public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Sahana Prasad <sahana@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Rebase to upstream version 3.1.4
Date: Tue, 09 Jun 2026 12:45:14 GMT [thread overview]
Message-ID: <178100911428.1.6139705292123366671.rpms-openssl-e331fc1326c2@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : e331fc1326c2b7ab9fefaf8fcbf2bf7d58243199
Author : Sahana Prasad <sahana@redhat.com>
Date : 2023-10-26T12:29:21+02:00
Stats : +66/-55 in 7 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/e331fc1326c2b7ab9fefaf8fcbf2bf7d58243199?branch=rebase_40beta
Log:
Rebase to upstream version 3.1.4
Signed-off-by: Sahana Prasad <sahana@redhat.com>
---
diff --git a/.gitignore b/.gitignore
index c518dfe..f10a7f7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -59,3 +59,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-3.0.8-hobbled.tar.gz
/openssl-3.0.8.tar.gz
/openssl-3.1.1.tar.gz
+/openssl-3.1.4.tar.gz
diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch
index 66d62e0..c31e09b 100644
--- a/0003-Do-not-install-html-docs.patch
+++ b/0003-Do-not-install-html-docs.patch
@@ -1,18 +1,22 @@
-From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:05:55 +0200
-Subject: Do not install html docs
+From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 19 Oct 2023 13:12:39 +0200
+Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch
-(was openssl-1.1.1-no-html.patch)
+Patch-name: 0003-Do-not-install-html-docs.patch
+Patch-id: 3
+Patch-status: |
+ # # Do not install html docs
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
---
Configurations/unix-Makefile.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 342e46d24d..9f369edf0e 100644
+index a48fae5fb8..56b42926e7 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
@@ -20,7 +24,7 @@ index 342e46d24d..9f369edf0e 100644
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
- $(RM) -r $(DESTDIR)$(DOCDIR)
+ $(RM) -r "$(DESTDIR)$(DOCDIR)"
--
-2.26.2
+2.41.0
diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch
index adab1f1..3894422 100644
--- a/0033-FIPS-embed-hmac.patch
+++ b/0033-FIPS-embed-hmac.patch
@@ -1,13 +1,13 @@
-From ed02a8b9e767224dc7512a4a176e4aae045b3573 Mon Sep 17 00:00:00 2001
+From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
+Date: Thu, 19 Oct 2023 13:12:40 +0200
Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch
Patch-name: 0033-FIPS-embed-hmac.patch
Patch-id: 33
Patch-status: |
- # Embed HMAC into the fips.so
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # Embed HMAC into the fips.so
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
---
providers/fips/self_test.c | 70 ++++++++++++++++++++++++---
test/fipsmodule.cnf | 2 +
@@ -21,10 +21,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
create mode 100644 test/fipsmodule.cnf
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index 10804d9f59..5e418a2c11 100644
+index b8dc9817b2..e3a629018a 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
-@@ -231,11 +231,27 @@ err:
+@@ -230,11 +230,27 @@ err:
return ok;
}
@@ -52,7 +52,7 @@ index 10804d9f59..5e418a2c11 100644
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
@@ -76,7 +76,7 @@ index 10804d9f59..5e418a2c11 100644
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL)
goto err;
-@@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err;
@@ -121,7 +121,7 @@ index 10804d9f59..5e418a2c11 100644
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err;
-@@ -283,6 +339,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
goto err;
ret = 1;
err:
@@ -129,8 +129,8 @@ index 10804d9f59..5e418a2c11 100644
OSSL_SELF_TEST_onend(ev, ret);
EVP_MAC_CTX_free(ctx);
EVP_MAC_free(mac);
-@@ -349,8 +406,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- CRYPTO_THREAD_unlock(fips_state_lock);
+@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ return 0;
}
- if (st == NULL
@@ -139,7 +139,7 @@ index 10804d9f59..5e418a2c11 100644
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
}
-@@ -359,8 +415,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
@@ -151,7 +151,7 @@ index 10804d9f59..5e418a2c11 100644
if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
-@@ -434,7 +491,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
end:
EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev);
@@ -207,12 +207,12 @@ index b8b136d110..8242f4ebc3 100644
# Compatible options for pedantic FIPS compliance
my @pedantic_okay =
diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
-index 426bd660d1..6dc514936b 100644
+index c8f145405b..56a2ec5dc4 100644
--- a/test/recipes/30-test_defltfips.t
+++ b/test/recipes/30-test_defltfips.t
-@@ -21,7 +21,7 @@ BEGIN {
- use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
+@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
+ plan skip_all => "Configuration loading is turned off"
+ if disabled("autoload-config");
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch
index 2656115..06dda9a 100644
--- a/0047-FIPS-early-KATS.patch
+++ b/0047-FIPS-early-KATS.patch
@@ -1,22 +1,22 @@
-From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001
+From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch
+Date: Thu, 19 Oct 2023 13:12:40 +0200
+Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch
Patch-name: 0047-FIPS-early-KATS.patch
Patch-id: 47
Patch-status: |
- # Execute KATS before HMAC verification
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # Execute KATS before HMAC verification
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
---
providers/fips/self_test.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index ef56002854..062d9df84a 100644
