Hi Martin, I will fix the Origin today. I was not sure of the naming convention for the patches, so I kept the same name as in fedora but used the version of openssl that we were patching. If you prefer, I can instead use exact same name as fedora. I actually pulled my patches from Fedora Rawhide's source tree, https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/source/tree/Packages/o/ directory. I downloaded openssl source rpm and the fips patches were in the SOURCES directory. The SRPM is openssl-1.0.2g-3.fc25.src.rpm. I used this because it seem to be the most recent at the time.
I just did a diff with my ctor patch and the one in fedora's SRPM I used and is pretty much the same. Please advice if I should indicate above URL in Origin for DEP3 header and use the exact same patch names. Also, thanks so much Martin for helping me with all this!! :-) On Wed, Apr 13, 2016 at 1:48 AM, Martin Pitt <martin.p...@ubuntu.com> wrote: > > Dividing up the patch proved to be a challenge but was the right thing > to do. > > Many thanks for doing this! > > Can you please fix the "Origin: > http://dl.fedoraproject.org/pub/fedora/linux/development"; fields still? > They should point to a particular patch in a place like > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/, but that does > not have "openssl-1.0.2g-fips-ctor.patch", only "openssl-1.0.2a-fips- > ctor.patch". Although the patch there is almost identical, except for > some patch header noise. So I suppose pointing to those is fine (bonus > points if you just add the DEP-3 patch header but otherwise leave the > patch intact, but that's not a biggie). > > But e. g. your openssl-1.0.2g-fips-ec.patch has quite a lot of changes > compared to > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 > .2a-fips-ec.patch (Note, Ubuntu modifications should go into openssl-1.0 > .2g-ubuntu-fips-cleanup.patch). Same for > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 > .2f-new-fips-reqs.patch. > > Current Fedora rawhide's package is openssl1.0.2g as well, just like > our's, so these patches ought to be identical? > > Maybe you took them from a different branch, but the Fedora 24 version > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 > .2f-new-fips-reqs.patch?h=f24 is also different than your's. > > > Weird, but the fedora patches were not independent of each other. > > That's quite normal, and it would actually be a surprise if patches that > are this big were independent. > > I'll upload this now so that we can see the autopkgtests against this > version, and we have at least a few days of testing this in the wild > before the final release. But please still clean up the patches as above > (Origin: and patches differing from Fedora) with a follow-up upload. > > Thanks for bearing with me! > > ** Changed in: openssl (Ubuntu) > Status: Incomplete => In Progress > > ** Changed in: openssl (Ubuntu) > Assignee: (unassigned) => Joy Latten (j-latten) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1553309 > > Title: > [FFe]: Include FIPS 140-2 into openssl package > > Status in openssl package in Ubuntu: > In Progress > > Bug description: > This is a request for a Feature Freeze Exception to include FIPS 140-2 > selftest into the openssl package in preparation for the FIPS 140-2 > compliance for 16.0.4. > This patchset will : > - add ability to config, compile, run with fips option enabled > - add the selftest files to crypto/fips directory. > - minor changes to several algorithms in crypto directory to ensure the > selftest compile successfully when fips is enabled. > > The selftest will be initiated externally at this point and not > internally. > Hope to have a test package ready early next week. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package Status in openssl package in Ubuntu: In Progress Bug description: This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4. This patchset will : - add ability to config, compile, run with fips option enabled - add the selftest files to crypto/fips directory. - minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled. The selftest will be initiated externally at this point and not internally. Hope to have a test package ready early next week. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
