[rpms/openssl] rebase_40beta: Rebasing to OpenSSL 3.0.3

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Dmitry Belyavskiy <dbelyavs@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Rebasing to OpenSSL 3.0.3
Date: Tue, 09 Jun 2026 12:45:00 GMT	[thread overview]
Message-ID: <178100910081.1.24089630161303822.rpms-openssl-8a03afa13c08@fedoraproject.org> (raw)

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 8a03afa13c08242e8855f1d57ad8d5e34afd38bc
            Author : Dmitry Belyavskiy <dbelyavs@redhat.com>
            Date   : 2022-06-01T17:29:35+02:00
            Stats  : +72/-7 in 7 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/8a03afa13c08242e8855f1d57ad8d5e34afd38bc?branch=rebase_40beta

            Log:
            Rebasing to OpenSSL 3.0.3

Resolves: rhbz#2091987

---
diff --git a/.gitignore b/.gitignore
index 1f052ee..e4d664d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.1.1k-hobbled.tar.xz
 /openssl-3.0.0-hobbled.tar.xz
 /openssl-3.0.2-hobbled.tar.gz
+/openssl-3.0.3-hobbled.tar.gz

diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
index 9917fcf..7a97dee 100644
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
  EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2

diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch
index e316a4b..216c527 100644
--- a/0049-Allow-disabling-of-SHA1-signatures.patch
+++ b/0049-Allow-disabling-of-SHA1-signatures.patch
@@ -493,8 +493,8 @@ index 10b4e57d79..2d3c363bb0 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex                        5552	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
 +ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:

diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch
new file mode 100644
index 0000000..5c33a76
--- /dev/null
+++ b/0056-strcasecmp.patch
@@ -0,0 +1,14 @@
+diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
+--- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
++++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
+@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
+ ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
+-OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+-OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
++OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
++OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
+ ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
+ ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
+ ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:

diff --git a/0058-replace-expired-certs.patch b/0058-replace-expired-certs.patch
new file mode 100644
index 0000000..c88e94f
--- /dev/null
+++ b/0058-replace-expired-certs.patch
@@ -0,0 +1,38 @@
+diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
+index 1fa449d5a098..6aa9455f09ed 100644
+--- a/test/certs/embeddedSCTs1_issuer.pem
++++ b/test/certs/embeddedSCTs1_issuer.pem
+@@ -1,18 +1,18 @@
+ -----BEGIN CERTIFICATE-----
+-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
++MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+ MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
+-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
+-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
+-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
+-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
+-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
+-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
+-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
+-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
+-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
+-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
+-OwqULg==
++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
++ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
++YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
++gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
++0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
++SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
++acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
++wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
++CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
++MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
++AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
+++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
++2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
++Doud4XrO
+ -----END CERTIFICATE-----

diff --git a/openssl.spec b/openssl.spec
index a2ef2e7..714320d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -14,8 +14,8 @@
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.0.2
-Release: 4%{?dist}
+Version: 3.0.3
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -79,6 +79,12 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
 # Instrument with USDT probes related to SHA-1 deprecation
 Patch53: 0053-Add-SHA1-probes.patch
 %endif
+# https://github.com/openssl/openssl/pull/18103
+# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
+# so the patch should persist
+Patch56: 0056-strcasecmp.patch
+# https://github.com/openssl/openssl/pull/18444
+Patch58: 0058-replace-expired-certs.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -410,6 +416,12 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Jun 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.3-1
+- Rebase to upstream version 3.0.3
+
+* Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-5
+- Instrument with USDT probes related to SHA-1 deprecation
+
 * Wed Apr 27 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-4
 - Support rsa_pkcs1_md5_sha1 in TLS 1.0/1.1 with rh-allow-sha1-signatures = yes
   to restore TLS 1.0 and 1.1 support in LEGACY crypto-policy.

diff --git a/sources b/sources
index 3437431..134d27a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.0.2-hobbled.tar.gz) = e62f95ef9a81555f8c7bb4e68bfbd14bd81040f112dd88a1e515160623e6d3a0b68d0d8b9b12905f67b06834bd152edfbabca4b528a4887b15dd153d60ad36d5
+SHA512 (openssl-3.0.3-hobbled.tar.gz) = 474a6309e0457ad33ec4b5f98606ba7ee6fa15dd0abb26a1da80fa37e3fc0ec535b858e03aceb4ce675dcce6a26796c802d8bf8ebb4adc350e6b3ea95810a61b

                 reply	other threads:[~2026-06-09 12:45 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100910081.1.24089630161303822.rpms-openssl-8a03afa13c08@fedoraproject.org \
    --to=dbelyavs@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox