> Dividing up the patch proved to be a challenge but was the right thing to do.
Many thanks for doing this! Can you please fix the "Origin: http://dl.fedoraproject.org/pub/fedora/linux/development"; fields still? They should point to a particular patch in a place like http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/, but that does not have "openssl-1.0.2g-fips-ctor.patch", only "openssl-1.0.2a-fips- ctor.patch". Although the patch there is almost identical, except for some patch header noise. So I suppose pointing to those is fine (bonus points if you just add the DEP-3 patch header but otherwise leave the patch intact, but that's not a biggie). But e. g. your openssl-1.0.2g-fips-ec.patch has quite a lot of changes compared to http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 .2a-fips-ec.patch (Note, Ubuntu modifications should go into openssl-1.0 .2g-ubuntu-fips-cleanup.patch). Same for http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 .2f-new-fips-reqs.patch. Current Fedora rawhide's package is openssl1.0.2g as well, just like our's, so these patches ought to be identical? Maybe you took them from a different branch, but the Fedora 24 version http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 .2f-new-fips-reqs.patch?h=f24 is also different than your's. > Weird, but the fedora patches were not independent of each other. That's quite normal, and it would actually be a surprise if patches that are this big were independent. I'll upload this now so that we can see the autopkgtests against this version, and we have at least a few days of testing this in the wild before the final release. But please still clean up the patches as above (Origin: and patches differing from Fedora) with a follow-up upload. Thanks for bearing with me! ** Changed in: openssl (Ubuntu) Status: Incomplete => In Progress ** Changed in: openssl (Ubuntu) Assignee: (unassigned) => Joy Latten (j-latten) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package Status in openssl package in Ubuntu: In Progress Bug description: This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4. This patchset will : - add ability to config, compile, run with fips option enabled - add the selftest files to crypto/fips directory. - minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled. The selftest will be initiated externally at this point and not internally. Hope to have a test package ready early next week. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
