forked from rpms/openssl
Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssl.git#a07706cf0e50b02a61d3cb10ecad554d4ac4240c
This commit is contained in:
parent
a99ab8f40a
commit
e33651f416
1
.gitignore
vendored
1
.gitignore
vendored
@ -49,3 +49,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.1.1f-hobbled.tar.xz
|
||||
/openssl-1.1.1g-hobbled.tar.xz
|
||||
/openssl-1.1.1h-hobbled.tar.xz
|
||||
/openssl-1.1.1i-hobbled.tar.xz
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
|
||||
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
|
||||
diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
|
||||
--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100
|
||||
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
@ -51,10 +51,10 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
|
||||
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100
|
||||
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
|
||||
@ -75,9 +75,9 @@ diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/cry
|
||||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
|
||||
diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100
|
||||
@@ -17,10 +17,12 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include "rand_local.h"
|
||||
@ -91,7 +91,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
# ifdef DEVRANDOM_WAIT
|
||||
# include <sys/shm.h>
|
||||
# include <sys/utsname.h>
|
||||
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
@ -100,15 +100,15 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* Note: Sometimes getentropy() can be provided but not implemented
|
||||
* internally. So we need to check errno for ENOSYS
|
||||
*/
|
||||
+# if 0
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
@ -122,7 +122,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t entropy_available;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
@ -132,7 +132,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
{
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@ -141,7 +141,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
@ -153,7 +153,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
@ -164,9 +164,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
||||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
||||
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
|
||||
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
|
||||
diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
|
||||
--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100
|
||||
+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
@ -176,9 +176,9 @@ diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/incl
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
|
||||
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
|
||||
diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
|
||||
--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
|
@ -1,12 +1,12 @@
|
||||
diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
|
||||
diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1i/include/openssl/opensslv.h.version-override 2020-12-09 10:25:12.042374409 +0100
|
||||
+++ openssl-1.1.1i/include/openssl/opensslv.h 2020-12-09 10:26:00.362769170 +0100
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010108fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h 22 Sep 2020"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h FIPS 22 Sep 2020"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010109fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i 8 Dec 2020"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i FIPS 8 Dec 2020"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
@ -21,7 +21,7 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1h
|
||||
Version: 1.1.1i
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
@ -473,6 +473,9 @@ export LD_LIBRARY_PATH
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Wed Dec 9 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1i-1
|
||||
- Update to the 1.1.1i release fixing CVE-2020-1971
|
||||
|
||||
* Mon Nov 9 2020 Sahana Prasad <sahana@redhat.com> - 1.1.1h-1
|
||||
- Upgrade to version 1.1.1.h
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908
|
||||
SHA512 (openssl-1.1.1i-hobbled.tar.xz) = e131a05e88690a7be7c3d74cbb26620130498ced2ce3d7fd55979aab5ea736ec8b268ba92268bd5bc347989325a3950a066883007cb20c2dd9739fd1eafc513f
|
||||
|
Loading…
Reference in New Issue
Block a user