Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
@ -0,0 +1,32 @@
|
|||||||
|
From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon Chopin <simon.chopin@canonical.com>
|
||||||
|
Date: Mon, 13 Dec 2021 15:20:55 +0100
|
||||||
|
Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
|
||||||
|
|
||||||
|
This function has been removed from OpenSSL 3.0, replaced by
|
||||||
|
EVP_default_properties_is_fips_enabled().
|
||||||
|
|
||||||
|
Closes #50
|
||||||
|
---
|
||||||
|
src/dhparams.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/dhparams.c b/src/dhparams.c
|
||||||
|
index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
|
||||||
|
--- a/src/dhparams.c
|
||||||
|
+++ b/src/dhparams.c
|
||||||
|
@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check non-FIPS groups */
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||||
|
if (!FIPS_mode ())
|
||||||
|
+#else
|
||||||
|
+ if (!EVP_default_properties_is_fips_enabled(NULL))
|
||||||
|
+#endif
|
||||||
|
{
|
||||||
|
i = 0;
|
||||||
|
while (dh_nonfips_groups[i])
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
143
SPECS/sscg.spec
143
SPECS/sscg.spec
@ -26,11 +26,11 @@ BuildRequires: ninja-build
|
|||||||
BuildRequires: help2man
|
BuildRequires: help2man
|
||||||
|
|
||||||
|
|
||||||
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
||||||
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
|
Patch: 0002-Correct-certificate-lifetime-calculation.patch
|
||||||
Patch0003: 0003-Truncate-IP-address-in-SAN.patch
|
Patch: 0003-Truncate-IP-address-in-SAN.patch
|
||||||
Patch0004: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
|
Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
|
||||||
|
Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
A utility to aid in the creation of more secure "self-signed"
|
A utility to aid in the creation of more secure "self-signed"
|
||||||
@ -61,69 +61,115 @@ false signatures from the service certificate.
|
|||||||
%{_mandir}/man8/%{name}.8*
|
%{_mandir}/man8/%{name}.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Dec 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
|
* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
||||||
- Correctly apply the patch for default dhparams
|
- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
|
||||||
- Resolves: rhbz#2143206
|
- Related: rhbz#2083879
|
||||||
|
|
||||||
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
||||||
- Don't fail if default dhparams file can't be created
|
- Don't fail if default dhparams file can't be created
|
||||||
- Resolves: rhbz#2143206
|
- Resolves: rhbz#2149064
|
||||||
|
|
||||||
* Thu Jul 14 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
|
* Wed Mar 09 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
|
||||||
- Rebase to sscg 3.0.0
|
- Handle IP addresses in subjectAlternativeName correctly
|
||||||
- Resolves: rhbz#2107369
|
- Resolves: rhbz#2061923
|
||||||
- Resolves: rhbz#2091525
|
|
||||||
|
|
||||||
* Thu Jun 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-15
|
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
|
||||||
- Fix certificate lifetime calculation
|
- Correct certificate lifetime calculation
|
||||||
- Resolves: rhbz#2091525
|
- Resolves: rhbz#2017667
|
||||||
|
|
||||||
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-14
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
|
||||||
- Properly handling reading long passphrase files.
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-13
|
* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
|
||||||
- Fix missing error check for --*-key-passfile
|
- Drop usage of removed macro ERR_GET_FUNC()
|
||||||
|
- Related: rhbz#1964837
|
||||||
|
|
||||||
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-12
|
* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
|
||||||
- Improve validation of command-line arguments
|
- Release 3.0.0
|
||||||
- Resolves: rhbz#1784441
|
- Support for OpenSSL 3.0
|
||||||
- Resolves: rhbz#1784443
|
- Support for outputting named Diffie-Hellman parameter groups
|
||||||
|
- Support for CentOS Stream 9
|
||||||
|
- Resolves: rhbz#1984468
|
||||||
|
|
||||||
* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-11
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
|
||||||
- Further improve --client-key-file help message
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
- Resolves: rhbz#1720667
|
Related: rhbz#1971065
|
||||||
|
|
||||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-10
|
* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
|
||||||
- Fix incorrect help message
|
- OpenSSL 3.0 compatibility: fix RSA key-generation test
|
||||||
- Resolves: rhbz#1720667
|
- Resolves: rhbz#1964837
|
||||||
|
|
||||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-9
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
|
||||||
- Fix null-dereference and memory leak issues with client certs
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
- Resolves: rhbz#1720667
|
|
||||||
|
|
||||||
* Wed Dec 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-8
|
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
|
||||||
- Add support for generating client authentication certificates
|
- Fixing incorrect license declaration
|
||||||
- Resolves: rhbz#1720667
|
|
||||||
|
|
||||||
* Fri Nov 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-7
|
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
|
||||||
- Add support for password-protecting the private key files
|
- Updating to rebuild against the latest glibc
|
||||||
- Resolves: rhbz#1717880
|
|
||||||
|
|
||||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-6
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
|
||||||
- Fixes for issues detected by automated testing.
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
- Resolves: rhbz#1653323
|
|
||||||
|
|
||||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-5
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
|
||||||
|
- Update to 2.6.2
|
||||||
|
- Handle very short and very long passphrases properly (fixes rhbz#1850183)
|
||||||
|
- Drop upstreamed patch
|
||||||
|
|
||||||
|
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
|
||||||
|
- Rebuild with corrected ELN macro definitions
|
||||||
|
|
||||||
|
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
|
||||||
|
- Don't bother running clang-format in the RPM build
|
||||||
|
- Lengthen the test timeout so ARM tests pass
|
||||||
|
|
||||||
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
|
||||||
|
- Bugfixes from upstream
|
||||||
|
|
||||||
|
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
|
||||||
|
- Fix incorrect help description for --client-key-file
|
||||||
|
|
||||||
|
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
|
||||||
|
- Update to 2.6.0
|
||||||
|
- Can now generate an empty CRL file.
|
||||||
|
- Can now create and store a Diffie-Hellman parameters (dhparams) file.
|
||||||
|
- Support for setting a password on private keys.
|
||||||
|
- Support for generating a client authentication certificate and key.
|
||||||
|
- Better support for OpenSSL 1.0
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
|
||||||
|
- Update to 2.5.1
|
||||||
|
- Fixes discovered by automated testing.
|
||||||
|
|
||||||
|
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
|
||||||
|
- Update to 2.5.0
|
||||||
|
- Auto-detect the hash algorithm to use by default.
|
||||||
|
|
||||||
|
* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
|
||||||
|
- Update to 2.4.0
|
||||||
- Autodetect the minimum key strength from the system security level.
|
- Autodetect the minimum key strength from the system security level.
|
||||||
- Autodetect the hash algorithm to use from the system security level.
|
|
||||||
- Disallow setting a key strength below the system minimum.
|
- Disallow setting a key strength below the system minimum.
|
||||||
- Resolves: rhbz#1653323
|
|
||||||
|
- Drop upstreamed patches
|
||||||
|
|
||||||
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
|
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
|
||||||
- Add a manpage for sscg.
|
- Add a manpage.
|
||||||
|
|
||||||
* Thu Jul 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-3
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
|
||||||
- Strip out bundled popt since RHEL 8 has a new-enough version.
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
@ -266,3 +312,4 @@ false signatures from the service certificate.
|
|||||||
|
|
||||||
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
|
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
|
||||||
- First packaging
|
- First packaging
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user