Skip to content

Commit 83ca2f8

Browse files
committed
Revert "[PA-6132] : Applied CVE Patches to openssl-1.1.1k-7, following patches were applied"
This reverts commit 0327e17.
1 parent 62a4ccf commit 83ca2f8

File tree

5 files changed

+9
-339
lines changed

5 files changed

+9
-339
lines changed

configs/components/openssl-1.1.1-fips.rb

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,6 @@
2424
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-spec-file.patch'
2525
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-remove-env-check.patch'
2626
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1l-sm2-plaintext.patch'
27-
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1k-CVE-2023-3446-fips.patch'
28-
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1k-CVE-2023-5678-fips.patch'
29-
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1k-CVE-2024-0727-fips.patch'
30-
3127

3228
if platform.name =~ /-7-/
3329
pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-post-rand.patch'
@@ -59,10 +55,7 @@
5955
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-force-fips-mode.patch && cd -",
6056
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-spec-file.patch && cd -",
6157
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-remove-env-check.patch && cd -",
62-
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1l-sm2-plaintext.patch && cd -",
63-
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1k-CVE-2023-3446-fips.patch && cd -",
64-
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1k-CVE-2023-5678-fips.patch && cd -",
65-
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1k-CVE-2024-0727-fips.patch && cd -"
58+
"cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1l-sm2-plaintext.patch && cd -"
6659
]
6760
end
6861

resources/patches/openssl/openssl-1.1.1k-7-fips-spec-file.patch

Lines changed: 8 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,28 @@
11
--- a/SPECS/openssl.spec 2024-02-20 10:19:41
2-
+++ b/SPECS/openssl.spec 2024-02-22 20:31:28
3-
@@ -87,6 +87,13 @@
2+
+++ b/SPECS/openssl.spec 2024-02-23 11:38:58
3+
@@ -87,6 +87,10 @@
44
Patch84: openssl-1.1.1-cve-2022-1292.patch
55
Patch85: openssl-1.1.1-cve-2022-2068.patch
66
Patch86: openssl-1.1.1-cve-2022-2097.patch
77
+Patch100: openssl-1.1.1-force-fips-on-init.patch
88
+Patch101: openssl-1.1.1-openssl-cnf-fips-mode.patch
99
+Patch102: openssl-1.1.1-remove-env-check.patch
1010
+Patch103: openssl-1.1.1l-sm2-plaintext.patch
11-
+Patch104: openssl-1.1.1k-CVE-2023-3446-fips.patch
12-
+Patch105: openssl-1.1.1k-CVE-2023-5678-fips.patch
13-
+Patch106: openssl-1.1.1k-CVE-2024-0727-fips.patch
1411

1512
License: OpenSSL and ASL 2.0
1613
URL: http://www.openssl.org/
17-
@@ -212,6 +219,13 @@
14+
@@ -212,6 +216,10 @@
1815
%patch84 -p1 -b .cve-2022-1292
1916
%patch85 -p1 -b .cve-2022-2068
2017
%patch86 -p1 -b .cve-2022-2097
2118
+%patch100 -p1 -b .force-fips-on-init
2219
+%patch101 -p1 -b .openssl-cnf-fips-mode
2320
+%patch102 -p1 -b .remove-env-check
2421
+%patch103 -p1 -b .sm2-plaintext
25-
+%patch104 -p1 -F2 -b .CVE-2023-3446-fips
26-
+%patch105 -p1 -F2 -b .CVE-2023-5678-fips
27-
+%patch106 -p1 -b .CVE-2024-0727-fips
2822

2923
%build
3024
# Figure out which flags we want to use.
31-
@@ -220,7 +234,7 @@
25+
@@ -220,7 +228,7 @@
3226
%ifarch %ix86
3327
sslarch=linux-elf
3428
if ! echo %{_target} | grep -q i686 ; then
@@ -37,7 +31,7 @@
3731
fi
3832
%endif
3933
%ifarch x86_64
40-
@@ -286,13 +300,13 @@
34+
@@ -286,13 +294,13 @@
4135
# usable on all platforms. The Configure script already knows to use -fPIC and
4236
# RPM_OPT_FLAGS, so we can skip specifiying them here.
4337
./Configure \
@@ -58,7 +52,7 @@
5852

5953
# Do not run this in a production package the FIPS symbols must be patched-in
6054
#util/mkdef.pl crypto update
61-
@@ -352,9 +366,9 @@
55+
@@ -352,9 +360,9 @@
6256
make DESTDIR=$RPM_BUILD_ROOT install
6357
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
6458
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
@@ -71,7 +65,7 @@
7165
done
7266

7367
# Install a makefile for generating keys and self-signed certs, and a script
74-
@@ -375,21 +389,21 @@
68+
@@ -375,21 +383,21 @@
7569
pushd $RPM_BUILD_ROOT%{_mandir}
7670
ln -s -f config.5 man5/openssl.cnf.5
7771
for manpage in man*/* ; do
@@ -105,7 +99,7 @@
10599
done
106100
popd
107101

108-
@@ -424,11 +438,11 @@
102+
@@ -424,11 +432,11 @@
109103
# can have both a 32- and 64-bit version of the library, and they each need
110104
# their own correct-but-different versions of opensslconf.h to be usable.
111105
install -m644 %{SOURCE10} \

resources/patches/openssl/openssl-1.1.1k-CVE-2023-3446-fips.patch

Lines changed: 0 additions & 53 deletions
This file was deleted.

resources/patches/openssl/openssl-1.1.1k-CVE-2023-5678-fips.patch

Lines changed: 0 additions & 145 deletions
This file was deleted.

0 commit comments

Comments
 (0)