- Fixes override of openssl_conf in openssl.cnf

- Use AI_ADDRCONFIG only when explicit host name is given
- Temporarily remove fipsmodule.cnf for arch i686
- Fixes segmentation fault in BN_lebin2bn

Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855

Signed-off-by: Sahana Prasad <sahana@redhat.com>

0017-use-AI-ADDRCONFIG-explicit-hostname.patch

@@ -0,0 +1,12 @@
+diff -up openssl-3.0.0-alpha16/crypto/bio/b_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/b_addr.c
+--- openssl-3.0.0-alpha16/crypto/bio/b_addr.c.use-explicit	2021-07-06 14:06:05.706578389 +0200
++++ openssl-3.0.0-alpha16/crypto/bio/b_addr.c	2021-07-06 14:07:24.482329505 +0200
+@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons
+         hints.ai_protocol = protocol;
+ # ifdef AI_ADDRCONFIG
+ #  ifdef AF_UNSPEC
+-        if (family == AF_UNSPEC)
++        if (host != NULL && family == AF_UNSPEC)
+ #  endif
+             hints.ai_flags |= AI_ADDRCONFIG;
+ # endif

0018-Fix-crash-BN_lebin2bn.patch

@@ -0,0 +1,12 @@
+diff -up openssl-3.0.0-alpha16/apps/x509.c.segfault-bn openssl-3.0.0-alpha16/apps/x509.c
+--- openssl-3.0.0-alpha16/apps/x509.c.segfault-bn	2021-07-06 22:12:37.021406952 +0200
++++ openssl-3.0.0-alpha16/apps/x509.c	2021-07-06 22:13:40.540996922 +0200
+@@ -934,7 +934,7 @@ int x509_main(int argc, char **argv)
+         } else if (i == modulus) {
+             BIO_printf(out, "Modulus=");
+             if (EVP_PKEY_is_a(pkey, "RSA")) {
+-                BIGNUM *n;
++                BIGNUM *n = NULL;
+ 
+                 /* Every RSA key has an 'n' */
+                 EVP_PKEY_get_bn_param(pkey, "n", &n);

openssl.spec

@@ -64,6 +64,10 @@ Patch14: 0014-Return0-OPENSSL-init-crypto-cleanup.patch
 Patch15: 0015-Cleanup-peer-point-formats-regotiation.patch
 # Fix default digest to SHA256
 Patch16: 0016-Fix-default-digest-SHA256.patch
+# Use AI_ADDRCONFIG only when explicit host name is given
+Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch
+# Fix segmentation fault in BN_lebin2bn()
+Patch18: 0018-Fix-crash-BN_lebin2bn.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -296,6 +300,9 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
 
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
+%ifarch i686
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
+%endif
 
 # Determine which arch opensslconf.h is going to try to #include.
 basearch=%{_arch}
@@ -352,7 +359,6 @@ export LD_LIBRARY_PATH
 %dir %{_sysconfdir}/pki/tls/misc
 %dir %{_sysconfdir}/pki/tls/private
 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
-%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf
 %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
 %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
 %{_libdir}/libcrypto.so.%{soversion}
@@ -360,6 +366,9 @@ export LD_LIBRARY_PATH
 %{_libdir}/libssl.so.%{soversion}
 %attr(0755,root,root) %{_libdir}/engines-%{soversion}
 %attr(0755,root,root) %{_libdir}/ossl-modules
+%ifnarch i686
+%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf
+%endif
 
 %files devel
 %doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
@@ -385,7 +394,10 @@ export LD_LIBRARY_PATH
 %changelog
 * Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
 - Fixes override of openssl_conf in openssl.cnf
-- Resolves: rhbz#1975847
+- Use AI_ADDRCONFIG only when explicit host name is given
+- Temporarily remove fipsmodule.cnf for arch i686
+- Fixes segmentation fault in BN_lebin2bn
+- Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855
 
 * Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.6
 - Adds FIPS mode compatibility patch (sahana@redhat.com)