Compare commits
4 Commits
Author | SHA1 | Date |
---|---|---|
Clemens Lang | b5322f1ca9 | |
Clemens Lang | 3cff06ce15 | |
Clemens Lang | 4c79530b8d | |
Clemens Lang | 1641dae717 |
|
@ -3,3 +3,7 @@
|
|||
/openssl-1.1.1i-hobbled.tar.xz
|
||||
/openssl-1.1.1k-hobbled.tar.xz
|
||||
/openssl-1.1.1l-hobbled.tar.xz
|
||||
/openssl-1.1.1n-hobbled.tar.xz
|
||||
/openssl-1.1.1o-hobbled.tar.xz
|
||||
/openssl-1.1.1p-hobbled.tar.xz
|
||||
/openssl-1.1.1q-hobbled.tar.xz
|
||||
|
|
|
@ -4474,13 +4474,6 @@ diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pk
|
|||
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -15,7 +15,7 @@
|
||||
Title = TLS1 PRF tests (from NIST test vectors)
|
||||
|
||||
|
@ -4740,7 +4733,7 @@ diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
|
|||
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
|
||||
@@ -303,3 +303,133 @@ Ctrl.r = r:8
|
||||
Ctrl.p = p:1
|
||||
Result = INTERNAL_ERROR
|
||||
Result = KDF_DERIVE_ERROR
|
||||
|
||||
+Title = PBKDF2 tests
|
||||
+
|
||||
|
|
|
@ -870,8 +870,8 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
|
|||
+# include <openssl/fips.h>
|
||||
+#endif
|
||||
|
||||
/* This call frees resources associated with the context */
|
||||
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
|
||||
|
||||
static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
|
||||
@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
|
||||
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
||||
{
|
||||
|
@ -898,9 +898,9 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
|
|||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
if (ctx->digest && ctx->digest->ctx_size) {
|
||||
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
|
||||
ctx->md_data = NULL;
|
||||
cleanup_old_md_data(ctx, 1);
|
||||
|
||||
ctx->digest = type;
|
||||
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||
|
||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
|
|
|
@ -1927,7 +1927,7 @@ diff -up openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1g/crypto/s390
|
|||
+ unsigned long long kdsa[2];
|
||||
};
|
||||
|
||||
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
#if defined(__GNUC__) && defined(__linux)
|
||||
@@ -66,11 +74,14 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_KMF 0x90
|
||||
# define S390X_PRNO 0xa0
|
||||
|
|
|
@ -238,7 +238,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1592,10 +1648,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* if we cannot get one.
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||
|
@ -254,11 +254,6 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
||||
+ OPENSSL_free(co_list);
|
||||
sk_SSL_CIPHER_free(cipherstack);
|
||||
return NULL;
|
||||
}
|
||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*cipher_list = cipherstack;
|
||||
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1i/include/openssl/opensslv.h.version-override 2020-12-09 10:25:12.042374409 +0100
|
||||
+++ openssl-1.1.1i/include/openssl/opensslv.h 2020-12-09 10:26:00.362769170 +0100
|
||||
diff -up openssl-1.1.1q/include/openssl/opensslv.h.version-override openssl-1.1.1q/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1q/include/openssl/opensslv.h.version-override 2022-07-07 13:14:40.123541142 +0200
|
||||
+++ openssl-1.1.1q/include/openssl/opensslv.h 2022-07-07 13:15:20.777288763 +0200
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x101010cfL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l FIPS 24 Aug 2021"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010111fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q FIPS 5 Jul 2022"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
|
|
@ -25,8 +25,8 @@
|
|||
|
||||
Summary: Compatibility version of the OpenSSL library
|
||||
Name: openssl1.1
|
||||
Version: 1.1.1l
|
||||
Release: 2%{?dist}
|
||||
Version: 1.1.1q
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
|
@ -373,6 +373,23 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig
|
|||
%ldconfig_scriptlets
|
||||
|
||||
%changelog
|
||||
* Thu Jul 07 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1q-1
|
||||
- Upgrade to 1.1.1q
|
||||
Resolves: CVE-2022-2097
|
||||
|
||||
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1p-1
|
||||
- Upgrade to 1.1.1p
|
||||
Resolves: CVE-2022-2068
|
||||
Related: rhbz#2099975
|
||||
|
||||
* Mon Jun 13 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1o-1
|
||||
- Upgrade to 1.1.1o
|
||||
Resolves: CVE-2022-1292, rhbz#2095817
|
||||
|
||||
* Thu Mar 24 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1n-1
|
||||
- Upgrade to version 1.1.1n
|
||||
Resolves: CVE-2022-0778, rhbz#2064918
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1l-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (openssl-1.1.1l-hobbled.tar.xz) = f0dfe3d3f4d1165173a0aeb50949792fef37069fc2b29de4845851fe0dbae8254f1d892b0ab8b23b75efc994742f3a57c30c78efa0702f6408d3a80442053d6f
|
||||
SHA512 (openssl-1.1.1q-hobbled.tar.xz) = 990ece28fdf0a03768983a990d89302bd03758c08b4d2b25cff652c37ecc4e1c2bda9e6e0afca527ab87fb8ee594639e14ab96b5c890ef2ea6c5fadcd894b624
|
||||
|
|
Loading…
Reference in New Issue