Backport implicit rejection for RSA PKCS#1 v1.5 encryption

Resolves: rhbz#215347
2023-04-28 19:09:47 +02:00 · 2023-04-28 19:09:47 +02:00 · 45cb3a6b4e
commit 45cb3a6b4e
parent 7680abf05d
2 changed files with 1363 additions and 1 deletions
--- a/0120-RSA-PKCS15-implicit-rejection.patch
+++ b/0120-RSA-PKCS15-implicit-rejection.patch
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 14%{?dist}
+Release: 15%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -187,6 +187,10 @@ Patch117: 0117-CVE-2023-0466.patch
 # AES-XTS CVE
 Patch118: 0118-CVE-2023-1255.patch

+#https://github.com/openssl/openssl/pull/13817
+#https://bugzilla.redhat.com/show_bug.cgi?id=2153471
+Patch120: 0120-RSA-PKCS15-implicit-rejection.patch
+
 License: ASL 2.0
 URL: http://www.openssl.org/
 BuildRequires: gcc g++
@ -516,6 +520,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs

 %changelog
+* Fri Apr 28 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-15
+- Backport implicit rejection for RSA PKCS#1 v1.5 encryption
+  Resolves: rhbz#2153471
+
 * Fri Apr 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-14
 - Input buffer over-read in AES-XTS implementation on 64 bit ARM
  Resolves: rhbz#2188554