We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
Resolves: rhbz#2133809
This commit is contained in:
parent
0f139ead1a
commit
f2a49ef424
@ -1,14 +1,54 @@
|
|||||||
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
|
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
|
||||||
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
|
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
|
||||||
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
|
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
|
||||||
@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
|
@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
|
||||||
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
|
|
||||||
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
|
|
||||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
||||||
-OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
||||||
-OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||||
+OPENSSL_strcasecmp 5556 3_0_1 EXIST::FUNCTION:
|
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
|
||||||
+OPENSSL_strncasecmp 5557 3_0_1 EXIST::FUNCTION:
|
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||||
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||||
|
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
|
||||||
|
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
|
||||||
|
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
|
||||||
|
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
-int OPENSSL_strcasecmp(const char *s1, const char *s2)
|
||||||
|
+int
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
|
||||||
|
+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
|
||||||
|
+#endif
|
||||||
|
+OPENSSL_strcasecmp(const char *s1, const char *s2)
|
||||||
|
{
|
||||||
|
int t;
|
||||||
|
|
||||||
|
@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
|
||||||
|
return t;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
|
||||||
|
+int
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
|
||||||
|
+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
|
||||||
|
+#endif
|
||||||
|
+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
|
||||||
|
{
|
||||||
|
int t;
|
||||||
|
size_t i;
|
||||||
|
diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
|
||||||
|
--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100
|
||||||
|
+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100
|
||||||
|
@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
|
||||||
|
s| .*||;
|
||||||
|
# Drop OpenSSL dynamic version information if there is any
|
||||||
|
s|\@\@.+$||;
|
||||||
|
+ s|\@.+$||;
|
||||||
|
# Return the result
|
||||||
|
$_
|
||||||
|
}
|
||||||
|
11
openssl.spec
11
openssl.spec
@ -96,7 +96,11 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
|
|||||||
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
||||||
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
||||||
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||||
# https://github.com/openssl/openssl/pull/18103
|
# Originally from https://github.com/openssl/openssl/pull/18103
|
||||||
|
# As we rebased to 3.0.7 and used the version of the function
|
||||||
|
# not matching the upstream one, we have to use aliasing.
|
||||||
|
# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
|
||||||
|
# should also be removed
|
||||||
Patch56: 0056-strcasecmp.patch
|
Patch56: 0056-strcasecmp.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
||||||
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
||||||
@ -288,7 +292,8 @@ export HASHBANGPERL=/usr/bin/perl
|
|||||||
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
|
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
|
||||||
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
|
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
|
||||||
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
|
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
|
||||||
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
|
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
|
||||||
|
-Wl,--allow-multiple-definition
|
||||||
|
|
||||||
# Do not run this in a production package the FIPS symbols must be patched-in
|
# Do not run this in a production package the FIPS symbols must be patched-in
|
||||||
#util/mkdef.pl crypto update
|
#util/mkdef.pl crypto update
|
||||||
@ -478,6 +483,8 @@ install -m644 %{SOURCE9} \
|
|||||||
* Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
|
* Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
|
||||||
- Various provider-related imrovements necessary for PKCS#11 provider correct operations
|
- Various provider-related imrovements necessary for PKCS#11 provider correct operations
|
||||||
Resolves: rhbz#2142517
|
Resolves: rhbz#2142517
|
||||||
|
- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
|
||||||
|
Resolves: rhbz#2133809
|
||||||
|
|
||||||
* Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
|
* Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
|
||||||
- Rebasing to OpenSSL 3.0.7
|
- Rebasing to OpenSSL 3.0.7
|
||||||
|
Loading…
Reference in New Issue
Block a user