forked from rpms/openssl
parent
60357072e0
commit
f7a30f9a15
14
openssl-1.1.1-ignore-bound.patch
Normal file
14
openssl-1.1.1-ignore-bound.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
Do not return failure when setting version bound on fixed protocol
|
||||||
|
version method.
|
||||||
|
diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c
|
||||||
|
--- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound 2018-06-20 16:48:13.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c 2018-08-13 11:07:52.826304045 +0200
|
||||||
|
@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver
|
||||||
|
* methods are not subject to controls that disable individual protocol
|
||||||
|
* versions.
|
||||||
|
*/
|
||||||
|
- return 0;
|
||||||
|
+ return 1;
|
||||||
|
|
||||||
|
case TLS_ANY_VERSION:
|
||||||
|
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
|
@ -24,7 +24,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1
|
Version: 1.1.1
|
||||||
Release: 0.%{prerelease}.2%{?dist}
|
Release: 0.%{prerelease}.3%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -56,6 +56,7 @@ Patch38: openssl-1.1.0-no-weak-verify.patch
|
|||||||
Patch40: openssl-1.1.1-disable-ssl3.patch
|
Patch40: openssl-1.1.1-disable-ssl3.patch
|
||||||
Patch41: openssl-1.1.1-system-cipherlist.patch
|
Patch41: openssl-1.1.1-system-cipherlist.patch
|
||||||
Patch42: openssl-1.1.1-fips.patch
|
Patch42: openssl-1.1.1-fips.patch
|
||||||
|
Patch43: openssl-1.1.1-ignore-bound.patch
|
||||||
Patch44: openssl-1.1.1-version-override.patch
|
Patch44: openssl-1.1.1-version-override.patch
|
||||||
Patch45: openssl-1.1.0-weak-ciphers.patch
|
Patch45: openssl-1.1.0-weak-ciphers.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
@ -157,6 +158,7 @@ cp %{SOURCE13} test/
|
|||||||
%patch40 -p1 -b .disable-ssl3
|
%patch40 -p1 -b .disable-ssl3
|
||||||
%patch41 -p1 -b .system-cipherlist
|
%patch41 -p1 -b .system-cipherlist
|
||||||
%patch42 -p1 -b .fips
|
%patch42 -p1 -b .fips
|
||||||
|
%patch43 -p1 -b .ignore-bound
|
||||||
%patch44 -p1 -b .version-override
|
%patch44 -p1 -b .version-override
|
||||||
%patch45 -p1 -b .weak-ciphers
|
%patch45 -p1 -b .weak-ciphers
|
||||||
|
|
||||||
@ -440,6 +442,10 @@ export LD_LIBRARY_PATH
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 13 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.3
|
||||||
|
- do not put error on stack when using fixed protocol version
|
||||||
|
with the default config (#1615098)
|
||||||
|
|
||||||
* Fri Jul 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.2
|
* Fri Jul 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.2
|
||||||
- load crypto policy config file from the default config
|
- load crypto policy config file from the default config
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user