Compare commits
2 Commits
d1b1996624
...
4f1033e859
Author | SHA1 | Date |
---|---|---|
Dmitry Belyavskiy | 4f1033e859 | |
Dmitry Belyavskiy | 2a7c14c5f4 |
|
@ -56,3 +56,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||
/openssl-3.0.2-hobbled.tar.gz
|
||||
/openssl-3.0.3-hobbled.tar.gz
|
||||
/openssl-3.0.5-hobbled.tar.xz
|
||||
/openssl-3.0.8-hobbled.tar.gz
|
||||
|
|
|
@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
|
|||
--- a/util/libcrypto.num
|
||||
+++ b/util/libcrypto.num
|
||||
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||
--
|
||||
2.26.2
|
||||
|
|
|
@ -5011,3 +5011,15 @@ diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remov
|
|||
Title=prime256v1 curve tests
|
||||
|
||||
PrivateKey=ALICE_cf_prime256v1
|
||||
diff -up openssl-3.0.7/test/recipes/15-test_ec.t.skipshort openssl-3.0.7/test/recipes/15-test_ec.t
|
||||
--- openssl-3.0.7/test/recipes/15-test_ec.t.skipshort 2022-11-23 12:40:55.324395782 +0100
|
||||
+++ openssl-3.0.7/test/recipes/15-test_ec.t 2022-11-23 12:42:12.478094387 +0100
|
||||
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key
|
||||
|
||||
subtest 'Check loading of fips and non-fips keys' => sub {
|
||||
plan skip_all => "FIPS is disabled"
|
||||
- if $no_fips;
|
||||
+ if 1; #Red Hat specific, original value is $no_fips;
|
||||
|
||||
plan tests => 2;
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_expl
|
|||
|
||||
- if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
|
||||
- ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
|
||||
- (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
|
||||
- (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx) > 0;
|
||||
- else
|
||||
- ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
|
||||
+ ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
|
||||
|
|
|
@ -493,8 +493,8 @@ index 10b4e57d79..2d3c363bb0 100644
|
|||
--- a/util/libcrypto.num
|
||||
+++ b/util/libcrypto.num
|
||||
@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
|
||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||
|
|
|
@ -9,6 +9,6 @@ diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.nu
|
|||
-OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||
+OPENSSL_strcasecmp 5556 3_0_1 EXIST::FUNCTION:
|
||||
+OPENSSL_strncasecmp 5557 3_0_1 EXIST::FUNCTION:
|
||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||
|
|
23
openssl.spec
23
openssl.spec
|
@ -14,13 +14,13 @@
|
|||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.5
|
||||
Release: 2%{?dist}
|
||||
Version: 3.0.8
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
|
||||
Source: openssl-%{version}-hobbled.tar.xz
|
||||
Source: openssl-%{version}-hobbled.tar.gz
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
Source3: genpatches
|
||||
|
@ -414,6 +414,23 @@ install -m644 %{SOURCE9} \
|
|||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu Feb 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-1
|
||||
- Rebase to upstream version 3.0.8
|
||||
Resolves: CVE-2022-4203
|
||||
Resolves: CVE-2022-4304
|
||||
Resolves: CVE-2022-4450
|
||||
Resolves: CVE-2023-0215
|
||||
Resolves: CVE-2023-0216
|
||||
Resolves: CVE-2023-0217
|
||||
Resolves: CVE-2023-0286
|
||||
Resolves: CVE-2023-0401
|
||||
|
||||
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-3
|
||||
- CVE-2022-3602: X.509 Email Address Buffer Overflow
|
||||
- CVE-2022-3786: X.509 Email Address Buffer Overflow
|
||||
Resolves: CVE-2022-3602
|
||||
Resolves: CVE-2022-3786
|
||||
|
||||
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf
|
||||
SHA512 (openssl-3.0.8-hobbled.tar.gz) = 42f2a59aa8c39c21b66b528329ace126b870f6d7c3a1da2f2ee18ab875923c5bcf3d9046f884201556799a8ab1d915112a1f124cfaf1ab77b2eac834d1f88c60
|
||||
|
|
Loading…
Reference in New Issue