Hello community,
here is the log from the commit of package libressl for openSUSE:Factory
checked in at 2020-10-28 14:33:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libressl (Old)
and /work/SRC/openSUSE:Factory/.libressl.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl"
Wed Oct 28 14:33:56 2020 rev:53 rq:844534 version:3.2.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2020-08-19
19:00:18.683956605 +0200
+++ /work/SRC/openSUSE:Factory/.libressl.new.3463/libressl.changes
2020-10-28 14:33:59.763813587 +0100
@@ -1,0 +2,13 @@
+Wed Oct 21 07:55:27 UTC 2020 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 3.2.2
+ * New X509 certificate chain validator that correctly handles
+ multiple paths through intermediate certificates.
+ * New name constraints verification implementation.
+ * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h.
+ * Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash.
+ * Avoid an out-of-bounds write in BN_rand().
+ * Fix numerous leaks in the UI_dup_* functions.
+ * Avoid an out-of-bounds write in BN_rand().
+
+-------------------------------------------------------------------
Old:
----
libressl-3.1.4.tar.gz
libressl-3.1.4.tar.gz.asc
New:
----
libressl-3.2.2.tar.gz
libressl-3.2.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libressl.spec ++++++
--- /var/tmp/diff_new_pack.vaKrNo/_old 2020-10-28 14:34:00.423814075 +0100
+++ /var/tmp/diff_new_pack.vaKrNo/_new 2020-10-28 14:34:00.427814078 +0100
@@ -17,7 +17,7 @@
Name: libressl
-Version: 3.1.4
+Version: 3.2.2
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
++++++ extra-symver.diff ++++++
--- /var/tmp/diff_new_pack.vaKrNo/_old 2020-10-28 14:34:00.479814117 +0100
+++ /var/tmp/diff_new_pack.vaKrNo/_new 2020-10-28 14:34:00.479814117 +0100
@@ -1,20 +1,35 @@
From: Jan Engelhardt <jeng...@inai.de>
-Date: 2017-12-04 21:25:11.022534627 +0100
+Date: 2020-10-21 10:27:09.816637061 +0200
+
+Exports should be _versioned_. Without a version on libressl symbols, this
could happen:
+
+a) given a function call to libressl SSL_CTX_new in source, the linker
+ will emit "SSL_CTX_new" into the executable
+b) assuming the final program somehow loads both libressl and openssl,
+ the dynamic loader could resolve "SSL_CTX_new" to SSL_CTX_new@@OPENSSL_1.1.0
+
+ -> usually crash because something was initialized in one library
+ but not in the other
+
+If libressl.so has versioned exports,
+
+a) the linker emits "SSL_CTX_new@@LIBRESSL"
+b) the dynamic loader is required to look for SSL_CTX_new@@LIBRESSL
+ and cannot satisfy it with SSL_CTX_new@@OPENSSL.
-Add symbol versions into the library to be on par with openssl.
---
crypto/Makefile.am | 7 +++++--
ssl/Makefile.am | 6 +++++-
tls/Makefile.am | 6 +++++-
3 files changed, 15 insertions(+), 4 deletions(-)
-Index: libressl-3.1.1/crypto/Makefile.am
+Index: libressl-3.2.2/crypto/Makefile.am
===================================================================
---- libressl-3.1.1.orig/crypto/Makefile.am
-+++ libressl-3.1.1/crypto/Makefile.am
-@@ -93,8 +93,11 @@ if HOST_WIN
- -mv crypto_portable.sym.tmp crypto_portable.sym
- endif
+--- libressl-3.2.2.orig/crypto/Makefile.am
++++ libressl-3.2.2/crypto/Makefile.am
+@@ -105,8 +105,11 @@ libcrypto_la_objects.mk: Makefile
+ | sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
+ >> libcrypto_la_objects.mk
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols crypto_portable.sym
-EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym
@@ -23,31 +38,31 @@
+
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-Wl,--version-script=crypto2.sym
+EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym crypto2.sym
+ EXTRA_libcrypto_la_DEPENDENCIES += libcrypto_la_objects.mk
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
- libcrypto_la_LIBADD += libcompatnoopt.la
-Index: libressl-3.1.1/ssl/Makefile.am
+Index: libressl-3.2.2/ssl/Makefile.am
===================================================================
---- libressl-3.1.1.orig/ssl/Makefile.am
-+++ libressl-3.1.1/ssl/Makefile.am
-@@ -6,7 +6,11 @@ EXTRA_DIST = VERSION
- EXTRA_DIST += CMakeLists.txt
- EXTRA_DIST += ssl.sym
+--- libressl-3.2.2.orig/ssl/Makefile.am
++++ libressl-3.2.2/ssl/Makefile.am
+@@ -15,7 +15,11 @@ libssl_la_objects.mk: Makefile
+ | sed 's/ */ $$\(abs_top_builddir\)\/ssl\//g' \
+ > libssl_la_objects.mk
-libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
-export-symbols $(top_srcdir)/ssl/ssl.sym
+ssl2.sym: ssl.sym
+ (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local:
*; };') >$@
+
+libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
-Wl,--version-script=ssl2.sym
-+EXTRA_libssl_la_DEPENDENCIES = ssl.sym ssl2.sym
++EXTRA_libssl_la_DEPENDENCIES += ssl.sym ssl2.sym
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
libssl_la_SOURCES = bio_ssl.c
-Index: libressl-3.1.1/tls/Makefile.am
+Index: libressl-3.2.2/tls/Makefile.am
===================================================================
---- libressl-3.1.1.orig/tls/Makefile.am
-+++ libressl-3.1.1/tls/Makefile.am
-@@ -6,7 +6,11 @@ EXTRA_DIST = VERSION
+--- libressl-3.2.2.orig/tls/Makefile.am
++++ libressl-3.2.2/tls/Makefile.am
+@@ -9,7 +9,11 @@ EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += tls.sym
@@ -57,6 +72,6 @@
+
+libtls_la_DEPENDENCIES = tls2.sym
+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
-Wl,--version-script=tls2.sym
- libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
- libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
- libtls_la_LIBADD += $(PLATFORM_LDADD)
+ libtls_la_LIBADD = $(libcrypto_la_objects)
+ libtls_la_LIBADD += $(libcompat_la_objects)
+ libtls_la_LIBADD += $(libcompatnoopt_la_objects)
++++++ libressl-3.1.4.tar.gz -> libressl-3.2.2.tar.gz ++++++
++++ 63406 lines of diff (skipped)
