|
1 | 1 | --- a/SPECS/openssl.spec 2024-02-20 10:19:41
|
2 |
| -+++ b/SPECS/openssl.spec 2024-02-22 20:31:28 |
3 |
| -@@ -87,6 +87,13 @@ |
| 2 | ++++ b/SPECS/openssl.spec 2024-02-23 11:38:58 |
| 3 | +@@ -87,6 +87,10 @@ |
4 | 4 | Patch84: openssl-1.1.1-cve-2022-1292.patch
|
5 | 5 | Patch85: openssl-1.1.1-cve-2022-2068.patch
|
6 | 6 | Patch86: openssl-1.1.1-cve-2022-2097.patch
|
7 | 7 | +Patch100: openssl-1.1.1-force-fips-on-init.patch
|
8 | 8 | +Patch101: openssl-1.1.1-openssl-cnf-fips-mode.patch
|
9 | 9 | +Patch102: openssl-1.1.1-remove-env-check.patch
|
10 | 10 | +Patch103: openssl-1.1.1l-sm2-plaintext.patch
|
11 |
| -+Patch104: openssl-1.1.1k-CVE-2023-3446-fips.patch |
12 |
| -+Patch105: openssl-1.1.1k-CVE-2023-5678-fips.patch |
13 |
| -+Patch106: openssl-1.1.1k-CVE-2024-0727-fips.patch |
14 | 11 |
|
15 | 12 | License: OpenSSL and ASL 2.0
|
16 | 13 | URL: http://www.openssl.org/
|
17 |
| -@@ -212,6 +219,13 @@ |
| 14 | +@@ -212,6 +216,10 @@ |
18 | 15 | %patch84 -p1 -b .cve-2022-1292
|
19 | 16 | %patch85 -p1 -b .cve-2022-2068
|
20 | 17 | %patch86 -p1 -b .cve-2022-2097
|
21 | 18 | +%patch100 -p1 -b .force-fips-on-init
|
22 | 19 | +%patch101 -p1 -b .openssl-cnf-fips-mode
|
23 | 20 | +%patch102 -p1 -b .remove-env-check
|
24 | 21 | +%patch103 -p1 -b .sm2-plaintext
|
25 |
| -+%patch104 -p1 -F2 -b .CVE-2023-3446-fips |
26 |
| -+%patch105 -p1 -F2 -b .CVE-2023-5678-fips |
27 |
| -+%patch106 -p1 -b .CVE-2024-0727-fips |
28 | 22 |
|
29 | 23 | %build
|
30 | 24 | # Figure out which flags we want to use.
|
31 |
| -@@ -220,7 +234,7 @@ |
| 25 | +@@ -220,7 +228,7 @@ |
32 | 26 | %ifarch %ix86
|
33 | 27 | sslarch=linux-elf
|
34 | 28 | if ! echo %{_target} | grep -q i686 ; then
|
|
37 | 31 | fi
|
38 | 32 | %endif
|
39 | 33 | %ifarch x86_64
|
40 |
| -@@ -286,13 +300,13 @@ |
| 34 | +@@ -286,13 +294,13 @@ |
41 | 35 | # usable on all platforms. The Configure script already knows to use -fPIC and
|
42 | 36 | # RPM_OPT_FLAGS, so we can skip specifiying them here.
|
43 | 37 | ./Configure \
|
|
58 | 52 |
|
59 | 53 | # Do not run this in a production package the FIPS symbols must be patched-in
|
60 | 54 | #util/mkdef.pl crypto update
|
61 |
| -@@ -352,9 +366,9 @@ |
| 55 | +@@ -352,9 +360,9 @@ |
62 | 56 | make DESTDIR=$RPM_BUILD_ROOT install
|
63 | 57 | rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
|
64 | 58 | for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
|
|
71 | 65 | done
|
72 | 66 |
|
73 | 67 | # Install a makefile for generating keys and self-signed certs, and a script
|
74 |
| -@@ -375,21 +389,21 @@ |
| 68 | +@@ -375,21 +383,21 @@ |
75 | 69 | pushd $RPM_BUILD_ROOT%{_mandir}
|
76 | 70 | ln -s -f config.5 man5/openssl.cnf.5
|
77 | 71 | for manpage in man*/* ; do
|
|
105 | 99 | done
|
106 | 100 | popd
|
107 | 101 |
|
108 |
| -@@ -424,11 +438,11 @@ |
| 102 | +@@ -424,11 +432,11 @@ |
109 | 103 | # can have both a 32- and 64-bit version of the library, and they each need
|
110 | 104 | # their own correct-but-different versions of opensslconf.h to be usable.
|
111 | 105 | install -m644 %{SOURCE10} \
|
|
0 commit comments