+index e3a629018a..3c09bd8638 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
-@@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (ev == NULL)
goto end;
@@ -33,7 +33,7 @@ index ef56002854..062d9df84a 100644
module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container);
-@@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
}
}
@@ -50,8 +50,8 @@ index ef56002854..062d9df84a 100644
- }
-
/* Verify that the RNG has been restored properly */
- testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
- if (testrand == NULL
+ rng = ossl_rand_get0_private_noncreating(st->libctx);
+ if (rng != NULL)
--
2.41.0
diff --git a/0079-RSA-PKCS15-implicit-rejection.patch b/0079-RSA-PKCS15-implicit-rejection.patch
index 09701c8..c72f6e9 100644
--- a/0079-RSA-PKCS15-implicit-rejection.patch
+++ b/0079-RSA-PKCS15-implicit-rejection.patch
@@ -1,13 +1,13 @@
-From a0d7a92474123c1fb11e13491d2d37f6c43321b0 Mon Sep 17 00:00:00 2001
+From a4ca1cac6b38efe0de1d8afb506cea29f8c60aec Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:29 +0200
-Subject: [PATCH 35/48] 0079-RSA-PKCS15-implicit-rejection.patch
+Date: Thu, 19 Oct 2023 13:12:41 +0200
+Subject: [PATCH 34/46] 0079-RSA-PKCS15-implicit-rejection.patch
Patch-name: 0079-RSA-PKCS15-implicit-rejection.patch
Patch-id: 79
Patch-status: |
- # https://github.com/openssl/openssl/pull/13817
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+ # # https://github.com/openssl/openssl/pull/13817
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
---
crypto/cms/cms_env.c | 7 +
crypto/evp/ctrl_params_translate.c | 6 +
@@ -30,10 +30,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
18 files changed, 962 insertions(+), 8 deletions(-)
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index 3105d37726..58d44e1940 100644
+index 99cf1dcb39..730f638969 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
-@@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+@@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
if (!ossl_cms_env_asn1_ctrl(ri, 1))
goto err;
@@ -48,12 +48,12 @@ index 3105d37726..58d44e1940 100644
ktri->encryptedKey->data,
ktri->encryptedKey->length) <= 0)
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
-index d6f8a10840..51f9a2da57 100644
+index 80947b0932..b10ba41e85 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
-@@ -2256,6 +2256,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
+@@ -2265,6 +2265,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
- OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
+ OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
+ { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
+ EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL,
@@ -515,7 +515,7 @@ index 51507fc030..5cd2b26879 100644
* ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
* padding from a decrypted RSA message in a TLS signature. The result is stored
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
-index 44c819a5c3..6556a9ad28 100644
+index 0bf5ac098a..81b031f81b 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -52,6 +52,8 @@ typedef struct {
@@ -565,7 +565,7 @@ index 44c819a5c3..6556a9ad28 100644
}
*outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
-@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+@@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
*(unsigned char **)p2 = rctx->oaep_label;
return rctx->oaep_labellen;
@@ -614,7 +614,7 @@ index b0054ead66..dd87829798 100644
=head1 RSA-PSS ALGORITHM
diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
-index 186e49e5e4..eab34979de 100644
+index 0a32fd965b..4c462abc8c 100644
--- a/doc/man1/openssl-rsautl.pod.in
+++ b/doc/man1/openssl-rsautl.pod.in
@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
@@ -762,10 +762,10 @@ index 949873d0ee..f267e5d9d1 100644
size_t tlen,
const unsigned char *from,
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
-index b431b9f871..f185bc9342 100644
+index 6248dda659..300d1129a4 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
-@@ -296,6 +296,7 @@ extern "C" {
+@@ -297,6 +297,7 @@ extern "C" {
#define OSSL_PKEY_PARAM_DIST_ID "distid"
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
@@ -773,7 +773,7 @@ index b431b9f871..f185bc9342 100644
/* Diffie-Hellman/DSA Parameters */
#define OSSL_PKEY_PARAM_FFC_P "p"
-@@ -472,6 +473,7 @@ extern "C" {
+@@ -473,6 +474,7 @@ extern "C" {
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
diff --git a/openssl.spec b/openssl.spec
index 4bda214..0ac4d64 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 3.1.1
-Release: 4%{?dist}
+Version: 3.1.4
+Release: 1%{?dist}
Epoch: 1
Source: openssl-%{version}.tar.gz
Source2: Makefile.certificate
@@ -478,6 +478,12 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
+* Thu Oct 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.4-1
+- Rebase to upstream version 3.1.4
+
+* Thu Oct 19 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.3-1
+- Rebase to upstream version 3.1.3
+
* Thu Aug 31 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-4
- Drop duplicated patch and do some contamination
diff --git a/sources b/sources
index b60869c..1afcd8c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
+SHA512 (openssl-3.1.4.tar.gz) = 4cd204b934cf3250dad985438d7ffd98e17f5d79086b379a0022d92c66e340b0b3a0357aaf606004d7f50cfc4c8964ac34c45d7cb0735cfa68f4fec65bd9d18f
reply other threads:[~2026-06-09 12:45 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100911428.1.6139705292123366671.rpms-openssl-e331fc1326c2@fedoraproject.org \
--to=sahana@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox