2 changed files with 98 additions and 13 deletions
--- a/SOURCES/0001-Define-OPENSSL_API_COMPAT-to-0x10101000L.patch
+++ b/SOURCES/0001-Define-OPENSSL_API_COMPAT-to-0x10101000L.patch
@ -0,0 +1,53 @@
 From b339a18aa06c78d64ac33d891d400eac7b86fff3 Mon Sep 17 00:00:00 2001
 From: Jakub Hrozek <jhrozek@redhat.com>
 Date: Mon, 17 May 2021 13:30:24 +0200
 Subject: [PATCH] Define OPENSSL_API_COMPAT to 0x10101000L
 ---
 src/jwe.c | 2 ++
 src/jwk.c | 2 ++
 src/jws.c | 2 ++
 3 files changed, 6 insertions(+)
 diff --git a/src/jwe.c b/src/jwe.c
 index 822d408..d6f3149 100644
 --- a/src/jwe.c
 +++ b/src/jwe.c
@@ -5,6 +5,8 @@
  * Copyright (c) 2014-2016 Cisco Systems, Inc.  All Rights Reserved.
  */
 +#define OPENSSL_API_COMPAT 0x10101000L
 +
 #include <cjose/base64.h>
 #include <cjose/header.h>
 #include <cjose/jwe.h>
 diff --git a/src/jwk.c b/src/jwk.c
 index 860f0e7..87408e9 100644
 --- a/src/jwk.c
 +++ b/src/jwk.c
@@ -5,6 +5,8 @@
  * Copyright (c) 2014-2016 Cisco Systems, Inc.  All Rights Reserved.
  */
 +#define OPENSSL_API_COMPAT 0x10101000L
 +
 #include "include/jwk_int.h"
 #include "include/util_int.h"
 diff --git a/src/jws.c b/src/jws.c
 index 4e03554..9d682a0 100644
 --- a/src/jws.c
 +++ b/src/jws.c
@@ -5,6 +5,8 @@
  * Copyright (c) 2014-2016 Cisco Systems, Inc.  All Rights Reserved.
  */
 +#define OPENSSL_API_COMPAT 0x10101000L
 +
 #include <cjose/base64.h>
 #include <cjose/header.h>
 #include <cjose/jws.h>
 -- 
 2.31.1
--- a/SPECS/cjose.spec
+++ b/SPECS/cjose.spec
@ -1,6 +1,6 @@
 Name:           cjose
 Version:        0.6.1
-Release:        4%{?dist}
+Release:        13%{?dist}.alma
 Summary:        C library implementing the Javascript Object Signing and Encryption (JOSE)
 License:        MIT
@ -8,14 +8,20 @@ URL:            https://github.com/cisco/cjose
 Source0:  	https://github.com/cisco/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
 Patch1: concatkdf.patch
-Patch2: 0002-check-cjose_get_alloc.patch
+Patch2: 0001-Define-OPENSSL_API_COMPAT-to-0x10101000L.patch
-Patch3: 0003-CVE-2023-37464.patch
+
 # The patches was taken from upstream:
 # https://gitlab.com/redhat/centos-stream/rpms/cjose/-/commit/c09f48e67e42046a70a0caaf1694da7eb5b26e7a
 Patch3: 0002-check-cjose_get_alloc.patch
 # https://gitlab.com/redhat/centos-stream/rpms/cjose/-/commit/7b8e54694b4af7a26afd98c8e2bd7803ebeee545
 Patch4: 0003-CVE-2023-37464.patch
 BuildRequires:  gcc
 BuildRequires:  doxygen
 BuildRequires:  openssl-devel
 BuildRequires:  jansson-devel
 BuildRequires:  check-devel
 BuildRequires: make
 %description
 Implementation of JOSE for C/C++
@ -44,9 +50,7 @@ find %{buildroot} -name '*.a' -exec rm -f {} ';'
 find %{buildroot} -name '*.la' -exec rm -f {} ';'
-%post -p /sbin/ldconfig
+%ldconfig_scriptlets
 %postun -p /sbin/ldconfig
 %check
@ -66,14 +70,42 @@ make check || (cat test/test-suite.log; exit 1)
 %changelog
-* Wed Jul 19 2023 <thalman@redhat.com> - 0.6.1-4
+* Wed Aug 02 2023 Eduard Abdullin <eabdullin@almalinux.org> - 0.6.1-13.alma
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
+- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE
  Authentication Tag provided in the JWE
  Resolves: rhbz#2223308
 * Fri Mar 17 2023 <thalman@redhat.com> - 0.6.1-3
 - Random memory override
-  Resolves: rhbz#2072469
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-12
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 0.6.1-11
 - Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-10
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
 * Mon May 17 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.6.1-9
 - enable build with openssl 3.0
 - Resolves: rhbz#1958026
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-8
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Thu Aug  2 2018  <jdennis@redhat.com> - 0.6.1-2
 - fix concatkdf big endian architecture problem.