We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream

Resolves: rhbz#2133809
This commit is contained in:
Dmitry Belyavskiy 2022-11-25 18:09:17 +01:00
parent 0f139ead1a
commit f2a49ef424
2 changed files with 56 additions and 9 deletions

View File

@ -1,14 +1,54 @@
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 --- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 +++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex @@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
-OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
-OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
+OPENSSL_strcasecmp 5556 3_0_1 EXIST::FUNCTION: +OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+OPENSSL_strncasecmp 5557 3_0_1 EXIST::FUNCTION: +OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
#endif
}
-int OPENSSL_strcasecmp(const char *s1, const char *s2)
+int
+#ifndef FIPS_MODULE
+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
+#endif
+OPENSSL_strcasecmp(const char *s1, const char *s2)
{
int t;
@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
return t;
}
-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
+int
+#ifndef FIPS_MODULE
+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
+#endif
+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
{
int t;
size_t i;
diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100
+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100
@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
s| .*||;
# Drop OpenSSL dynamic version information if there is any
s|\@\@.+$||;
+ s|\@.+$||;
# Return the result
$_
}

View File

@ -96,7 +96,11 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# https://github.com/openssl/openssl/pull/18103 # Originally from https://github.com/openssl/openssl/pull/18103
# As we rebased to 3.0.7 and used the version of the function
# not matching the upstream one, we have to use aliasing.
# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
# should also be removed
Patch56: 0056-strcasecmp.patch Patch56: 0056-strcasecmp.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch Patch58: 0058-FIPS-limit-rsa-encrypt.patch
@ -288,7 +292,8 @@ export HASHBANGPERL=/usr/bin/perl
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""' shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
-Wl,--allow-multiple-definition
# Do not run this in a production package the FIPS symbols must be patched-in # Do not run this in a production package the FIPS symbols must be patched-in
#util/mkdef.pl crypto update #util/mkdef.pl crypto update
@ -478,6 +483,8 @@ install -m644 %{SOURCE9} \
* Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2 * Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
- Various provider-related imrovements necessary for PKCS#11 provider correct operations - Various provider-related imrovements necessary for PKCS#11 provider correct operations
Resolves: rhbz#2142517 Resolves: rhbz#2142517
- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
Resolves: rhbz#2133809
* Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
- Rebasing to OpenSSL 3.0.7 - Rebasing to OpenSSL 3.0.7