diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch index 5c33a76..8a005e6 100644 --- a/0056-strcasecmp.patch +++ b/0056-strcasecmp.patch @@ -1,14 +1,54 @@ diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num --- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 +++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 -@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex - ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: - EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: +@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: --OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: --OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: -+OPENSSL_strcasecmp 5556 3_0_1 EXIST::FUNCTION: -+OPENSSL_strncasecmp 5557 3_0_1 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c +--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 ++++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 +@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char + #endif + } + +-int OPENSSL_strcasecmp(const char *s1, const char *s2) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strcasecmp(const char *s1, const char *s2) + { + int t; + +@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c + return t; + } + +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { + int t; + size_t i; +diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t +--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100 ++++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100 +@@ -77,6 +80,7 @@ foreach my $libname (@libnames) { + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; ++ s|\@.+$||; + # Return the result + $_ + } diff --git a/openssl.spec b/openssl.spec index 012261c..912c32c 100644 --- a/openssl.spec +++ b/openssl.spec @@ -96,7 +96,11 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch -# https://github.com/openssl/openssl/pull/18103 +# Originally from https://github.com/openssl/openssl/pull/18103 +# As we rebased to 3.0.7 and used the version of the function +# not matching the upstream one, we have to use aliasing. +# When we eliminate this patch, the `-Wl,--allow-multiple-definition` +# should also be removed Patch56: 0056-strcasecmp.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch58: 0058-FIPS-limit-rsa-encrypt.patch @@ -288,7 +292,8 @@ export HASHBANGPERL=/usr/bin/perl zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ - shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""' + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ + -Wl,--allow-multiple-definition # Do not run this in a production package the FIPS symbols must be patched-in #util/mkdef.pl crypto update @@ -478,6 +483,8 @@ install -m644 %{SOURCE9} \ * Thu Nov 24 2022 Dmitry Belyavskiy - 1:3.0.7-2 - Various provider-related imrovements necessary for PKCS#11 provider correct operations Resolves: rhbz#2142517 +- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream + Resolves: rhbz#2133809 * Tue Nov 22 2022 Dmitry Belyavskiy - 1:3.0.7-1 - Rebasing to OpenSSL 3.0.7