rpms/compat-openssl11
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c9-beta
Branches Tags
rpms:c9-beta
rpms:c10s
rpms:c9s
rpms:a9-debug
rpms:c9
rpms:imports/c10s/compat-openssl11-1.1.1k-5.el10
rpms:imports/c9-beta/compat-openssl11-1.1.1k-4.el9_0
rpms:imports/c9/compat-openssl11-1.1.1k-4.el9_0
rpms:imports/c9/compat-openssl11-1.1.1k-3.el9
rpms:imports/c9-beta/compat-openssl11-1.1.1k-4.el9_b
rpms:imports/c9-beta/compat-openssl11-1.1.1k-3.el9
...
pull from: rpms:c10s
Branches Tags
rpms:c10s
rpms:c9s
rpms:c9-beta
rpms:a9-debug
rpms:c9
rpms:imports/c10s/compat-openssl11-1.1.1k-5.el10
rpms:imports/c9-beta/compat-openssl11-1.1.1k-4.el9_0
rpms:imports/c9/compat-openssl11-1.1.1k-4.el9_0
rpms:imports/c9/compat-openssl11-1.1.1k-3.el9
rpms:imports/c9-beta/compat-openssl11-1.1.1k-4.el9_b
rpms:imports/c9-beta/compat-openssl11-1.1.1k-3.el9

No commits in common. "c9-beta" and "c10s" have entirely different histories.
c9-beta ... c10s

48 changed files with 1209 additions and 5 deletions
Show Stats Expand all files Collapse all files

1
.compat-openssl11.metadata
View File

@ -1 +0,0 @@
7d1836f812e22f8e488430cfc30e2bac5e8a7b3d SOURCES/openssl-1.1.1k-hobbled.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/openssl-1.1.1k-hobbled.tar.xz /openssl-1.1.1k-hobbled.tar.xz

0
SOURCES/Makefile.certificate → Makefile.certificate
View File

12
SPECS/compat-openssl11.spec → compat-openssl11.spec
View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: compat-openssl11 Name: compat-openssl11
Version: 1.1.1k Version: 1.1.1k
Release: 4%{?dist} Release: 5%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -76,6 +76,7 @@ Patch53: openssl-1.1.1-fips-crng-test.patch
Patch55: openssl-1.1.1-arm-update.patch Patch55: openssl-1.1.1-arm-update.patch
Patch56: openssl-1.1.1-s390x-ecc.patch Patch56: openssl-1.1.1-s390x-ecc.patch
Patch73: openssl-1.1.1-cve-2022-0778.patch Patch73: openssl-1.1.1-cve-2022-0778.patch
Patch83: openssl-1.1.1-replace-expired-certs.patch
License: OpenSSL and ASL 2.0 License: OpenSSL and ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -145,6 +146,7 @@ cp %{SOURCE13} test/
%patch71 -p1 -b .conf-new %patch71 -p1 -b .conf-new
%patch72 -p1 -b .disable-fips %patch72 -p1 -b .disable-fips
%patch73 -p1 -b .cve-2022-0778 %patch73 -p1 -b .cve-2022-0778
%patch -P 83 -p1 -b .replace-expired-certs
cp apps/openssl.cnf apps/openssl11.cnf cp apps/openssl.cnf apps/openssl11.cnf
@ -313,11 +315,15 @@ install -m 644 apps/openssl11.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl1
%ldconfig_scriptlets %ldconfig_scriptlets
%changelog %changelog
* Thu Sep 21 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-5
- Update expired certificates used in the testsuite
Resolves: RHEL-5297
* Mon May 30 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-4 * Mon May 30 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-4
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Resolves: rhbz#2063147 Resolves: rhbz#2063148
- Disable FIPS mode; it does not work and will not be certified - Disable FIPS mode; it does not work and will not be certified
Resolves: rhbz#2091968 Resolves: rhbz#2013669
* Tue Oct 05 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-3 * Tue Oct 05 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-3
- updates OPENSSL_CONF to openssl11.cnf. - updates OPENSSL_CONF to openssl11.cnf.

