rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8
rpms:a10s
rpms:c9s
rpms:c10s
rpms:c9-beta
rpms:c8s
rpms:c9
rpms:a10
rpms:c10
rpms:c10-beta
rpms:a9
rpms:c8-beta
rpms:changed/a10s/openssl-3.5.5-2.el10.alma.1
rpms:imports/c10s/openssl-3.5.5-2.el10
rpms:imports/c9-beta/openssl-3.5.5-1.el9
rpms:imports/c8/openssl-1.1.1k-15.el8_6
rpms:changed/a10s/openssl-3.5.5-1.el10.alma.1
rpms:imports/c9/openssl-3.5.1-7.el9_7
rpms:imports/c10s/openssl-3.5.5-1.el10
rpms:changed/a10/openssl-3.5.1-7.el10_1.alma.1
rpms:imports/c10/openssl-3.5.1-7.el10_1
rpms:changed/a10/openssl-3.5.1-5.el10_1.alma.1
rpms:imports/c10/openssl-3.5.1-5.el10_1
rpms:imports/c9/openssl-3.5.1-5.el9_7
rpms:imports/c8/openssl-1.1.1k-14.el8_10
rpms:changed/a10/openssl-3.5.1-4.el10_1.alma.1
rpms:imports/c10/openssl-3.5.1-4.el10_1
rpms:imports/c9/openssl-3.5.1-4.el9_7
rpms:changed/a10/openssl-3.5.1-3.el10.alma.1
rpms:imports/c10/openssl-3.5.1-3.el10
rpms:imports/c9/openssl-3.5.1-3.el9
rpms:changed/a10s/openssl-3.5.1-6.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-6.el10
rpms:changed/a10/openssl-3.2.2-16.el10_0.4.alma.1
rpms:imports/c10/openssl-3.2.2-16.el10_0.4
rpms:imports/c9-beta/openssl-3.5.1-3.el9
rpms:changed/a10s/openssl-3.5.1-5.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-5.el10
rpms:changed/a10s/openssl-3.5.1-4.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-4.el10
rpms:changed/a10s/openssl-3.5.1-3.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-3.el10
rpms:changed/a10s/openssl-3.5.1-1.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-1.el10
rpms:changed/a10s/openssl-3.5.0-8.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-8.el10
rpms:changed/a10s/openssl-3.5.0-6.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-6.el10
rpms:changed/a10s/openssl-3.5.0-4.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-4.el10
rpms:changed/a10s/openssl-3.5.0-3.el10.alma.1
rpms:changed/a10/openssl-3.2.2-16.el10_0.alma.1
rpms:imports/c10/openssl-3.2.2-16.el10_0
rpms:imports/c10s/openssl-3.5.0-3.el10
rpms:changed/a10s/openssl-3.5.0-2.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-2.el10
rpms:changed/a10s/openssl-3.5.0-1.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-1.el10
rpms:changed/a10s/openssl-3.2.2-16.el10.alma.1
rpms:imports/c9/openssl-3.2.2-6.el9_5.1
rpms:changed/a10s/openssl-3.2.2-15.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-16.el10
rpms:imports/c10s/openssl-3.2.2-15.el10
rpms:changed/a10s/openssl-3.2.2-14.el10.alma.1
rpms:imports/c10-beta/openssl-3.2.2-12.el10
rpms:imports/c9/openssl-3.2.2-6.el9_5
rpms:imports/c10s/openssl-3.2.2-14.el10
rpms:changed/a10s/openssl-3.2.2-13.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-13.el10
rpms:imports/c8/openssl-1.1.1k-14.el8_6
rpms:imports/c9-beta/openssl-3.2.2-6.el9_5
rpms:imports/c9-beta/openssl-3.2.2-6.el9
rpms:imports/c9/openssl-3.0.7-28.el9_4
rpms:changed/a10s/openssl-3.2.2-12.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-12.el10
rpms:changed/a9/openssl-3.0.7-27.el9.alma.1
rpms:changed/a10s/openssl-3.2.2-10.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-10.el10
rpms:changed/a10s/openssl-3.2.2-7.el10.alma.1
rpms:changed/a10s/openssl-3.2.2-3.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-7.el10
rpms:imports/c10s/openssl-3.2.2-3.el10
rpms:imports/c9/openssl-3.0.7-27.el9
rpms:imports/c9/openssl-3.0.7-25.el9_3
rpms:imports/c8/openssl-1.1.1k-12.el8_9
rpms:imports/c9/openssl-3.0.7-24.el9
rpms:imports/c9-beta/openssl-3.0.7-24.el9
rpms:imports/c9/openssl-3.0.7-17.el9_2
rpms:imports/c9/openssl-3.0.7-16.el9_2
rpms:imports/c9/openssl-3.0.7-6.el9_2
rpms:imports/c9-beta/openssl-3.0.7-5.el9
rpms:imports/c8-beta/openssl-1.1.1k-9.el8
rpms:imports/c8/openssl-1.1.1k-9.el8_7
rpms:imports/c9/openssl-3.0.1-47.el9_1
rpms:imports/c8s/openssl-1.1.1k-9.el8
rpms:imports/c9/openssl-3.0.1-43.el9_0
rpms:imports/c9-beta/openssl-3.0.1-41.el9_0
rpms:imports/c8-beta/openssl-1.1.1k-7.el8_6
rpms:imports/c9/openssl-3.0.1-41.el9_0
rpms:imports/c8/openssl-1.1.1k-7.el8_6
rpms:imports/c8s/openssl-1.1.1k-7.el8_6
rpms:imports/c9/openssl-3.0.1-23.el9_0
rpms:imports/c9/openssl-3.0.1-20.el9_0
rpms:imports/c9-beta/openssl-3.0.1-20.el9_0
rpms:imports/c8-beta/openssl-1.1.1k-5.el8_5
rpms:imports/c8/openssl-1.1.1k-6.el8_5
rpms:imports/c9-beta/openssl-3.0.1-5.el9
rpms:imports/c9-beta/openssl-3.0.0-6.el9
rpms:imports/c9-beta/openssl-3.0.0-5.el9
rpms:imports/c8/openssl-1.1.1k-5.el8_5
rpms:imports/c9-beta/openssl-3.0.0-4.el9
rpms:imports/c9-beta/openssl-3.0.0-0.beta2.7.el9
rpms:imports/c8s/openssl-1.1.1k-5.el8_5
rpms:imports/c8/openssl-1.1.1k-4.el8
rpms:imports/c8-beta/openssl-1.1.1k-4.el8
rpms:imports/c8-beta/openssl-1.1.1g-12.el8_3
rpms:imports/c8-beta/openssl-1.1.1g-9.el8
rpms:imports/c8-beta/openssl-1.1.1c-12.el8
rpms:imports/c8-beta/openssl-1.1.1c-1.el8
rpms:imports/c8s/openssl-1.1.1k-4.el8
rpms:imports/c8s/openssl-1.1.1k-1.el8
rpms:imports/c8s/openssl-1.1.1g-12.el8_3
rpms:imports/c8s/openssl-1.1.1g-11.el8
rpms:imports/c8s/openssl-1.1.1g-9.el8
rpms:imports/c8/openssl-1.1.1g-15.el8_3
rpms:imports/c8/openssl-1.1.1g-12.el8_3
rpms:imports/c8/openssl-1.1.1g-11.el8
rpms:imports/c8/openssl-1.1.1c-15.el8
rpms:imports/c8/openssl-1.1.1c-2.el8_1.1
...
pull from: rpms:c8
Branches Tags
rpms:a10s
rpms:c9s
rpms:c10s
rpms:c9-beta
rpms:c8
rpms:c8s
rpms:c9
rpms:a10
rpms:c10
rpms:c10-beta
rpms:a9
rpms:c8-beta
rpms:changed/a10s/openssl-3.5.5-2.el10.alma.1
rpms:imports/c10s/openssl-3.5.5-2.el10
rpms:imports/c9-beta/openssl-3.5.5-1.el9
rpms:imports/c8/openssl-1.1.1k-15.el8_6
rpms:changed/a10s/openssl-3.5.5-1.el10.alma.1
rpms:imports/c9/openssl-3.5.1-7.el9_7
rpms:imports/c10s/openssl-3.5.5-1.el10
rpms:changed/a10/openssl-3.5.1-7.el10_1.alma.1
rpms:imports/c10/openssl-3.5.1-7.el10_1
rpms:changed/a10/openssl-3.5.1-5.el10_1.alma.1
rpms:imports/c10/openssl-3.5.1-5.el10_1
rpms:imports/c9/openssl-3.5.1-5.el9_7
rpms:imports/c8/openssl-1.1.1k-14.el8_10
rpms:changed/a10/openssl-3.5.1-4.el10_1.alma.1
rpms:imports/c10/openssl-3.5.1-4.el10_1
rpms:imports/c9/openssl-3.5.1-4.el9_7
rpms:changed/a10/openssl-3.5.1-3.el10.alma.1
rpms:imports/c10/openssl-3.5.1-3.el10
rpms:imports/c9/openssl-3.5.1-3.el9
rpms:changed/a10s/openssl-3.5.1-6.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-6.el10
rpms:changed/a10/openssl-3.2.2-16.el10_0.4.alma.1
rpms:imports/c10/openssl-3.2.2-16.el10_0.4
rpms:imports/c9-beta/openssl-3.5.1-3.el9
rpms:changed/a10s/openssl-3.5.1-5.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-5.el10
rpms:changed/a10s/openssl-3.5.1-4.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-4.el10
rpms:changed/a10s/openssl-3.5.1-3.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-3.el10
rpms:changed/a10s/openssl-3.5.1-1.el10.alma.1
rpms:imports/c10s/openssl-3.5.1-1.el10
rpms:changed/a10s/openssl-3.5.0-8.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-8.el10
rpms:changed/a10s/openssl-3.5.0-6.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-6.el10
rpms:changed/a10s/openssl-3.5.0-4.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-4.el10
rpms:changed/a10s/openssl-3.5.0-3.el10.alma.1
rpms:changed/a10/openssl-3.2.2-16.el10_0.alma.1
rpms:imports/c10/openssl-3.2.2-16.el10_0
rpms:imports/c10s/openssl-3.5.0-3.el10
rpms:changed/a10s/openssl-3.5.0-2.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-2.el10
rpms:changed/a10s/openssl-3.5.0-1.el10.alma.1
rpms:imports/c10s/openssl-3.5.0-1.el10
rpms:changed/a10s/openssl-3.2.2-16.el10.alma.1
rpms:imports/c9/openssl-3.2.2-6.el9_5.1
rpms:changed/a10s/openssl-3.2.2-15.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-16.el10
rpms:imports/c10s/openssl-3.2.2-15.el10
rpms:changed/a10s/openssl-3.2.2-14.el10.alma.1
rpms:imports/c10-beta/openssl-3.2.2-12.el10
rpms:imports/c9/openssl-3.2.2-6.el9_5
rpms:imports/c10s/openssl-3.2.2-14.el10
rpms:changed/a10s/openssl-3.2.2-13.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-13.el10
rpms:imports/c8/openssl-1.1.1k-14.el8_6
rpms:imports/c9-beta/openssl-3.2.2-6.el9_5
rpms:imports/c9-beta/openssl-3.2.2-6.el9
rpms:imports/c9/openssl-3.0.7-28.el9_4
rpms:changed/a10s/openssl-3.2.2-12.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-12.el10
rpms:changed/a9/openssl-3.0.7-27.el9.alma.1
rpms:changed/a10s/openssl-3.2.2-10.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-10.el10
rpms:changed/a10s/openssl-3.2.2-7.el10.alma.1
rpms:changed/a10s/openssl-3.2.2-3.el10.alma.1
rpms:imports/c10s/openssl-3.2.2-7.el10
rpms:imports/c10s/openssl-3.2.2-3.el10
rpms:imports/c9/openssl-3.0.7-27.el9
rpms:imports/c9/openssl-3.0.7-25.el9_3
rpms:imports/c8/openssl-1.1.1k-12.el8_9
rpms:imports/c9/openssl-3.0.7-24.el9
rpms:imports/c9-beta/openssl-3.0.7-24.el9
rpms:imports/c9/openssl-3.0.7-17.el9_2
rpms:imports/c9/openssl-3.0.7-16.el9_2
rpms:imports/c9/openssl-3.0.7-6.el9_2
rpms:imports/c9-beta/openssl-3.0.7-5.el9
rpms:imports/c8-beta/openssl-1.1.1k-9.el8
rpms:imports/c8/openssl-1.1.1k-9.el8_7
rpms:imports/c9/openssl-3.0.1-47.el9_1
rpms:imports/c8s/openssl-1.1.1k-9.el8
rpms:imports/c9/openssl-3.0.1-43.el9_0
rpms:imports/c9-beta/openssl-3.0.1-41.el9_0
rpms:imports/c8-beta/openssl-1.1.1k-7.el8_6
rpms:imports/c9/openssl-3.0.1-41.el9_0
rpms:imports/c8/openssl-1.1.1k-7.el8_6
rpms:imports/c8s/openssl-1.1.1k-7.el8_6
rpms:imports/c9/openssl-3.0.1-23.el9_0
rpms:imports/c9/openssl-3.0.1-20.el9_0
rpms:imports/c9-beta/openssl-3.0.1-20.el9_0
rpms:imports/c8-beta/openssl-1.1.1k-5.el8_5
rpms:imports/c8/openssl-1.1.1k-6.el8_5
rpms:imports/c9-beta/openssl-3.0.1-5.el9
rpms:imports/c9-beta/openssl-3.0.0-6.el9
rpms:imports/c9-beta/openssl-3.0.0-5.el9
rpms:imports/c8/openssl-1.1.1k-5.el8_5
rpms:imports/c9-beta/openssl-3.0.0-4.el9
rpms:imports/c9-beta/openssl-3.0.0-0.beta2.7.el9
rpms:imports/c8s/openssl-1.1.1k-5.el8_5
rpms:imports/c8/openssl-1.1.1k-4.el8
rpms:imports/c8-beta/openssl-1.1.1k-4.el8
rpms:imports/c8-beta/openssl-1.1.1g-12.el8_3
rpms:imports/c8-beta/openssl-1.1.1g-9.el8
rpms:imports/c8-beta/openssl-1.1.1c-12.el8
rpms:imports/c8-beta/openssl-1.1.1c-1.el8
rpms:imports/c8s/openssl-1.1.1k-4.el8
rpms:imports/c8s/openssl-1.1.1k-1.el8
rpms:imports/c8s/openssl-1.1.1g-12.el8_3
rpms:imports/c8s/openssl-1.1.1g-11.el8
rpms:imports/c8s/openssl-1.1.1g-9.el8
rpms:imports/c8/openssl-1.1.1g-15.el8_3
rpms:imports/c8/openssl-1.1.1g-12.el8_3
rpms:imports/c8/openssl-1.1.1g-11.el8
rpms:imports/c8/openssl-1.1.1c-15.el8
rpms:imports/c8/openssl-1.1.1c-2.el8_1.1

No commits in common. "c8s" and "c8" have entirely different histories.
c8s ... c8

78 changed files with 85 additions and 202 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version
View File

@ -1 +0,0 @@
1

48
.gitignore vendored
View File

@ -1,47 +1 @@
.build*.log SOURCES/openssl-1.1.1k-hobbled.tar.xz
clog
000*.patch
*.src.rpm
openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0b-usa.tar.bz2
/openssl-1.0.0c-usa.tar.bz2
/openssl-1.0.0d-usa.tar.bz2
/openssl-1.0.0e-usa.tar.bz2
/openssl-1.0.0f-usa.tar.bz2
/openssl-1.0.0g-usa.tar.xz
/openssl-1.0.1-beta2-usa.tar.xz
/openssl-1.0.1-beta3-usa.tar.xz
/openssl-1.0.1-usa.tar.xz
/openssl-1.0.1a-usa.tar.xz
/openssl-1.0.1b-usa.tar.xz
/openssl-1.0.1c-usa.tar.xz
/openssl-1.0.1e-usa.tar.xz
/openssl-1.0.1e-hobbled.tar.xz
/openssl-1.0.1g-hobbled.tar.xz
/openssl-1.0.1h-hobbled.tar.xz
/openssl-1.0.1i-hobbled.tar.xz
/openssl-1.0.1j-hobbled.tar.xz
/openssl-1.0.1k-hobbled.tar.xz
/openssl-1.0.2a-hobbled.tar.xz
/openssl-1.0.2c-hobbled.tar.xz
/openssl-1.0.2d-hobbled.tar.xz
/openssl-1.0.2e-hobbled.tar.xz
/openssl-1.0.2f-hobbled.tar.xz
/openssl-1.0.2g-hobbled.tar.xz
/openssl-1.0.2h-hobbled.tar.xz
/openssl-1.0.2i-hobbled.tar.xz
/openssl-1.0.2j-hobbled.tar.xz
/openssl-1.1.0b-hobbled.tar.xz
/openssl-1.1.0c-hobbled.tar.xz
/openssl-1.1.0d-hobbled.tar.xz
/openssl-1.1.0e-hobbled.tar.xz
/openssl-1.1.0f-hobbled.tar.xz
/openssl-1.1.0g-hobbled.tar.xz
/openssl-1.1.0h-hobbled.tar.xz
/openssl-1.1.1-pre8-hobbled.tar.xz
/openssl-1.1.1-pre9-hobbled.tar.xz
/openssl-1.1.1-hobbled.tar.xz
/openssl-1.1.1b-hobbled.tar.xz
/openssl-1.1.1c-hobbled.tar.xz
/openssl-1.1.1g-hobbled.tar.xz
/openssl-1.1.1k-hobbled.tar.xz

1
.openssl.metadata Normal file
View File

@ -0,0 +1 @@
6fde639a66329f2cd9135eb192f2228f2a402c0e SOURCES/openssl-1.1.1k-hobbled.tar.xz

0
Makefile.certificate → SOURCES/Makefile.certificate
View File

0
README.FIPS → SOURCES/README.FIPS
View File

0
ec_curve.c → SOURCES/ec_curve.c
View File

0
ectest.c → SOURCES/ectest.c
View File

0
hobble-openssl → SOURCES/hobble-openssl
View File

0
make-dummy-cert → SOURCES/make-dummy-cert
View File

0
openssl-1.1.1-addrconfig.patch → SOURCES/openssl-1.1.1-addrconfig.patch
View File

0
openssl-1.1.1-alpn-cb.patch → SOURCES/openssl-1.1.1-alpn-cb.patch
View File

0
openssl-1.1.1-apps-dgst.patch → SOURCES/openssl-1.1.1-apps-dgst.patch
View File

0
openssl-1.1.1-arm-update.patch → SOURCES/openssl-1.1.1-arm-update.patch
View File

0
openssl-1.1.1-build.patch → SOURCES/openssl-1.1.1-build.patch
View File

8
openssl-1.1.1-cleanup-peer-point-reneg.patch → SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch
View File

@ -1,13 +1,11 @@
diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
--- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg 2021-03-25 14:28:38.000000000 +0100 --- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg 2021-03-25 14:28:38.000000000 +0100
+++ openssl-1.1.1k/ssl/statem/extensions.c 2021-06-24 16:16:19.526181743 +0200 +++ openssl-1.1.1k/ssl/statem/extensions.c 2021-06-24 16:16:19.526181743 +0200
@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori @@ -42,6 +42,7 @@ static int tls_parse_certificate_authori
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
static int init_srp(SSL *s, unsigned int context); static int init_srp(SSL *s, unsigned int context);
#endif #endif
+#ifndef OPENSSL_NO_EC
+static int init_ec_point_formats(SSL *s, unsigned int context); +static int init_ec_point_formats(SSL *s, unsigned int context);
+#endif
static int init_etm(SSL *s, unsigned int context); static int init_etm(SSL *s, unsigned int context);
static int init_ems(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context);
static int final_ems(SSL *s, unsigned int context, int sent); static int final_ems(SSL *s, unsigned int context, int sent);
@ -20,11 +18,10 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
final_ec_pt_formats final_ec_pt_formats
}, },
@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int @@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int
} }
#endif #endif
+#ifndef OPENSSL_NO_EC
+static int init_ec_point_formats(SSL *s, unsigned int context) +static int init_ec_point_formats(SSL *s, unsigned int context)
+{ +{
+ OPENSSL_free(s->ext.peer_ecpointformats); + OPENSSL_free(s->ext.peer_ecpointformats);
@ -33,7 +30,6 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
+ +
+ return 1; + return 1;
+} +}
+#endif
+ +
static int init_etm(SSL *s, unsigned int context) static int init_etm(SSL *s, unsigned int context)
{ {

0
openssl-1.1.1-conf-paths.patch → SOURCES/openssl-1.1.1-conf-paths.patch
View File

0
openssl-1.1.1-cve-2022-0778.patch → SOURCES/openssl-1.1.1-cve-2022-0778.patch
View File

0
openssl-1.1.1-cve-2022-1292.patch → SOURCES/openssl-1.1.1-cve-2022-1292.patch
View File

0
openssl-1.1.1-cve-2022-2068.patch → SOURCES/openssl-1.1.1-cve-2022-2068.patch
View File

0
openssl-1.1.1-cve-2022-2097.patch → SOURCES/openssl-1.1.1-cve-2022-2097.patch
View File

0
openssl-1.1.1-cve-2022-4304-RSA-oracle.patch → SOURCES/openssl-1.1.1-cve-2022-4304-RSA-oracle.patch
View File

0
openssl-1.1.1-cve-2022-4450-PEM-bio.patch → SOURCES/openssl-1.1.1-cve-2022-4450-PEM-bio.patch
View File

0
openssl-1.1.1-cve-2023-0215-BIO-UAF.patch → SOURCES/openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
View File

0
openssl-1.1.1-cve-2023-0286-X400.patch → SOURCES/openssl-1.1.1-cve-2023-0286-X400.patch
View File

0
openssl-1.1.1-cve-2023-3446.patch → SOURCES/openssl-1.1.1-cve-2023-3446.patch
View File

0
openssl-1.1.1-cve-2023-3817.patch → SOURCES/openssl-1.1.1-cve-2023-3817.patch
View File

0
openssl-1.1.1-cve-2023-5678.patch → SOURCES/openssl-1.1.1-cve-2023-5678.patch
View File

0
openssl-1.1.1-cve-2025-69419.patch → SOURCES/openssl-1.1.1-cve-2025-69419.patch
View File

0
openssl-1.1.1-cve-2025-9230.patch → SOURCES/openssl-1.1.1-cve-2025-9230.patch
View File

0
openssl-1.1.1-defaults.patch → SOURCES/openssl-1.1.1-defaults.patch
View File

0
openssl-1.1.1-detected-addr-ipv6.patch → SOURCES/openssl-1.1.1-detected-addr-ipv6.patch
View File

0
openssl-1.1.1-ec-curves.patch → SOURCES/openssl-1.1.1-ec-curves.patch
View File

0
openssl-1.1.1-edk2-build.patch → SOURCES/openssl-1.1.1-edk2-build.patch
View File

0
openssl-1.1.1-evp-kdf.patch → SOURCES/openssl-1.1.1-evp-kdf.patch
View File

0
openssl-1.1.1-fips-crng-test.patch → SOURCES/openssl-1.1.1-fips-crng-test.patch
View File

0
openssl-1.1.1-fips-curves.patch → SOURCES/openssl-1.1.1-fips-curves.patch
View File

0
openssl-1.1.1-fips-dh.patch → SOURCES/openssl-1.1.1-fips-dh.patch
View File

0
openssl-1.1.1-fips-drbg-selftest.patch → SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
View File

0
openssl-1.1.1-fips-post-rand.patch → SOURCES/openssl-1.1.1-fips-post-rand.patch
View File

0
openssl-1.1.1-fips.patch → SOURCES/openssl-1.1.1-fips.patch
View File

0
openssl-1.1.1-fix-ssl-select-next-proto.patch → SOURCES/openssl-1.1.1-fix-ssl-select-next-proto.patch
View File

0
openssl-1.1.1-hardening-from-openssl-3.0.1.patch → SOURCES/openssl-1.1.1-hardening-from-openssl-3.0.1.patch
View File

0
openssl-1.1.1-intel-cet.patch → SOURCES/openssl-1.1.1-intel-cet.patch
View File

0
openssl-1.1.1-kdf-selftest.patch → SOURCES/openssl-1.1.1-kdf-selftest.patch
View File

0
openssl-1.1.1-krb5-kdf.patch → SOURCES/openssl-1.1.1-krb5-kdf.patch
View File

0
openssl-1.1.1-man-rename.patch → SOURCES/openssl-1.1.1-man-rename.patch
View File

0
openssl-1.1.1-no-brainpool.patch → SOURCES/openssl-1.1.1-no-brainpool.patch
View File

0
openssl-1.1.1-no-html.patch → SOURCES/openssl-1.1.1-no-html.patch
View File

0
openssl-1.1.1-no-weak-verify.patch → SOURCES/openssl-1.1.1-no-weak-verify.patch
View File

