dir %{steamprefix} %dir %{steamlibdir} @@ -400,12 +397,10 @@ /%{steamlibdir}/libcrypto.so.%{num_version} %files -n libopenssl1_0_0-hmac -%defattr(-, root, root) %{_libdir}/.libssl.so.%{num_version}.hmac %{_libdir}/.libcrypto.so.%{num_version}.hmac %files -n libopenssl-1_0_0-devel -%defattr(-, root, root) %{_includedir}/%{_rname}/ %{_includedir}/ssl %{_libdir}/libssl.so @@ -415,16 +410,13 @@ %{_libdir}/pkgconfig/openssl.pc %files doc -f filelist.doc -%defattr(-, root, root) %doc doc/* demos %doc showciphers.c %files cavs -%defattr(-,root,root) %{_libexecdir}/%{name} %files -f filelist -%defattr(-, root, root) %doc CHANGE* INSTAL* %doc LICENSE NEWS README README.SUSE README-FIPS.txt %dir %{ssletcdir} ++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++ --- /var/tmp/diff_new_pack.zS6oZa/_old 2017-09-07 22:09:19.779824837 +0200 +++ /var/tmp/diff_new_pack.zS6oZa/_new 2017-09-07 22:09:19.783824274 +0200 @@ -1,7 +1,7 @@ -Index: openssl-1.0.2h/ssl/ssl_ciph.c +Index: openssl-1.0.2j/ssl/ssl_ciph.c =================================================================== ---- openssl-1.0.2h.orig/ssl/ssl_ciph.c 2016-05-03 16:36:50.482900040 +0200 -+++ openssl-1.0.2h/ssl/ssl_ciph.c 2016-05-03 16:36:51.951922883 +0200 +--- openssl-1.0.2j.orig/ssl/ssl_ciph.c 2017-08-31 17:11:44.269628067 +0200 ++++ openssl-1.0.2j/ssl/ssl_ciph.c 2017-08-31 17:11:44.401630229 +0200 @@ -1608,7 +1608,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; @@ -18,18 +18,19 @@ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, ca_list); rule_p += 7; -Index: openssl-1.0.2h/ssl/ssl.h +Index: openssl-1.0.2j/ssl/ssl.h =================================================================== ---- openssl-1.0.2h.orig/ssl/ssl.h 2016-05-03 16:36:51.951922883 +0200 -+++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 16:41:00.024781841 +0200 -@@ -338,7 +338,11 @@ extern "C" { +--- openssl-1.0.2j.orig/ssl/ssl.h 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/ssl/ssl.h 2017-08-31 17:26:12.887874711 +0200 +@@ -338,7 +338,12 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" + -+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ ++# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\ ++ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ + "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA" /* ++++++ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ++++++ --- /var/tmp/diff_new_pack.zS6oZa/_old 2017-09-07 22:09:19.799822019 +0200 +++ /var/tmp/diff_new_pack.zS6oZa/_new 2017-09-07 22:09:19.799822019 +0200 @@ -1,8 +1,8 @@ -Index: openssl-1.0.2b/test/testssl +Index: openssl-1.0.2j/test/testssl =================================================================== ---- openssl-1.0.2b.orig/test/testssl 2015-06-11 20:11:36.398513121 +0200 -+++ openssl-1.0.2b/test/testssl 2015-06-11 20:15:40.833426946 +0200 -@@ -192,6 +192,25 @@ for protocol in TLSv1.2 SSLv3; do +--- openssl-1.0.2j.orig/test/testssl 2017-08-31 17:25:43.067383637 +0200 ++++ openssl-1.0.2j/test/testssl 2017-08-31 17:50:29.255888601 +0200 +@@ -191,6 +191,32 @@ for protocol in TLSv1.2 SSLv3; do fi done @@ -17,13 +17,20 @@ +done + +echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite" -+../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES" ++../util/shlib_wrap.sh ../apps/openssl ciphers -v DEFAULT_SUSE | grep "MD5\|RC4\|DES" + +if [ $? -ne 1 ];then -+ echo "weak ciphers are present on DEFAULT_SUSE cipher suite" ++ echo "weak ciphers are present in DEFAULT_SUSE cipher suite" + exit 1 +fi + ++echo "Testing if ECDSA ciphers are included in DEFAULT_SUSE cipher suite" ++../util/shlib_wrap.sh ../apps/openssl ciphers -v DEFAULT_SUSE | grep "ECDSA" ++ ++if [ $? -ne 0 ];then ++ echo "ECDSA is not present in DEFAULT_SUSE cipher suite" ++ exit 1 ++fi + #############################################################################