0
SOURCES/ec_curve.c → ec_curve.c
View File

0
SOURCES/ectest.c → ectest.c
View File

15
fixpatch Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
# Fixes patch from upstream tracker view
gawk '
BEGIN {
dir=""
}
/^Index: openssl\// {
dir = $2
}
/^(---|\+\+\+)/ {
$2 = dir
}
{
print
}'

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}

0
SOURCES/hobble-openssl → hobble-openssl
View File

0
SOURCES/make-dummy-cert → make-dummy-cert
View File

0
SOURCES/openssl-1.1.1-alpn-cb.patch → openssl-1.1.1-alpn-cb.patch
View File

0
SOURCES/openssl-1.1.1-apps-dgst.patch → openssl-1.1.1-apps-dgst.patch
View File

0
SOURCES/openssl-1.1.1-arm-update.patch → openssl-1.1.1-arm-update.patch
View File

0
SOURCES/openssl-1.1.1-build.patch → openssl-1.1.1-build.patch
View File

0
SOURCES/openssl-1.1.1-conf-paths.patch → openssl-1.1.1-conf-paths.patch
View File

0
SOURCES/openssl-1.1.1-cve-2022-0778.patch → openssl-1.1.1-cve-2022-0778.patch
View File

0
SOURCES/openssl-1.1.1-defaults.patch → openssl-1.1.1-defaults.patch
View File

0
SOURCES/openssl-1.1.1-disable-fips.patch → openssl-1.1.1-disable-fips.patch
View File

0
SOURCES/openssl-1.1.1-disable-ssl3.patch → openssl-1.1.1-disable-ssl3.patch
View File

0
SOURCES/openssl-1.1.1-ec-curves.patch → openssl-1.1.1-ec-curves.patch
View File

0
SOURCES/openssl-1.1.1-edk2-build.patch → openssl-1.1.1-edk2-build.patch
View File

0
SOURCES/openssl-1.1.1-evp-kdf.patch → openssl-1.1.1-evp-kdf.patch
View File

0
SOURCES/openssl-1.1.1-fips-crng-test.patch → openssl-1.1.1-fips-crng-test.patch
View File

0
SOURCES/openssl-1.1.1-fips-curves.patch → openssl-1.1.1-fips-curves.patch
View File

0
SOURCES/openssl-1.1.1-fips-dh.patch → openssl-1.1.1-fips-dh.patch
View File

0
SOURCES/openssl-1.1.1-fips-drbg-selftest.patch → openssl-1.1.1-fips-drbg-selftest.patch
View File

0
SOURCES/openssl-1.1.1-fips-post-rand.patch → openssl-1.1.1-fips-post-rand.patch
View File

0
SOURCES/openssl-1.1.1-fips.patch → openssl-1.1.1-fips.patch
View File

0
SOURCES/openssl-1.1.1-intel-cet.patch → openssl-1.1.1-intel-cet.patch
View File

0
SOURCES/openssl-1.1.1-kdf-selftest.patch → openssl-1.1.1-kdf-selftest.patch
View File

0
SOURCES/openssl-1.1.1-krb5-kdf.patch → openssl-1.1.1-krb5-kdf.patch
View File

0
SOURCES/openssl-1.1.1-man-rename.patch → openssl-1.1.1-man-rename.patch
View File

0
SOURCES/openssl-1.1.1-new-config-file.patch → openssl-1.1.1-new-config-file.patch
View File

0
SOURCES/openssl-1.1.1-no-brainpool.patch → openssl-1.1.1-no-brainpool.patch
View File

0
SOURCES/openssl-1.1.1-no-html.patch → openssl-1.1.1-no-html.patch
View File

0
SOURCES/openssl-1.1.1-no-weak-verify.patch → openssl-1.1.1-no-weak-verify.patch
View File

1176
openssl-1.1.1-replace-expired-certs.patch Normal file
View File

File diff suppressed because it is too large Load Diff

0
SOURCES/openssl-1.1.1-rewire-fips-drbg.patch → openssl-1.1.1-rewire-fips-drbg.patch
View File

0
SOURCES/openssl-1.1.1-s390x-ecc.patch → openssl-1.1.1-s390x-ecc.patch
View File

0
SOURCES/openssl-1.1.1-s390x-update.patch → openssl-1.1.1-s390x-update.patch
View File

0
SOURCES/openssl-1.1.1-seclevel.patch → openssl-1.1.1-seclevel.patch
View File

0
SOURCES/openssl-1.1.1-ssh-kdf.patch → openssl-1.1.1-ssh-kdf.patch
View File

0
SOURCES/openssl-1.1.1-system-cipherlist.patch → openssl-1.1.1-system-cipherlist.patch
View File

0
SOURCES/openssl-1.1.1-ts-sha256-default.patch → openssl-1.1.1-ts-sha256-default.patch
View File

0
SOURCES/openssl-1.1.1-version-add-engines.patch → openssl-1.1.1-version-add-engines.patch
View File

0
SOURCES/openssl-1.1.1-weak-ciphers.patch → openssl-1.1.1-weak-ciphers.patch
View File

0
SOURCES/renew-dummy-cert → renew-dummy-cert
View File

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (openssl-1.1.1k-hobbled.tar.xz) = b5282e40af8f28f7a859dfddeb269f3a4b0f4fb535de330dfd3ad14a123b57fe66e3880c6c9aacf49865175b1f7f6c88cae31451a99d4ac2b2cb1c5135d4ada9