0
openssl-1.1.1-pkcs1-implicit-rejection.patch → SOURCES/openssl-1.1.1-pkcs1-implicit-rejection.patch
View File

0
openssl-1.1.1-read-buff.patch → SOURCES/openssl-1.1.1-read-buff.patch
View File

0
openssl-1.1.1-replace-expired-certs.patch → SOURCES/openssl-1.1.1-replace-expired-certs.patch
View File

0
openssl-1.1.1-rewire-fips-drbg.patch → SOURCES/openssl-1.1.1-rewire-fips-drbg.patch
View File

0
openssl-1.1.1-s390x-aes-tests.patch → SOURCES/openssl-1.1.1-s390x-aes-tests.patch
View File

0
openssl-1.1.1-s390x-aes.patch → SOURCES/openssl-1.1.1-s390x-aes.patch
View File

0
openssl-1.1.1-s390x-ecc.patch → SOURCES/openssl-1.1.1-s390x-ecc.patch
View File

0
openssl-1.1.1-s390x-update.patch → SOURCES/openssl-1.1.1-s390x-update.patch
View File

0
openssl-1.1.1-seclevel.patch → SOURCES/openssl-1.1.1-seclevel.patch
View File

0
openssl-1.1.1-servername-cb.patch → SOURCES/openssl-1.1.1-servername-cb.patch
View File

0
openssl-1.1.1-ssh-kdf.patch → SOURCES/openssl-1.1.1-ssh-kdf.patch
View File

0
openssl-1.1.1-sslv3-keep-abi.patch → SOURCES/openssl-1.1.1-sslv3-keep-abi.patch
View File

0
openssl-1.1.1-system-cipherlist.patch → SOURCES/openssl-1.1.1-system-cipherlist.patch
View File

0
openssl-1.1.1-ticket_lifetime_hint.patch → SOURCES/openssl-1.1.1-ticket_lifetime_hint.patch
View File

0
openssl-1.1.1-tls13-curves.patch → SOURCES/openssl-1.1.1-tls13-curves.patch
View File

0
openssl-1.1.1-ts-sha256-default.patch → SOURCES/openssl-1.1.1-ts-sha256-default.patch
View File

0
openssl-1.1.1-version-add-engines.patch → SOURCES/openssl-1.1.1-version-add-engines.patch
View File

0
openssl-1.1.1-version-override.patch → SOURCES/openssl-1.1.1-version-override.patch
View File

0
openssl-1.1.1-weak-ciphers.patch → SOURCES/openssl-1.1.1-weak-ciphers.patch
View File

0
opensslconf-new-warning.h → SOURCES/opensslconf-new-warning.h
View File

0
opensslconf-new.h → SOURCES/opensslconf-new.h
View File

0
renew-dummy-cert → SOURCES/renew-dummy-cert
View File

163
openssl.spec → SPECS/openssl.spec
View File

@ -99,12 +99,13 @@ Patch107: openssl-1.1.1-cve-2023-5678.patch
# Backport from OpenSSL 3.2/RHEL 9 # Backport from OpenSSL 3.2/RHEL 9
# Proper fix for CVE-2020-25659 # Proper fix for CVE-2020-25659
Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
# Backport from OpenSSL 3.0 # Backport from OpenSSL 3.2
# Fix for CVE-2024-5535 # Fix for CVE-2024-5535
Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
# Fix for CVE-2025-9230
Patch110: openssl-1.1.1-cve-2025-9230.patch Patch110: openssl-1.1.1-cve-2025-9230.patch
Patch111: openssl-1.1.1-ticket_lifetime_hint.patch Patch111: openssl-1.1.1-ticket_lifetime_hint.patch
# Fix for CVE-2025-69419 # Fix for CVE-2025-69419 (next two)
Patch112: openssl-1.1.1-hardening-from-openssl-3.0.1.patch Patch112: openssl-1.1.1-hardening-from-openssl-3.0.1.patch
Patch113: openssl-1.1.1-cve-2025-69419.patch Patch113: openssl-1.1.1-cve-2025-69419.patch
@ -185,66 +186,66 @@ from other formats to the formats used by the OpenSSL toolkit.
cp %{SOURCE12} crypto/ec/ cp %{SOURCE12} crypto/ec/
cp %{SOURCE13} test/ cp %{SOURCE13} test/
%patch1 -p1 -b .build %{?_rawbuild} %patch -P1 -p1 -b .build %{?_rawbuild}
%patch2 -p1 -b .defaults %patch -P2 -p1 -b .defaults
%patch3 -p1 -b .no-html %{?_rawbuild} %patch -P3 -p1 -b .no-html %{?_rawbuild}
%patch4 -p1 -b .man-rename %patch -P4 -p1 -b .man-rename
%patch31 -p1 -b .conf-paths %patch -P31 -p1 -b .conf-paths
%patch32 -p1 -b .version-add-engines %patch -P32 -p1 -b .version-add-engines
%patch33 -p1 -b .dgst %patch -P33 -p1 -b .dgst
%patch36 -p1 -b .no-brainpool %patch -P36 -p1 -b .no-brainpool
%patch37 -p1 -b .curves %patch -P37 -p1 -b .curves
%patch38 -p1 -b .no-weak-verify %patch -P38 -p1 -b .no-weak-verify
%patch40 -p1 -b .sslv3-abi %patch -P40 -p1 -b .sslv3-abi
%patch41 -p1 -b .system-cipherlist %patch -P41 -p1 -b .system-cipherlist
%patch42 -p1 -b .fips %patch -P42 -p1 -b .fips
%patch44 -p1 -b .version-override %patch -P44 -p1 -b .version-override
%patch45 -p1 -b .weak-ciphers %patch -P45 -p1 -b .weak-ciphers
%patch46 -p1 -b .seclevel %patch -P46 -p1 -b .seclevel
%patch47 -p1 -b .ts-sha256-default %patch -P47 -p1 -b .ts-sha256-default
%patch48 -p1 -b .fips-post-rand %patch -P48 -p1 -b .fips-post-rand
%patch49 -p1 -b .evp-kdf %patch -P49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf %patch -P50 -p1 -b .ssh-kdf
%patch51 -p1 -b .intel-cet %patch -P51 -p1 -b .intel-cet
%patch52 -p1 -b .s390x-update %patch -P52 -p1 -b .s390x-update
%patch53 -p1 -b .crng-test %patch -P53 -p1 -b .crng-test
%patch55 -p1 -b .arm-update %patch -P55 -p1 -b .arm-update
%patch56 -p1 -b .s390x-ecc %patch -P56 -p1 -b .s390x-ecc
%patch60 -p1 -b .krb5-kdf %patch -P60 -p1 -b .krb5-kdf
%patch61 -p1 -b .edk2-build %patch -P61 -p1 -b .edk2-build
%patch62 -p1 -b .fips-curves %patch -P62 -p1 -b .fips-curves
%patch65 -p1 -b .drbg-selftest %patch -P65 -p1 -b .drbg-selftest
%patch66 -p1 -b .fips-dh %patch -P66 -p1 -b .fips-dh
%patch67 -p1 -b .kdf-selftest %patch -P67 -p1 -b .kdf-selftest
%patch69 -p1 -b .alpn-cb %patch -P69 -p1 -b .alpn-cb
%patch70 -p1 -b .rewire-fips-drbg %patch -P70 -p1 -b .rewire-fips-drbg
%patch74 -p1 -b .addrconfig %patch -P74 -p1 -b .addrconfig
%patch75 -p1 -b .tls13-curves %patch -P75 -p1 -b .tls13-curves
%patch76 -p1 -b .cleanup-reneg %patch -P76 -p1 -b .cleanup-reneg
%patch77 -p1 -b .s390x-aes %patch -P77 -p1 -b .s390x-aes
%patch78 -p1 -b .addr-ipv6 %patch -P78 -p1 -b .addr-ipv6
%patch79 -p1 -b .servername-cb %patch -P79 -p1 -b .servername-cb
%patch80 -p1 -b .s390x-test-aes %patch -P80 -p1 -b .s390x-test-aes
%patch81 -p1 -b .read-buff %patch -P81 -p1 -b .read-buff
%patch82 -p1 -b .cve-2022-0778 %patch -P82 -p1 -b .cve-2022-0778
%patch83 -p1 -b .replace-expired-certs %patch -P83 -p1 -b .replace-expired-certs
%patch84 -p1 -b .cve-2022-1292 %patch -P84 -p1 -b .cve-2022-1292
%patch85 -p1 -b .cve-2022-2068 %patch -P85 -p1 -b .cve-2022-2068
%patch86 -p1 -b .cve-2022-2097 %patch -P86 -p1 -b .cve-2022-2097
%patch101 -p1 -b .cve-2022-4304 %patch -P101 -p1 -b .cve-2022-4304
%patch102 -p1 -b .cve-2022-4450 %patch -P102 -p1 -b .cve-2022-4450
%patch103 -p1 -b .cve-2023-0215 %patch -P103 -p1 -b .cve-2023-0215
%patch104 -p1 -b .cve-2023-0286 %patch -P104 -p1 -b .cve-2023-0286
