From 32908974c2d4f7ac177a8ac35184730c399d9a61 Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Tue, 5 Jul 2022 14:01:19 +0200 Subject: [PATCH] Rebase to upstream version 3.0.5 Also fixes CVE-2022-2097, which only affects i686. Related: rhbz#2099972 Signed-off-by: Clemens Lang --- .gitignore | 1 + 0058-replace-expired-certs.patch | 38 -------------------------------- openssl.spec | 10 +++++---- sources | 2 +- 4 files changed, 8 insertions(+), 43 deletions(-) delete mode 100644 0058-replace-expired-certs.patch diff --git a/.gitignore b/.gitignore index e4d664d..45b4c39 100644 --- a/.gitignore +++ b/.gitignore @@ -55,3 +55,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.0.0-hobbled.tar.xz /openssl-3.0.2-hobbled.tar.gz /openssl-3.0.3-hobbled.tar.gz +/openssl-3.0.5-hobbled.tar.xz diff --git a/0058-replace-expired-certs.patch b/0058-replace-expired-certs.patch deleted file mode 100644 index c88e94f..0000000 --- a/0058-replace-expired-certs.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem -index 1fa449d5a098..6aa9455f09ed 100644 ---- a/test/certs/embeddedSCTs1_issuer.pem -+++ b/test/certs/embeddedSCTs1_issuer.pem -@@ -1,18 +1,18 @@ - -----BEGIN CERTIFICATE----- --MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk -+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk - MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX --YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw --MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu --c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf --MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 --jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP --KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL --svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk --tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG --A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO --MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB --/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt --OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy --f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP --OwqULg== -+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw -+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy -+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w -+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG -+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4 -+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG -+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw -+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw -+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB -+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD -+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq -++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo -+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c -+Doud4XrO - -----END CERTIFICATE----- diff --git a/openssl.spec b/openssl.spec index 714320d..de48d0e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -14,13 +14,13 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.0.3 +Version: 3.0.5 Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-hobbled.tar.gz +Source: openssl-%{version}-hobbled.tar.xz Source1: hobble-openssl Source2: Makefile.certificate Source3: genpatches @@ -83,8 +83,6 @@ Patch53: 0053-Add-SHA1-probes.patch # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 # so the patch should persist Patch56: 0056-strcasecmp.patch -# https://github.com/openssl/openssl/pull/18444 -Patch58: 0058-replace-expired-certs.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -416,6 +414,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Tue Jul 05 2022 Clemens Lang - 1:3.0.5-1 +- Rebase to upstream version 3.0.5 + Related: rhbz#2099972, CVE-2022-2097 + * Wed Jun 01 2022 Dmitry Belyavskiy - 1:3.0.3-1 - Rebase to upstream version 3.0.3 diff --git a/sources b/sources index 134d27a..98fbb23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.3-hobbled.tar.gz) = 474a6309e0457ad33ec4b5f98606ba7ee6fa15dd0abb26a1da80fa37e3fc0ec535b858e03aceb4ce675dcce6a26796c802d8bf8ebb4adc350e6b3ea95810a61b +SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf