forked from rpms/openssl
Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssl.git#a07706cf0e50b02a61d3cb10ecad554d4ac4240c
This commit is contained in:
parent
a99ab8f40a
commit
e33651f416
1
.gitignore
vendored
1
.gitignore
vendored
@ -49,3 +49,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.1.1f-hobbled.tar.xz
|
/openssl-1.1.1f-hobbled.tar.xz
|
||||||
/openssl-1.1.1g-hobbled.tar.xz
|
/openssl-1.1.1g-hobbled.tar.xz
|
||||||
/openssl-1.1.1h-hobbled.tar.xz
|
/openssl-1.1.1h-hobbled.tar.xz
|
||||||
|
/openssl-1.1.1i-hobbled.tar.xz
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
|
diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
|
||||||
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
|
--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100
|
||||||
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
|
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100
|
||||||
@@ -68,6 +68,7 @@
|
@@ -68,6 +68,7 @@
|
||||||
|
|
||||||
# include <openssl/fips.h>
|
# include <openssl/fips.h>
|
||||||
@ -51,10 +51,10 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/
|
|||||||
ret = 1;
|
ret = 1;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
|
diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
|
||||||
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||||
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
|
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100
|
||||||
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -75,9 +75,9 @@ diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/cry
|
|||||||
/* Implements the default OpenSSL RAND_add() method */
|
/* Implements the default OpenSSL RAND_add() method */
|
||||||
static int drbg_add(const void *buf, int num, double randomness)
|
static int drbg_add(const void *buf, int num, double randomness)
|
||||||
{
|
{
|
||||||
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
|
diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
|
||||||
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||||
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
|
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100
|
||||||
@@ -17,10 +17,12 @@
|
@@ -17,10 +17,12 @@
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include "rand_local.h"
|
#include "rand_local.h"
|
||||||
@ -91,7 +91,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
# ifdef DEVRANDOM_WAIT
|
# ifdef DEVRANDOM_WAIT
|
||||||
# include <sys/shm.h>
|
# include <sys/shm.h>
|
||||||
# include <sys/utsname.h>
|
# include <sys/utsname.h>
|
||||||
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
|
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
|
||||||
* syscall_random(): Try to get random data using a system call
|
* syscall_random(): Try to get random data using a system call
|
||||||
* returns the number of bytes returned in buf, or < 0 on error.
|
* returns the number of bytes returned in buf, or < 0 on error.
|
||||||
*/
|
*/
|
||||||
@ -100,15 +100,15 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||||
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
|
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
|
||||||
* - Linux since 3.17 with glibc 2.25
|
* Note: Sometimes getentropy() can be provided but not implemented
|
||||||
* - FreeBSD since 12.0 (1200061)
|
* internally. So we need to check errno for ENOSYS
|
||||||
*/
|
*/
|
||||||
+# if 0
|
+# if 0
|
||||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||||
|
|
||||||
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
|
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
|
||||||
if (p_getentropy.p != NULL)
|
if (p_getentropy.p != NULL)
|
||||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||||
# endif
|
# endif
|
||||||
@ -122,7 +122,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||||
return sysctl_random(buf, buflen);
|
return sysctl_random(buf, buflen);
|
||||||
# else
|
# else
|
||||||
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
size_t entropy_available;
|
size_t entropy_available;
|
||||||
|
|
||||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||||
@ -132,7 +132,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
{
|
{
|
||||||
size_t bytes_needed;
|
size_t bytes_needed;
|
||||||
unsigned char *buffer;
|
unsigned char *buffer;
|
||||||
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||||
while (bytes_needed != 0 && attempts-- > 0) {
|
while (bytes_needed != 0 && attempts-- > 0) {
|
||||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||||
@ -141,7 +141,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
if (bytes > 0) {
|
if (bytes > 0) {
|
||||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||||
bytes_needed -= bytes;
|
bytes_needed -= bytes;
|
||||||
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
int attempts = 3;
|
int attempts = 3;
|
||||||
const int fd = get_random_device(i);
|
const int fd = get_random_device(i);
|
||||||
|
|
||||||
@ -153,7 +153,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
|
|
||||||
while (bytes_needed != 0 && attempts-- > 0) {
|
while (bytes_needed != 0 && attempts-- > 0) {
|
||||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||||
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
return entropy_available;
|
return entropy_available;
|
||||||
}
|
}
|
||||||
# endif
|
# endif
|
||||||
@ -164,9 +164,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||||||
return rand_pool_entropy_available(pool);
|
return rand_pool_entropy_available(pool);
|
||||||
# endif
|
# endif
|
||||||
}
|
}
|
||||||
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
|
diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
|
||||||
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
|
--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100
|
||||||
+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
|
+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100
|
||||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||||
int FIPS_selftest_drbg(void);
|
int FIPS_selftest_drbg(void);
|
||||||
int FIPS_selftest_cmac(void);
|
int FIPS_selftest_cmac(void);
|
||||||
@ -176,9 +176,9 @@ diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/incl
|
|||||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||||
const unsigned char *tbs, int tbslen,
|
const unsigned char *tbs, int tbslen,
|
||||||
const unsigned char *kat,
|
const unsigned char *kat,
|
||||||
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
|
diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
|
||||||
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||||
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
|
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100
|
||||||
@@ -24,6 +24,7 @@
|
@@ -24,6 +24,7 @@
|
||||||
typedef struct rand_pool_st RAND_POOL;
|
typedef struct rand_pool_st RAND_POOL;
|
||||||
|
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
|
diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h
|
||||||
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
|
--- openssl-1.1.1i/include/openssl/opensslv.h.version-override 2020-12-09 10:25:12.042374409 +0100
|
||||||
+++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
|
+++ openssl-1.1.1i/include/openssl/opensslv.h 2020-12-09 10:26:00.362769170 +0100
|
||||||
@@ -40,7 +40,7 @@ extern "C" {
|
@@ -40,7 +40,7 @@ extern "C" {
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x1010108fL
|
# define OPENSSL_VERSION_NUMBER 0x1010109fL
|
||||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h 22 Sep 2020"
|
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i 8 Dec 2020"
|
||||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h FIPS 22 Sep 2020"
|
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i FIPS 8 Dec 2020"
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1h
|
Version: 1.1.1i
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
@ -473,6 +473,9 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 9 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1i-1
|
||||||
|
- Update to the 1.1.1i release fixing CVE-2020-1971
|
||||||
|
|
||||||
* Mon Nov 9 2020 Sahana Prasad <sahana@redhat.com> - 1.1.1h-1
|
* Mon Nov 9 2020 Sahana Prasad <sahana@redhat.com> - 1.1.1h-1
|
||||||
- Upgrade to version 1.1.1.h
|
- Upgrade to version 1.1.1.h
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908
|
SHA512 (openssl-1.1.1i-hobbled.tar.xz) = e131a05e88690a7be7c3d74cbb26620130498ced2ce3d7fd55979aab5ea736ec8b268ba92268bd5bc347989325a3950a066883007cb20c2dd9739fd1eafc513f
|
||||||
|
Loading…
Reference in New Issue
Block a user