Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series

Resolves: RHEL-17696
2023-11-30 12:09:40 +01:00 · 2023-11-30 12:09:40 +01:00 · 09a086d240
commit 09a086d240
parent c7561b3a10
2 changed files with 1151 additions and 1 deletions
--- a/openssl-1.1.1-pkcs1-implicit-rejection.patch
+++ b/openssl-1.1.1-pkcs1-implicit-rejection.patch
--- a/openssl.spec
+++ b/openssl.spec
@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1k
-Release: 11%{?dist}
+Release: 12%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -96,6 +96,9 @@ Patch104: openssl-1.1.1-cve-2023-0286-X400.patch
 Patch105: openssl-1.1.1-cve-2023-3446.patch
 Patch106: openssl-1.1.1-cve-2023-3817.patch
 Patch107: openssl-1.1.1-cve-2023-5678.patch
 # Backport from OpenSSL 3.2/RHEL 9
 # Proper fix for CVE-2020-25659
 Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
 License: OpenSSL and ASL 2.0
 URL: http://www.openssl.org/
@ -228,6 +231,7 @@ cp %{SOURCE13} test/
 %patch105 -p1 -b .cve-2023-3446
 %patch106 -p1 -b .cve-2023-3817
 %patch107 -p1 -b .cve-2023-5678
 %patch108 -p1 -b .pkcs15imprejection
 %build
 # Figure out which flags we want to use.
@ -511,6 +515,11 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 %changelog
 * Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
 - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
  (a proper fix for CVE-2020-25659)
  Resolves: RHEL-17696
 * Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
 - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
  excessively long X9.42 DH keys or parameters may be very slow