public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: fix regression in EVP_PBE_scrypt() (#1688284)
Date: Tue, 09 Jun 2026 12:44:26 GMT [thread overview]
Message-ID: <178100906620.1.15303980151203044970.rpms-openssl-c99b8bf7f97f@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : c99b8bf7f97fa320fa92a7e33543c13276e3a2fe
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2019-03-15T16:05:02+01:00
Stats : +23/-15 in 4 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/c99b8bf7f97fa320fa92a7e33543c13276e3a2fe?branch=rebase_40beta
Log:
fix regression in EVP_PBE_scrypt() (#1688284)
fix incorrect help message in ca app (#1553206)
---
diff --git a/openssl-1.1.0-apps-dgst.patch b/openssl-1.1.0-apps-dgst.patch
deleted file mode 100644
index af10684..0000000
--- a/openssl-1.1.0-apps-dgst.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.1.0-pre5/apps/ca.c.dgst openssl-1.1.0-pre5/apps/ca.c
---- openssl-1.1.0-pre5/apps/ca.c.dgst 2016-04-19 16:57:52.000000000 +0200
-+++ openssl-1.1.0-pre5/apps/ca.c 2016-07-18 15:58:18.516742682 +0200
-@@ -216,7 +216,7 @@ OPTIONS ca_options[] = {
- {"enddate", OPT_ENDDATE, 's',
- "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
- {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
-- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
-+ {"md", OPT_MD, 's', "md to use; see openssl dgst -h for list"},
- {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
- {"keyfile", OPT_KEYFILE, 's', "Private key"},
- {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
diff --git a/openssl-1.1.1-apps-dgst.patch b/openssl-1.1.1-apps-dgst.patch
new file mode 100644
index 0000000..655b6e2
--- /dev/null
+++ b/openssl-1.1.1-apps-dgst.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
+--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
+@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
+ {"enddate", OPT_ENDDATE, 's',
+ "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
+ {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
+- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
++ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
+ {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+ {"keyfile", OPT_KEYFILE, 's', "Private key"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch
index e71d84a..48169fa 100644
--- a/openssl-1.1.1-evp-kdf.patch
+++ b/openssl-1.1.1-evp-kdf.patch
@@ -634,7 +634,7 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
/*
* Maximum permitted memory allow this to be overridden with Configuration
* option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
-@@ -160,107 +37,39 @@ int EVP_PBE_scrypt(const char *pass, siz
+@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
unsigned char *key, size_t keylen)
{
@@ -706,6 +706,10 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
+ if (pass == NULL) {
+ pass = empty;
+ passlen = 0;
++ }
++ if (salt == NULL) {
++ salt = (const unsigned char *)empty;
++ saltlen = 0;
}
-
if (maxmem == 0)
diff --git a/openssl.spec b/openssl.spec
index 9c89bab..f5b5845 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1b
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -47,7 +47,7 @@ Patch21: openssl-1.1.0-issuer-hash.patch
# Functionality changes
Patch31: openssl-1.1.1-conf-paths.patch
Patch32: openssl-1.1.1-version-add-engines.patch
-Patch33: openssl-1.1.0-apps-dgst.patch
+Patch33: openssl-1.1.1-apps-dgst.patch
Patch36: openssl-1.1.1-no-brainpool.patch
Patch37: openssl-1.1.1-ec-curves.patch
Patch38: openssl-1.1.1-no-weak-verify.patch
@@ -448,6 +448,10 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
+* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-3
+- fix regression in EVP_PBE_scrypt() (#1688284)
+- fix incorrect help message in ca app (#1553206)
+
* Fri Mar 1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2
- use .include = syntax in the config file to allow it
to be parsed by 1.0.2 version (#1668916)
reply other threads:[~2026-06-09 12:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100906620.1.15303980151203044970.rpms-openssl-c99b8bf7f97f@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox