Compare commits
No commits in common. "c8" and "c9" have entirely different histories.
|
|
@ -0,0 +1,32 @@
|
|||
From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Chopin <simon.chopin@canonical.com>
|
||||
Date: Mon, 13 Dec 2021 15:20:55 +0100
|
||||
Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
|
||||
|
||||
This function has been removed from OpenSSL 3.0, replaced by
|
||||
EVP_default_properties_is_fips_enabled().
|
||||
|
||||
Closes #50
|
||||
---
|
||||
src/dhparams.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/dhparams.c b/src/dhparams.c
|
||||
index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
|
||||
--- a/src/dhparams.c
|
||||
+++ b/src/dhparams.c
|
||||
@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
|
||||
}
|
||||
|
||||
/* Check non-FIPS groups */
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (!FIPS_mode ())
|
||||
+#else
|
||||
+ if (!EVP_default_properties_is_fips_enabled(NULL))
|
||||
+#endif
|
||||
{
|
||||
i = 0;
|
||||
while (dh_nonfips_groups[i])
|
||||
--
|
||||
2.31.1
|
||||
|
||||
143
SPECS/sscg.spec
143
SPECS/sscg.spec
|
|
@ -26,11 +26,11 @@ BuildRequires: ninja-build
|
|||
BuildRequires: help2man
|
||||
|
||||
|
||||
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
||||
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
|
||||
Patch0003: 0003-Truncate-IP-address-in-SAN.patch
|
||||
Patch0004: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
|
||||
|
||||
Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
||||
Patch: 0002-Correct-certificate-lifetime-calculation.patch
|
||||
Patch: 0003-Truncate-IP-address-in-SAN.patch
|
||||
Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
|
||||
Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
|
||||
|
||||
%description
|
||||
A utility to aid in the creation of more secure "self-signed"
|
||||
|
|
@ -61,69 +61,115 @@ false signatures from the service certificate.
|
|||
%{_mandir}/man8/%{name}.8*
|
||||
|
||||
%changelog
|
||||
* Thu Dec 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
|
||||
- Correctly apply the patch for default dhparams
|
||||
- Resolves: rhbz#2143206
|
||||
* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
||||
- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
|
||||
- Related: rhbz#2083879
|
||||
|
||||
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
||||
- Don't fail if default dhparams file can't be created
|
||||
- Resolves: rhbz#2143206
|
||||
- Resolves: rhbz#2149064
|
||||
|
||||
* Thu Jul 14 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
|
||||
- Rebase to sscg 3.0.0
|
||||
- Resolves: rhbz#2107369
|
||||
- Resolves: rhbz#2091525
|
||||
* Wed Mar 09 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
|
||||
- Handle IP addresses in subjectAlternativeName correctly
|
||||
- Resolves: rhbz#2061923
|
||||
|
||||
* Thu Jun 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-15
|
||||
- Fix certificate lifetime calculation
|
||||
- Resolves: rhbz#2091525
|
||||
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
|
||||
- Correct certificate lifetime calculation
|
||||
- Resolves: rhbz#2017667
|
||||
|
||||
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-14
|
||||
- Properly handling reading long passphrase files.
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-13
|
||||
- Fix missing error check for --*-key-passfile
|
||||
* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
|
||||
- Drop usage of removed macro ERR_GET_FUNC()
|
||||
- Related: rhbz#1964837
|
||||
|
||||
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-12
|
||||
- Improve validation of command-line arguments
|
||||
- Resolves: rhbz#1784441
|
||||
- Resolves: rhbz#1784443
|
||||
* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
|
||||
- Release 3.0.0
|
||||
- Support for OpenSSL 3.0
|
||||
- Support for outputting named Diffie-Hellman parameter groups
|
||||
- Support for CentOS Stream 9
|
||||
- Resolves: rhbz#1984468
|
||||
|
||||
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-11
|
||||
- Further improve --client-key-file help message
|
||||
- Resolves: rhbz#1720667
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-10
|
||||
- Fix incorrect help message
|
||||
- Resolves: rhbz#1720667
|
||||
* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
|
||||
- OpenSSL 3.0 compatibility: fix RSA key-generation test
|
||||
- Resolves: rhbz#1964837
|
||||
|
||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-9
|
||||
- Fix null-dereference and memory leak issues with client certs
|
||||
- Resolves: rhbz#1720667
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Dec 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-8
|
||||
- Add support for generating client authentication certificates
|
||||
- Resolves: rhbz#1720667
|
||||
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
|
||||
- Fixing incorrect license declaration
|
||||
|
||||
* Fri Nov 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-7
|
||||
- Add support for password-protecting the private key files
|
||||
- Resolves: rhbz#1717880
|
||||
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
|
||||
- Updating to rebuild against the latest glibc
|
||||
|
||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-6
|
||||
- Fixes for issues detected by automated testing.
|
||||
- Resolves: rhbz#1653323
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-5
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
|
||||
- Update to 2.6.2
|
||||
- Handle very short and very long passphrases properly (fixes rhbz#1850183)
|
||||
- Drop upstreamed patch
|
||||
|
||||
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
|
||||
- Rebuild with corrected ELN macro definitions
|
||||
|
||||
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
|
||||
- Don't bother running clang-format in the RPM build
|
||||
- Lengthen the test timeout so ARM tests pass
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
|
||||
- Bugfixes from upstream
|
||||
|
||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
|
||||
- Fix incorrect help description for --client-key-file
|
||||
|
||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
|
||||
- Update to 2.6.0
|
||||
- Can now generate an empty CRL file.
|
||||
- Can now create and store a Diffie-Hellman parameters (dhparams) file.
|
||||
- Support for setting a password on private keys.
|
||||
- Support for generating a client authentication certificate and key.
|
||||
- Better support for OpenSSL 1.0
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
|
||||
- Update to 2.5.1
|
||||
- Fixes discovered by automated testing.
|
||||
|
||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
|
||||
- Update to 2.5.0
|
||||
- Auto-detect the hash algorithm to use by default.
|
||||
|
||||
* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
|
||||
- Update to 2.4.0
|
||||
- Autodetect the minimum key strength from the system security level.
|
||||
- Autodetect the hash algorithm to use from the system security level.
|
||||
- Disallow setting a key strength below the system minimum.
|
||||
- Resolves: rhbz#1653323
|
||||
|
||||
- Drop upstreamed patches
|
||||
|
||||
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
|
||||
- Add a manpage for sscg.
|
||||
- Add a manpage.
|
||||
|
||||
* Thu Jul 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-3
|
||||
- Strip out bundled popt since RHEL 8 has a new-enough version.
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
|
@ -266,3 +312,4 @@ false signatures from the service certificate.
|
|||
|
||||
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
|
||||
- First packaging
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue