.compat-openssl10.metadata

@@ -1 +0,0 @@
-2ac8126227680036640345eeeb54203a8ee847b9 SOURCES/openssl-1.0.2o-hobbled.tar.xz

.gitignore

@@ -1 +1,5 @@
-SOURCES/openssl-1.0.2o-hobbled.tar.xz
+.build*.log
+clog
+000*.patch
+*.src.rpm
+*.tar.xz

SOURCES/openssl-1.0.2-cve-2023-0286-X400.patch

@@ -1,30 +0,0 @@
-From: Petr Hybl <phybl@redhat.com>
-Date: Tue, 29 Apr 2025 17:45:42 +0000
-Subject: CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
-diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
-index 9bb01ee..8cbcbe0 100644
---- a/crypto/x509v3/v3_genn.c
-+++ b/crypto/x509v3/v3_genn.c
-@@ -116,6 +116,9 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
-         return -1;
-     switch (a->type) {
-     case GEN_X400:
-+        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
-+        break;
-+
-     case GEN_EDIPARTY:
-         result = ASN1_TYPE_cmp(a->d.other, b->d.other);
-         break;
-diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
-index f5c6156..7328acd 100644
---- a/crypto/x509v3/x509v3.h
-+++ b/crypto/x509v3/x509v3.h
-@@ -190,7 +190,7 @@ typedef struct GENERAL_NAME_st {
-         OTHERNAME *otherName;   /* otherName */
-         ASN1_IA5STRING *rfc822Name;
-         ASN1_IA5STRING *dNSName;
--        ASN1_TYPE *x400Address;
-+        ASN1_STRING *x400Address;
-         X509_NAME *directoryName;
-         EDIPARTYNAME *ediPartyName;
-         ASN1_IA5STRING *uniformResourceIdentifier;

compat-openssl10.spec

@@ -22,7 +22,7 @@
 Summary: Compatibility version of the OpenSSL library
 Name: compat-openssl10
 Version: 1.0.2o
-Release: 4%{?dist}.1
+Release: 4%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -94,7 +94,6 @@ Patch81: openssl-1.0.2a-padlock64.patch
 Patch82: openssl-1.0.2m-trusted-first-doc.patch
 Patch83: openssl-1.0.2o-cve-2022-0778.patch
 Patch84: openssl-1.0.2o-update-expired-certificates.patch
-Patch85: openssl-1.0.2-cve-2023-0286-X400.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -199,7 +198,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch82 -p1 -b .trusted-first
 %patch83 -p1 -b .cve-2022-0778
 %patch84 -p1 -b .update-expired-certificates
-%patch85 -p1 -b .cve-2023-0286
 
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
 
@@ -422,10 +420,6 @@ install -m 644 apps/openssl10.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/openssl10.cn
 %postun -p /sbin/ldconfig
 
 %changelog
-* Tue Apr 29 2025 Petr Hybl <phybl@redhat.com> - 1.1.0.2o-4.1
-- Fix CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
-  Resolves: RHEL-9699
-
 * Wed May 04 2022 Clemens Lang <cllang@redhat.com> - 1:1.0.2o-4
 - Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
   Resolves: rhbz#2077418

gating.yaml

@@ -0,0 +1,7 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}

sources

@@ -0,0 +1 @@
+SHA512 (openssl-1.0.2o-hobbled.tar.xz) = e0c2da98288c5546a4821598784c3cfbb11120c667e815d00ab6143e13cd45037d5f6e4ee8b076ae690ac8eabc8bf68d37c57d386158df3a6b9e2e851713c423