forked from rpms/openssl
import openssl-3.0.1-23.el9_0
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
701577a00f
commit
892b3c8109
23
SOURCES/0055-nonlegacy-fetch-null-deref.patch
Normal file
23
SOURCES/0055-nonlegacy-fetch-null-deref.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
|
||||
index e1da724bd2f4..2bee5ef19447 100644
|
||||
--- a/crypto/core_namemap.c
|
||||
+++ b/crypto/core_namemap.c
|
||||
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
|
||||
{
|
||||
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
|
||||
|
||||
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
||||
+ if (cipher != NULL)
|
||||
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
||||
}
|
||||
|
||||
static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
|
||||
{
|
||||
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
|
||||
|
||||
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
||||
+ if (md != NULL)
|
||||
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
||||
}
|
||||
|
||||
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
|
||||
2279
SOURCES/0056-strcasecmp.patch
Normal file
2279
SOURCES/0056-strcasecmp.patch
Normal file
File diff suppressed because it is too large
Load Diff
104
SOURCES/0057-strcasecmp-fix.patch
Normal file
104
SOURCES/0057-strcasecmp-fix.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||
Date: Fri, 22 Apr 2022 18:16:56 +0200
|
||||
Subject: [PATCH 1/2] Ensure we initialized the locale before
|
||||
evp_pkey_name2type
|
||||
|
||||
Fixes #18158
|
||||
---
|
||||
crypto/evp/pmeth_lib.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||||
index 2b9c6c2351da..92d25de44532 100644
|
||||
--- a/crypto/evp/pmeth_lib.c
|
||||
+++ b/crypto/evp/pmeth_lib.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#ifndef FIPS_MODULE
|
||||
# include "crypto/asn1.h"
|
||||
#endif
|
||||
+#include "crypto/ctype.h"
|
||||
#include "crypto/evp.h"
|
||||
#include "crypto/dh.h"
|
||||
#include "crypto/ec.h"
|
||||
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
|
||||
}
|
||||
#ifndef FIPS_MODULE
|
||||
if (keytype != NULL) {
|
||||
+ ossl_init_casecmp();
|
||||
id = evp_pkey_name2type(keytype);
|
||||
if (id == NID_undef)
|
||||
id = -1;
|
||||
|
||||
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||
Date: Fri, 22 Apr 2022 19:26:08 +0200
|
||||
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
|
||||
preliminary init
|
||||
|
||||
---
|
||||
test/build.info | 6 +++++-
|
||||
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
|
||||
test/recipes/02-test_localetest.t | 4 +++-
|
||||
3 files changed, 22 insertions(+), 2 deletions(-)
|
||||
create mode 100644 test/evp_pkey_ctx_new_from_name.c
|
||||
|
||||
diff --git a/test/build.info b/test/build.info
|
||||
index 14a84f00a258..ee059973d31a 100644
|
||||
--- a/test/build.info
|
||||
+++ b/test/build.info
|
||||
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
|
||||
sanitytest rsa_complex exdatatest bntest \
|
||||
ecstresstest gmdifftest pbelutest \
|
||||
destest mdc2test sha_test \
|
||||
- exptest pbetest localetest \
|
||||
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\
|
||||
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
|
||||
evp_fetch_prov_test evp_libctx_test ossl_store_test \
|
||||
v3nametest v3ext \
|
||||
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
|
||||
INCLUDE[localetest]=../include ../apps/include
|
||||
DEPEND[localetest]=../libcrypto libtestutil.a
|
||||
|
||||
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
|
||||
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
|
||||
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
|
||||
+
|
||||
SOURCE[pbetest]=pbetest.c
|
||||
INCLUDE[pbetest]=../include ../apps/include
|
||||
DEPEND[pbetest]=../libcrypto libtestutil.a
|
||||
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
|
||||
new file mode 100644
|
||||
index 000000000000..24063ea05ea5
|
||||
--- /dev/null
|
||||
+++ b/test/evp_pkey_ctx_new_from_name.c
|
||||
@@ -0,0 +1,14 @@
|
||||
+#include <stdio.h>
|
||||
+#include <openssl/ec.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/err.h>
|
||||
+
|
||||
+int main(int argc, char *argv[])
|
||||
+{
|
||||
+ EVP_PKEY_CTX *pctx = NULL;
|
||||
+
|
||||
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
|
||||
+ EVP_PKEY_CTX_free(pctx);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
|
||||
index 1bccd57d4c63..77fba7d819ab 100644
|
||||
--- a/test/recipes/02-test_localetest.t
|
||||
+++ b/test/recipes/02-test_localetest.t
|
||||
@@ -15,7 +15,9 @@ setup("locale tests");
|
||||
plan skip_all => "Locale tests not available on Windows or VMS"
|
||||
if $^O =~ /^(VMS|MSWin32)$/;
|
||||
|
||||
-plan tests => 2;
|
||||
+plan tests => 3;
|
||||
+
|
||||
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
|
||||
|
||||
$ENV{LANG} = "C";
|
||||
ok(run(test(["localetest"])), "running localetest");
|
||||
@ -15,7 +15,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.1
|
||||
Release: 20%{?dist}
|
||||
Release: 23%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -86,6 +86,12 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
||||
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||
# CVE 2022-0778
|
||||
Patch53: 0053-CVE-2022-0778.patch
|
||||
# https://github.com/openssl/openssl/pull/17324
|
||||
Patch55: 0055-nonlegacy-fetch-null-deref.patch
|
||||
# https://github.com/openssl/openssl/pull/18103
|
||||
Patch56: 0056-strcasecmp.patch
|
||||
# https://github.com/openssl/openssl/pull/18175
|
||||
Patch57: 0057-strcasecmp-fix.patch
|
||||
|
||||
License: ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -416,6 +422,18 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23
|
||||
- Update missing initialization patch with feedback from upstream
|
||||
Resolves: rhbz#2076654
|
||||
|
||||
* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
|
||||
- Invocation of the missing initialization
|
||||
- Resolves: rhbz#2076654
|
||||
|
||||
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21
|
||||
- Fix openssl curl error with LANG=tr_TR.utf8
|
||||
- Resolves: rhbz#2076654
|
||||
|
||||
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
|
||||
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
|
||||
no OpenSSL library context is set
|
||||
|
||||
Loading…
Reference in New Issue
Block a user