#3 Correctly invoke sed for defining OPENSSL_NO_SSL3
Merged 4 years ago by jorton. Opened 4 years ago by cstratak.
Unknown source master  into  master

file modified
+7 -4
@@ -22,7 +22,7 @@

  Summary: Utilities from the general purpose cryptography library with TLS implementation

  Name: openssl

  Version: 1.1.1

- Release: 4%{?dist}

+ Release: 5%{?dist}

  Epoch: 1

  # We have to remove certain patented algorithms from the openssl source

  # tarball with the hobble-openssl script which is included below.
@@ -376,9 +376,9 @@

  # Next step of gradual disablement of SSL3.

  # Make SSL3 disappear to newly built dependencies.

  sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\

- \#ifndef OPENSSL_NO_SSL3\

- \# define OPENSSL_NO_SSL3\

- \#endif\' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h

+ #ifndef OPENSSL_NO_SSL3\

+ # define OPENSSL_NO_SSL3\

+ #endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h

  

  %ifarch %{multilib_arches}

  # Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
@@ -456,6 +456,9 @@

  %postun libs -p /sbin/ldconfig

  

  %changelog

+ * Thu Sep 27 2018 Charalampos Stratakis <cstratak@redhat.com> - 1:1.1.1-5

+ - Correctly invoke sed for defining OPENSSL_NO_SSL3

+ 

  * Thu Sep 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-4

  - define OPENSSL_NO_SSL3 so the newly built dependencies do not

    have access to SSL3 API calls anymore

Currently with the latest commit, the header includes those lines, and packages using the API error out:

#ifndef OPENSSL_NO_SSL3\
# define OPENSSL_NO_SSL3\
#endif

This PR should fix the sed invocation, however please check the resulting header on the build rpm's from the CI to verify that.

diff -ru usr/include/openssl/opensslconf-x86_64.h usr.fixed/include/openssl/opensslconf-x86_64.h
--- usr/include/openssl/opensslconf-x86_64.h    2018-09-28 07:58:43.624228071 +0100
+++ usr.fixed/include/openssl/opensslconf-x86_64.h  2018-09-28 07:57:55.780708219 +0100
@@ -79,9 +79,9 @@
 #ifndef OPENSSL_NO_MSAN
 # define OPENSSL_NO_MSAN
 #endif
-\#ifndef OPENSSL_NO_SSL3\
-\# define OPENSSL_NO_SSL3\
-\#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
 #ifndef OPENSSL_NO_SSL_TRACE
 # define OPENSSL_NO_SSL_TRACE
 #endif

LGTM, I'll merge this since Tomas is probably out today.

Pull-Request has been merged by jorton

4 years ago

Thanks, Joe and Charalampos.
I tested it just in a shell script and did not verify the rpm build. I am sorry for that.