.compat-openssl10.metadata

@@ -0,0 +1 @@
+2ac8126227680036640345eeeb54203a8ee847b9 SOURCES/openssl-1.0.2o-hobbled.tar.xz

.gitignore

@@ -1,5 +1 @@
-.build*.log
-clog
-000*.patch
-*.src.rpm
-*.tar.xz
+SOURCES/openssl-1.0.2o-hobbled.tar.xz

SOURCES/openssl-1.0.2-cve-2023-0286-X400.patch

@@ -0,0 +1,30 @@
+From: Petr Hybl <phybl@redhat.com>
+Date: Tue, 29 Apr 2025 17:45:42 +0000
+Subject: CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
+diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
+index 9bb01ee..8cbcbe0 100644
+--- a/crypto/x509v3/v3_genn.c
++++ b/crypto/x509v3/v3_genn.c
+@@ -116,6 +116,9 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
++        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
++        break;
++
+     case GEN_EDIPARTY:
+         result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+         break;
+diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
+index f5c6156..7328acd 100644
+--- a/crypto/x509v3/x509v3.h
++++ b/crypto/x509v3/x509v3.h
+@@ -190,7 +190,7 @@ typedef struct GENERAL_NAME_st {
+         OTHERNAME *otherName;   /* otherName */
+         ASN1_IA5STRING *rfc822Name;
+         ASN1_IA5STRING *dNSName;
+-        ASN1_TYPE *x400Address;
++        ASN1_STRING *x400Address;
+         X509_NAME *directoryName;
+         EDIPARTYNAME *ediPartyName;
+         ASN1_IA5STRING *uniformResourceIdentifier;

SPECS/compat-openssl10.spec

@@ -22,7 +22,7 @@
 Summary: Compatibility version of the OpenSSL library
 Name: compat-openssl10
 Version: 1.0.2o
-Release: 4%{?dist}
+Release: 4%{?dist}.1
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -94,6 +94,7 @@ Patch81: openssl-1.0.2a-padlock64.patch
 Patch82: openssl-1.0.2m-trusted-first-doc.patch
 Patch83: openssl-1.0.2o-cve-2022-0778.patch
 Patch84: openssl-1.0.2o-update-expired-certificates.patch
+Patch85: openssl-1.0.2-cve-2023-0286-X400.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -198,6 +199,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch82 -p1 -b .trusted-first
 %patch83 -p1 -b .cve-2022-0778
 %patch84 -p1 -b .update-expired-certificates
+%patch85 -p1 -b .cve-2023-0286
 
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
 
@@ -420,6 +422,10 @@ install -m 644 apps/openssl10.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/openssl10.cn
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Apr 29 2025 Petr Hybl <phybl@redhat.com> - 1.1.0.2o-4.1
+- Fix CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
+  Resolves: RHEL-9699
+
 * Wed May 04 2022 Clemens Lang <cllang@redhat.com> - 1:1.0.2o-4
 - Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
   Resolves: rhbz#2077418

gating.yaml

@@ -1,7 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}

sources

@@ -1 +0,0 @@
-SHA512 (openssl-1.0.2o-hobbled.tar.xz) = e0c2da98288c5546a4821598784c3cfbb11120c667e815d00ab6143e13cd45037d5f6e4ee8b076ae690ac8eabc8bf68d37c57d386158df3a6b9e2e851713c423