Hello community, here is the log from the commit of package tog-pegasus for openSUSE:Factory checked in at 2017-12-06 08:58:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tog-pegasus (Old) and /work/SRC/openSUSE:Factory/.tog-pegasus.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tog-pegasus" Wed Dec 6 08:58:38 2017 rev:7 rq:548091 version:2.14.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tog-pegasus/tog-pegasus.changes 2017-03-31 15:08:11.651355289 +0200 +++ /work/SRC/openSUSE:Factory/.tog-pegasus.new/tog-pegasus.changes 2017-12-06 08:58:39.448834966 +0100 @@ -1,0 +2,14 @@ +Mon Dec 4 13:24:38 UTC 2017 - [email protected] + +- Don't conditionalize patch 6. + Have seperate patch numbers for: pegasus-SUSE-pam-wbem.patch (61) + pegasus-2.5.1-pam-wbem.patch (62) to have them always present. + Only apply conditionally. + +------------------------------------------------------------------- +Mon Dec 4 13:16:24 UTC 2017 - [email protected] + +- Add pegasus-2.14.1-openssl-1.1.patch: + Fix building with OpenSSL 1.1 + +------------------------------------------------------------------- New: ---- pegasus-2.14.1-openssl-1.1.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tog-pegasus.spec ++++++ --- /var/tmp/diff_new_pack.lyz609/_old 2017-12-06 08:58:40.752787236 +0100 +++ /var/tmp/diff_new_pack.lyz609/_new 2017-12-06 08:58:40.756787089 +0100 @@ -93,11 +93,8 @@ Patch5: pegasus-2.9.0-local-or-remote-auth.patch # 6: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5012 # Modifies pam rules to use access cofiguration file and local/remote differences -%if 0%{?suse_version} -Patch6: pegasus-SUSE-pam-wbem.patch -%else -Patch6: pegasus-2.5.1-pam-wbem.patch -%endif +Patch61: pegasus-SUSE-pam-wbem.patch +Patch62: pegasus-2.5.1-pam-wbem.patch # 9: Adds cimuser binary to admin commands Patch9: pegasus-2.6.0-cimuser.patch # 12: Removes snmp tests, which we don't want to perform @@ -129,6 +126,8 @@ Patch35: pegasus-2.14.1-fix-compiler-warnings.patch # 36: 'STACK_OF' undefined Patch36: pegasus-2.14.1-openssl.patch +# 37: OpenSSL 1.1 changes +Patch37: pegasus-2.14.1-openssl-1.1.patch BuildRequires: bash BuildRequires: coreutils @@ -341,7 +340,13 @@ %patch2 -p1 -b .PIE %patch3 -p1 -b .redhat-config %patch4 -p1 -b .cmpi-provider-lib -%patch6 -p1 -b .pam-wbem + +%if 0%{?suse_version} +%patch61 -p1 -b .pam-wbem +%else +%patch62 -p1 -b .pam-wbem +%endif + %patch9 -p1 -b .cimuser %patch12 -p1 -b .no_snmp_tests %patch5 -p1 -b .local-or-remote-auth @@ -358,6 +363,7 @@ %patch34 -p1 -b .build-fixes %patch35 -p1 -b .compiler-warnings %patch36 -p1 -b .openssl +%patch37 -p1 -b .openssl1.1 %build cp -fp %SOURCE1 doc ++++++ pegasus-2.14.1-openssl-1.1.patch ++++++ diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp --- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100 +++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100 @@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf); //initialize the CRL store - X509_STORE_CTX crlStoreCtx; - X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL); + X509_STORE_CTX* crlStoreCtx; + crlStoreCtx = X509_STORE_CTX_new(); + X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL); PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Initialized CRL store"); //attempt to get a CRL issued by the certificate's issuer - X509_OBJECT obj; + X509_OBJECT* obj; + obj = X509_OBJECT_new(); if (X509_STORE_get_by_subject( - &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0) + crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0) { - X509_STORE_CTX_cleanup(&crlStoreCtx); + X509_OBJECT_free(obj); + X509_STORE_CTX_cleanup(crlStoreCtx); PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: No CRL by that issuer"); PEG_METHOD_EXIT(); return 0; } - X509_STORE_CTX_cleanup(&crlStoreCtx); + X509_STORE_CTX_cleanup(crlStoreCtx); //get CRL - X509_CRL* crl = obj.data.crl; + X509_CRL* crl; + crl = X509_OBJECT_get0_X509_CRL(obj); if (crl == NULL) { PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null"); @@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback { revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); //a matching serial number indicates revocation - if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0) + if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0) { PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2, "---> SSL: Certificate is revoked"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); - X509_CRL_free(crl); + X509_OBJECT_free(obj); PEG_METHOD_EXIT(); return 1; } } - X509_CRL_free(crl); + X509_OBJECT_free(obj); PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Certificate is not revoked at this level"); diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h --- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100 +++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100 @@ -104,7 +104,11 @@ public: //important as per following site for //http://www.openssl.org/support/faq.html#PROG +#if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_malloc_init(); +#else + OPENSSL_malloc_init(); +#endif SSL_library_init(); SSL_load_error_strings(); } diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp --- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100 +++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100 @@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_ for (int i = 0; i < numRevoked; i++) { r = sk_X509_REVOKED_value(revoked, i); - rawSerialNumber = ASN1_INTEGER_get(r->serialNumber); + rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r)); sprintf(serial, "%lu", (unsigned long)rawSerialNumber); revokedSerialNumbers.append(String(serial)); - revocationDate = getDateTime(r->revocationDate); + revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r)); revocationDates.append(revocationDate); }
