rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Rebasing to OpenSSL 3.0.3

Browse Source 
Resolves: rhbz#2091987
This commit is contained in:
Dmitry Belyavskiy 2022-06-01 13:08:26 +02:00
parent efdb8c60a3
commit 8a03afa13c
7 changed files with 72 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -54,3 +54,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1k-hobbled.tar.xz /openssl-1.1.1k-hobbled.tar.xz
/openssl-3.0.0-hobbled.tar.xz /openssl-3.0.0-hobbled.tar.xz
/openssl-3.0.2-hobbled.tar.gz /openssl-3.0.2-hobbled.tar.gz
/openssl-3.0.3-hobbled.tar.gz

4
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
--- a/util/libcrypto.num --- a/util/libcrypto.num
+++ b/util/libcrypto.num +++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
-- --
2.26.2 2.26.2

4
0049-Allow-disabling-of-SHA1-signatures.patch
View File

@ -493,8 +493,8 @@ index 10b4e57d79..2d3c363bb0 100644
--- a/util/libcrypto.num --- a/util/libcrypto.num
+++ b/util/libcrypto.num +++ b/util/libcrypto.num
@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION: @@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:

14
0056-strcasecmp.patch Normal file
View File

@ -0,0 +1,14 @@
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
-OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
-OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
+OPENSSL_strcasecmp 5556 3_0_1 EXIST::FUNCTION:
+OPENSSL_strncasecmp 5557 3_0_1 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:

38
0058-replace-expired-certs.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
index 1fa449d5a098..6aa9455f09ed 100644
--- a/test/certs/embeddedSCTs1_issuer.pem
+++ b/test/certs/embeddedSCTs1_issuer.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
-OwqULg==
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
+Doud4XrO
-----END CERTIFICATE-----

16
openssl.spec
View File

@ -14,8 +14,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.2 Version: 3.0.3
Release: 4%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -79,6 +79,12 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
# Instrument with USDT probes related to SHA-1 deprecation # Instrument with USDT probes related to SHA-1 deprecation
Patch53: 0053-Add-SHA1-probes.patch Patch53: 0053-Add-SHA1-probes.patch
%endif %endif
# https://github.com/openssl/openssl/pull/18103
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
# so the patch should persist
Patch56: 0056-strcasecmp.patch
# https://github.com/openssl/openssl/pull/18444
Patch58: 0058-replace-expired-certs.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -410,6 +416,12 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed Jun 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.3-1
- Rebase to upstream version 3.0.3
* Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-5
- Instrument with USDT probes related to SHA-1 deprecation
* Wed Apr 27 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-4 * Wed Apr 27 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-4
- Support rsa_pkcs1_md5_sha1 in TLS 1.0/1.1 with rh-allow-sha1-signatures = yes - Support rsa_pkcs1_md5_sha1 in TLS 1.0/1.1 with rh-allow-sha1-signatures = yes
to restore TLS 1.0 and 1.1 support in LEGACY crypto-policy. to restore TLS 1.0 and 1.1 support in LEGACY crypto-policy.

2
sources
View File

@ -1 +1 @@
SHA512 (openssl-3.0.2-hobbled.tar.gz) = e62f95ef9a81555f8c7bb4e68bfbd14bd81040f112dd88a1e515160623e6d3a0b68d0d8b9b12905f67b06834bd152edfbabca4b528a4887b15dd153d60ad36d5 SHA512 (openssl-3.0.3-hobbled.tar.gz) = 474a6309e0457ad33ec4b5f98606ba7ee6fa15dd0abb26a1da80fa37e3fc0ec535b858e03aceb4ce675dcce6a26796c802d8bf8ebb4adc350e6b3ea95810a61b