Fix version aliasing issue

https://github.com/openssl/openssl/issues/23534 Signed-off-by: Sahana Prasad <sahana@redhat.com>
2024-02-09 20:50:40 +01:00 · 2024-02-09 20:50:40 +01:00 · 4334bc837f
commit 4334bc837f
parent f4c397c598
2 changed files with 90 additions and 1 deletions
--- a/0116-version-aliasing.patch
+++ b/0116-version-aliasing.patch
@ -0,0 +1,82 @@
+diff -up openssl-3.2.1/crypto/evp/digest.c.dup-patch openssl-3.2.1/crypto/evp/digest.c
+--- openssl-3.2.1/crypto/evp/digest.c.dup-patch	2024-02-09 20:41:56.277567514 +0100
+++ openssl-3.2.1/crypto/evp/digest.c	2024-02-09 20:42:59.317767764 +0100
+@@ -553,7 +554,10 @@ legacy:
+     return ret;
+ }
+ 
+-EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
+EVP_MD_CTX
+__attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
+                    symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
+*EVP_MD_CTX_dup(const EVP_MD_CTX *in)
+ {
+     EVP_MD_CTX *out = EVP_MD_CTX_new();
+ 
+diff -up openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch openssl-3.2.1/crypto/evp/evp_enc.c
+--- openssl-3.2.1/crypto/evp/evp_enc.c.dup-patch	2024-02-09 18:47:04.054258303 +0100
+++ openssl-3.2.1/crypto/evp/evp_enc.c	2024-02-09 20:43:00.926772711 +0100
+@@ -1444,7 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C
+ #endif /* FIPS_MODULE */
+ }
+ 
+-EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
+EVP_CIPHER_CTX
+__attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
+                    symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
+*EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
+ {
+     EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
+ 
+diff -up openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch openssl-3.2.1/test/recipes/01-test_symbol_presence.t
+--- openssl-3.2.1/test/recipes/01-test_symbol_presence.t.dup-patch	2024-02-09 20:44:10.860756724 +0100
+++ openssl-3.2.1/test/recipes/01-test_symbol_presence.t	2024-02-09 20:45:14.981136289 +0100
+@@ -132,6 +132,7 @@ foreach (sort keys %stlibname) {
+                   s| .*||;
+                   # Drop OpenSSL dynamic version information if there is any
+                   s|\@\@.+$||;
+                  s|\@.+$||;
+                   # Return the result
+                   $_
+               }
+diff -up openssl-3.2.1/util/libcrypto.num.dup-patch openssl-3.2.1/util/libcrypto.num
+--- openssl-3.2.1/util/libcrypto.num.dup-patch	2024-02-09 18:16:43.006553105 +0100
+++ openssl-3.2.1/util/libcrypto.num	2024-02-09 18:19:17.554159687 +0100
+@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key
+ OSSL_STACK_OF_X509_free                 5563	3_2_0	EXIST::FUNCTION:
+ OSSL_trace_string                       5564	3_2_0	EXIST::FUNCTION:
+ EVP_MD_CTX_dup                          5565	3_2_0	EXIST::FUNCTION:
+EVP_MD_CTX_dup                          ?	    3_1_0	EXIST::FUNCTION:
+ EVP_CIPHER_CTX_dup                      5566	3_2_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_dup                      ?    	3_1_0	EXIST::FUNCTION:
+ BN_signed_bin2bn                        5567	3_2_0	EXIST::FUNCTION:
+ BN_signed_bn2bin                        5568	3_2_0	EXIST::FUNCTION:
+ BN_signed_lebin2bn                      5569	3_2_0	EXIST::FUNCTION:
+diff -up openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup openssl-3.2.1/crypto/evp/evp_enc.c
+--- openssl-3.2.1/crypto/evp/evp_enc.c.fips-dup	2024-02-09 21:03:46.662261648 +0100
+++ openssl-3.2.1/crypto/evp/evp_enc.c	2024-02-09 21:04:33.427691451 +0100
+@@ -1445,8 +1445,10 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_C
+ }
+ 
+ EVP_CIPHER_CTX
+#if !defined(FIPS_MODULE)
+ __attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
+                     symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
+#endif
+ *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
+ {
+     EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
+diff -up openssl-3.2.1/crypto/evp/digest.c.new-fips-dup openssl-3.2.1/crypto/evp/digest.c
+--- openssl-3.2.1/crypto/evp/digest.c.new-fips-dup	2024-02-09 21:08:11.605474971 +0100
+++ openssl-3.2.1/crypto/evp/digest.c	2024-02-09 21:08:47.095723742 +0100
+@@ -554,8 +554,10 @@ legacy:
+ }
+ 
+ EVP_MD_CTX
+#if !defined(FIPS_MODULE)
+ __attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
+                     symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
+#endif
+ *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
+ {
+     EVP_MD_CTX *out = EVP_MD_CTX_new();
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.2.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 1
 Source: openssl-%{version}.tar.gz
 Source2: Makefile.certificate
@ -145,6 +145,9 @@ Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
 Patch114: 0114-FIPS-enforce-EMS-support.patch
 # skip quic and pairwise tests temporarily
 Patch115: 0115-skip-quic-pairwise.patch
+# Add version aliasing due to
+# https://github.com/openssl/openssl/issues/23534
+Patch116: 0116-version-aliasing.patch

 License: Apache-2.0
 URL: http://www.openssl.org/
@ -480,6 +483,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs

 %changelog
+* Fri Feb 09 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-2
+- Fix version aliasing issue
+- https://github.com/openssl/openssl/issues/23534
+
 * Tue Feb 06 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-1
 - Rebase to upstream version 3.2.1