forked from rpms/openssl
import openssl-3.0.1-23.el9_0
This commit is contained in:
parent
701577a00f
commit
892b3c8109
23
SOURCES/0055-nonlegacy-fetch-null-deref.patch
Normal file
23
SOURCES/0055-nonlegacy-fetch-null-deref.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
|
||||||
|
index e1da724bd2f4..2bee5ef19447 100644
|
||||||
|
--- a/crypto/core_namemap.c
|
||||||
|
+++ b/crypto/core_namemap.c
|
||||||
|
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
|
||||||
|
{
|
||||||
|
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
|
||||||
|
|
||||||
|
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
||||||
|
+ if (cipher != NULL)
|
||||||
|
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
|
||||||
|
{
|
||||||
|
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
|
||||||
|
|
||||||
|
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
||||||
|
+ if (md != NULL)
|
||||||
|
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
|
2279
SOURCES/0056-strcasecmp.patch
Normal file
2279
SOURCES/0056-strcasecmp.patch
Normal file
File diff suppressed because it is too large
Load Diff
104
SOURCES/0057-strcasecmp-fix.patch
Normal file
104
SOURCES/0057-strcasecmp-fix.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Date: Fri, 22 Apr 2022 18:16:56 +0200
|
||||||
|
Subject: [PATCH 1/2] Ensure we initialized the locale before
|
||||||
|
evp_pkey_name2type
|
||||||
|
|
||||||
|
Fixes #18158
|
||||||
|
---
|
||||||
|
crypto/evp/pmeth_lib.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||||||
|
index 2b9c6c2351da..92d25de44532 100644
|
||||||
|
--- a/crypto/evp/pmeth_lib.c
|
||||||
|
+++ b/crypto/evp/pmeth_lib.c
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
# include "crypto/asn1.h"
|
||||||
|
#endif
|
||||||
|
+#include "crypto/ctype.h"
|
||||||
|
#include "crypto/evp.h"
|
||||||
|
#include "crypto/dh.h"
|
||||||
|
#include "crypto/ec.h"
|
||||||
|
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
|
||||||
|
}
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
if (keytype != NULL) {
|
||||||
|
+ ossl_init_casecmp();
|
||||||
|
id = evp_pkey_name2type(keytype);
|
||||||
|
if (id == NID_undef)
|
||||||
|
id = -1;
|
||||||
|
|
||||||
|
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Date: Fri, 22 Apr 2022 19:26:08 +0200
|
||||||
|
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
|
||||||
|
preliminary init
|
||||||
|
|
||||||
|
---
|
||||||
|
test/build.info | 6 +++++-
|
||||||
|
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
|
||||||
|
test/recipes/02-test_localetest.t | 4 +++-
|
||||||
|
3 files changed, 22 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 test/evp_pkey_ctx_new_from_name.c
|
||||||
|
|
||||||
|
diff --git a/test/build.info b/test/build.info
|
||||||
|
index 14a84f00a258..ee059973d31a 100644
|
||||||
|
--- a/test/build.info
|
||||||
|
+++ b/test/build.info
|
||||||
|
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
|
||||||
|
sanitytest rsa_complex exdatatest bntest \
|
||||||
|
ecstresstest gmdifftest pbelutest \
|
||||||
|
destest mdc2test sha_test \
|
||||||
|
- exptest pbetest localetest \
|
||||||
|
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\
|
||||||
|
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
|
||||||
|
evp_fetch_prov_test evp_libctx_test ossl_store_test \
|
||||||
|
v3nametest v3ext \
|
||||||
|
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
|
||||||
|
INCLUDE[localetest]=../include ../apps/include
|
||||||
|
DEPEND[localetest]=../libcrypto libtestutil.a
|
||||||
|
|
||||||
|
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
|
||||||
|
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
|
||||||
|
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
|
||||||
|
+
|
||||||
|
SOURCE[pbetest]=pbetest.c
|
||||||
|
INCLUDE[pbetest]=../include ../apps/include
|
||||||
|
DEPEND[pbetest]=../libcrypto libtestutil.a
|
||||||
|
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..24063ea05ea5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/evp_pkey_ctx_new_from_name.c
|
||||||
|
@@ -0,0 +1,14 @@
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <openssl/ec.h>
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
+#include <openssl/err.h>
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ EVP_PKEY_CTX *pctx = NULL;
|
||||||
|
+
|
||||||
|
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
|
||||||
|
+ EVP_PKEY_CTX_free(pctx);
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
|
||||||
|
index 1bccd57d4c63..77fba7d819ab 100644
|
||||||
|
--- a/test/recipes/02-test_localetest.t
|
||||||
|
+++ b/test/recipes/02-test_localetest.t
|
||||||
|
@@ -15,7 +15,9 @@ setup("locale tests");
|
||||||
|
plan skip_all => "Locale tests not available on Windows or VMS"
|
||||||
|
if $^O =~ /^(VMS|MSWin32)$/;
|
||||||
|
|
||||||
|
-plan tests => 2;
|
||||||
|
+plan tests => 3;
|
||||||
|
+
|
||||||
|
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
|
||||||
|
|
||||||
|
$ENV{LANG} = "C";
|
||||||
|
ok(run(test(["localetest"])), "running localetest");
|
@ -15,7 +15,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.1
|
Version: 3.0.1
|
||||||
Release: 20%{?dist}
|
Release: 23%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -86,6 +86,12 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
|||||||
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||||
# CVE 2022-0778
|
# CVE 2022-0778
|
||||||
Patch53: 0053-CVE-2022-0778.patch
|
Patch53: 0053-CVE-2022-0778.patch
|
||||||
|
# https://github.com/openssl/openssl/pull/17324
|
||||||
|
Patch55: 0055-nonlegacy-fetch-null-deref.patch
|
||||||
|
# https://github.com/openssl/openssl/pull/18103
|
||||||
|
Patch56: 0056-strcasecmp.patch
|
||||||
|
# https://github.com/openssl/openssl/pull/18175
|
||||||
|
Patch57: 0057-strcasecmp-fix.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -416,6 +422,18 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23
|
||||||
|
- Update missing initialization patch with feedback from upstream
|
||||||
|
Resolves: rhbz#2076654
|
||||||
|
|
||||||
|
* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
|
||||||
|
- Invocation of the missing initialization
|
||||||
|
- Resolves: rhbz#2076654
|
||||||
|
|
||||||
|
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21
|
||||||
|
- Fix openssl curl error with LANG=tr_TR.utf8
|
||||||
|
- Resolves: rhbz#2076654
|
||||||
|
|
||||||
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
|
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
|
||||||
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
|
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
|
||||||
no OpenSSL library context is set
|
no OpenSSL library context is set
|
||||||
|
Loading…
Reference in New Issue
Block a user