rpms
/
openssl1.1
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main-riscv64
rpms:f38-riscv64
rpms:f37
rpms:main
rpms:f36
rpms:f35
rpms:f34
...
pull from: rpms:f36
Branches Tags
rpms:main-riscv64
rpms:f38-riscv64
rpms:f37
rpms:main
rpms:rawhide
rpms:f36
rpms:f35
rpms:f34

4 Commits
rawhide ... f36

Author SHA1 Message Date
Clemens Lang b5322f1ca9 Upgrade to 1.1.1q 
(cherry picked from commit f1f57e7a77)

Resolves: CVE-2022-2097
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-07-07 13:28:23 +02:00
Clemens Lang 3cff06ce15 Upgrade to 1.1.1p 
(cherry picked from commit 98a8b9a1e2)

Resolves: CVE-2022-2068
Related: rhbz#2099975
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-06-30 17:40:34 +02:00
Clemens Lang 4c79530b8d Upgrade to 1.1.1o 
(cherry picked from commit 6312831343)

Resolves: CVE-2022-1292, rhbz#2095817
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-06-13 12:14:32 +02:00
Clemens Lang 1641dae717 Upgrade to version 1.1.1n 
Resolves: CVE-2022-0778, rhbz#2064918
Signed-off-by: Clemens Lang <cllang@redhat.com>
 2022-03-24 18:18:54 +01:00
8 changed files with 38 additions and 29 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -3,3 +3,7 @@
/openssl-1.1.1i-hobbled.tar.xz
/openssl-1.1.1k-hobbled.tar.xz
/openssl-1.1.1l-hobbled.tar.xz
/openssl-1.1.1n-hobbled.tar.xz
/openssl-1.1.1o-hobbled.tar.xz
/openssl-1.1.1p-hobbled.tar.xz
/openssl-1.1.1q-hobbled.tar.xz

9
openssl-1.1.1-evp-kdf.patch
View File

@ -4474,13 +4474,6 @@ diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pk
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -15,7 +15,7 @@
Title = TLS1 PRF tests (from NIST test vectors)
@ -4740,7 +4733,7 @@ diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
@@ -303,3 +303,133 @@ Ctrl.r = r:8
Ctrl.p = p:1
Result = INTERNAL_ERROR
Result = KDF_DERIVE_ERROR
+Title = PBKDF2 tests
+

10
openssl-1.1.1-fips.patch
View File

@ -870,8 +870,8 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
+# include <openssl/fips.h>
+#endif
/* This call frees resources associated with the context */
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
@ -898,9 +898,9 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
+ }
+ }
+#endif
if (ctx->digest && ctx->digest->ctx_size) {
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ctx->md_data = NULL;
cleanup_old_md_data(ctx, 1);
ctx->digest = type;
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)

2
openssl-1.1.1-s390x-ecc.patch
View File

@ -1927,7 +1927,7 @@ diff -up openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1g/crypto/s390
+ unsigned long long kdsa[2];
};
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
#if defined(__GNUC__) && defined(__linux)
@@ -66,11 +74,14 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_KMF 0x90
# define S390X_PRNO 0xa0

7
openssl-1.1.1-system-cipherlist.patch
View File

@ -238,7 +238,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
}
/*
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1592,10 +1648,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@ -254,11 +254,6 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
if (!sk_SSL_CIPHER_push(cipherstack,
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+ OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*cipher_list = cipherstack;

12
openssl-1.1.1-version-override.patch
View File

@ -1,12 +1,12 @@
diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h
--- openssl-1.1.1i/include/openssl/opensslv.h.version-override 2020-12-09 10:25:12.042374409 +0100
+++ openssl-1.1.1i/include/openssl/opensslv.h 2020-12-09 10:26:00.362769170 +0100
diff -up openssl-1.1.1q/include/openssl/opensslv.h.version-override openssl-1.1.1q/include/openssl/opensslv.h
--- openssl-1.1.1q/include/openssl/opensslv.h.version-override 2022-07-07 13:14:40.123541142 +0200
+++ openssl-1.1.1q/include/openssl/opensslv.h 2022-07-07 13:15:20.777288763 +0200
@@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x101010cfL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l FIPS 24 Aug 2021"
# define OPENSSL_VERSION_NUMBER 0x1010111fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q FIPS 5 Jul 2022"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

21
openssl1.1.spec
View File

@ -25,8 +25,8 @@
Summary: Compatibility version of the OpenSSL library
Name: openssl1.1
Version: 1.1.1l
Release: 2%{?dist}
Version: 1.1.1q
Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -373,6 +373,23 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig
%ldconfig_scriptlets
%changelog
* Thu Jul 07 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1q-1
- Upgrade to 1.1.1q
Resolves: CVE-2022-2097
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1p-1
- Upgrade to 1.1.1p
Resolves: CVE-2022-2068
Related: rhbz#2099975
* Mon Jun 13 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1o-1
- Upgrade to 1.1.1o
Resolves: CVE-2022-1292, rhbz#2095817
* Thu Mar 24 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1n-1
- Upgrade to version 1.1.1n
Resolves: CVE-2022-0778, rhbz#2064918
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1l-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (openssl-1.1.1l-hobbled.tar.xz) = f0dfe3d3f4d1165173a0aeb50949792fef37069fc2b29de4845851fe0dbae8254f1d892b0ab8b23b75efc994742f3a57c30c78efa0702f6408d3a80442053d6f
SHA512 (openssl-1.1.1q-hobbled.tar.xz) = 990ece28fdf0a03768983a990d89302bd03758c08b4d2b25cff652c37ecc4e1c2bda9e6e0afca527ab87fb8ee594639e14ab96b5c890ef2ea6c5fadcd894b624