%patch105 -p1 -b .cve-2023-3446 %patch -P105 -p1 -b .cve-2023-3446
%patch106 -p1 -b .cve-2023-3817 %patch -P106 -p1 -b .cve-2023-3817
%patch107 -p1 -b .cve-2023-5678 %patch -P107 -p1 -b .cve-2023-5678
%patch108 -p1 -b .pkcs15imprejection %patch -P108 -p1 -b .pkcs15imprejection
%patch109 -p1 -b .cve-2024-5535 %patch -P109 -p1 -b .cve-2024-5535
%patch110 -p1 -b .cve-2025-9230 %patch -P110 -p1 -b .cve-2025-9230
%patch111 -p1 -b .ticket_lifetime_hint %patch -P111 -p1 -b .ticket_lifetime_hint
%patch112 -p1 -b .cve-2025-69419-1 %patch -P112 -p1 -b .cve-2025-69419-1
%patch113 -p1 -b .cve-2025-69419-2 %patch -P113 -p1 -b .cve-2025-69419-2
%build %build
# Figure out which flags we want to use. # Figure out which flags we want to use.
@ -530,63 +531,61 @@ export LD_LIBRARY_PATH
%changelog %changelog
* Thu Feb 12 2026 Antonio Vieiro <avieirov@redhat.com> - 1:1.1.1k-15 * Thu Feb 12 2026 Antonio Vieiro <avieirov@redhat.com> - 1:1.1.1k-15
- Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
Resolves: RHEL-142010 ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients
Resolves: RHEL-149165
Resolves: RHEL-142715
* Mon Dec 08 2025 Nikita Sanjay Patwa <npatwa@redhat.com> - 1:1.1.1k-14 * Mon Dec 22 2025 Nikita Sanjay Patwa <npatwa@redhat.com> - 1:1.1.1k-14.1
- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap - Backport fix for openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
Fix CVE-2025-9230 Fix CVE-2025-9230
Resolves: RHEL-128613 Resolves: RHEL-128615
- Fix bug for ticket_lifetime_hint exceed issue
Resolves: RHEL-119891
* Mon Sep 16 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-13 * Tue Sep 17 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-14
- Backport fix SSL_select_next proto from OpenSSL 3.2 - Backport fix SSL_select_next proto from OpenSSL 3.2
Fix CVE-2024-5535 Fix CVE-2024-5535
Resolves: RHEL-45654 Resolves: RHEL-45654
* Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12 * Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
- Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
(a proper fix for CVE-2020-25659) (a proper fix for CVE-2020-25659)
Resolves: RHEL-17696 Resolves: RHEL-17694
* Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11 * Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow excessively long X9.42 DH keys or parameters may be very slow
Resolves: RHEL-16538 Resolves: RHEL-16536
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10 * Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters - Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
Resolves: RHEL-14245 Resolves: RHEL-14243
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
Resolves: RHEL-14239 Resolves: RHEL-14237
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9 * Thu May 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
- Fixed Timing Oracle in RSA Decryption - Fixed Timing Oracle in RSA Decryption
Resolves: CVE-2022-4304 Resolves: CVE-2022-4304
- Fixed Double free after calling PEM_read_bio_ex - Fixed Double free after calling PEM_read_bio_ex
Resolves: CVE-2022-4450 Resolves: CVE-2022-4450
- Fixed Use-after-free following BIO_new_NDEF - Fixed Use-after-free following BIO_new_NDEF
Resolves: CVE-2023-0215 Resolves: CVE-2023-0215
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
- Fixed X.400 address type confusion in X.509 GeneralName - Fixed X.400 address type confusion in X.509 GeneralName
Resolves: CVE-2023-0286 Resolves: CVE-2023-0286
* Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
- Fix no-ec build
Resolves: rhbz#2071020
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7 * Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
Resolves: CVE-2022-2097 Resolves: CVE-2022-2097
- Update expired certificates used in the testsuite - Update expired certificates used in the testsuite
Resolves: rhbz#2092462 Resolves: rhbz#2100554
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection - Fix CVE-2022-1292: openssl: c_rehash script allows command injection
Resolves: rhbz#2090372 Resolves: rhbz#2090371
- Fix CVE-2022-2068: the c_rehash script allows command injection - Fix CVE-2022-2068: the c_rehash script allows command injection
Resolves: rhbz#2098279 Resolves: rhbz#2098278
* Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6 * Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
- Resolves: rhbz#2067146 - Resolves: rhbz#2067145
* Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5 * Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings

1
ci.fmf
View File

@ -1 +0,0 @@
resultsdb-testcase: separate

15
fixpatch
View File

@ -1,15 +0,0 @@
#!/bin/sh
# Fixes patch from upstream tracker view
gawk '
BEGIN {
dir=""
}
/^Index: openssl\// {
dir = $2
}
/^(---|\+\+\+)/ {
$2 = dir
}
{
print
}'

9
gating.yaml
View File

@ -1,9 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-disabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-enabled.functional}

14
openssl-1.1.1-ignore-bound.patch
View File

@ -1,14 +0,0 @@
Do not return failure when setting version bound on fixed protocol
version method.
diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c
--- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound 2018-06-20 16:48:13.000000000 +0200
+++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c 2018-08-13 11:07:52.826304045 +0200
@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver
* methods are not subject to controls that disable individual protocol
* versions.
*/
- return 0;
+ return 1;
case TLS_ANY_VERSION:
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)

26
plans/ci.fmf
View File

@ -1,26 +0,0 @@
/fips-disabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/openssl
name: /Plans/ci/fips-disabled-buildroot-disabled
/fips-disabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/openssl
name: /Plans/ci/fips-disabled-buildroot-enabled
/fips-enabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/openssl
name: /Plans/ci/fips-enabled-buildroot-disabled
/fips-enabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/openssl
name: /Plans/ci/fips-enabled-buildroot-enabled

1
sources
View File

@ -1 +0,0 @@
SHA512 (openssl-1.1.1k-hobbled.tar.xz) = dd48b6200bcda1938c362888789bf0dbac7dbcc80b15a32794e25f6cbe8f727b6f8d1302a2bc43708da79124db9e5a5d27446ec1c91cf1e270aba1d8664d65d8