An interface to create PKCS #12 files in FIPS compliant way

Resolves: RHEL-36659

openssl.spec

@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.2.2
-Release: 7%{?dist}
+Release: 8%{?dist}
 Epoch: 1
 Source: openssl-%{version}.tar.gz
 Source2: Makefile.certificate
@@ -158,6 +158,8 @@ Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch
 Patch121: 0121-FIPS-cms-defaults.patch
 # HKDF regression with older provider implementations
 Patch122: 0123-kdf-Preserve-backward-compatibility-with-older-provi.patch
+# https://github.com/openssl/openssl/issues/24577
+Patch124: 0124-PBMAC1-PKCS12-FIPS-support.patch
 
 License: Apache-2.0
 URL: http://www.openssl.org/
@@ -503,6 +505,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Aug 07 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-8
+- An interface to create PKCS #12 files in FIPS compliant way
+  Resolves: RHEL-36659
+
 * Wed Jul 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
 - Disallow SHA1 at SECLEVEL2 in OpenSSL
   Resolves: RHEL-39962