|
@@ -9,7 +9,7 @@
|
|
|
|
|
|
Summary: Secure Sockets Layer Toolkit
|
|
Summary: Secure Sockets Layer Toolkit
|
|
Name: openssl
|
|
Name: openssl
|
|
-Version: 3.0.2
|
|
|
|
|
|
+Version: 3.0.4
|
|
Release: 1%{_dist_release}
|
|
Release: 1%{_dist_release}
|
|
Group: system,security
|
|
Group: system,security
|
|
Vendor: Project Vine
|
|
Vendor: Project Vine
|
|
@@ -52,8 +52,25 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
|
|
#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
|
|
#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
|
|
# remove unsupported EC curves
|
|
# remove unsupported EC curves
|
|
Patch11: 0011-Remove-EC-curves.patch
|
|
Patch11: 0011-Remove-EC-curves.patch
|
|
|
|
+# Disable explicit EC curves
|
|
|
|
+Patch12: 0012-Disable-explicit-ec.patch
|
|
# Instructions to load legacy provider in openssl.cnf
|
|
# Instructions to load legacy provider in openssl.cnf
|
|
#Patch24: 0024-load-legacy-prov.patch
|
|
#Patch24: 0024-load-legacy-prov.patch
|
|
|
|
+# Selectively disallow SHA1 signatures rhbz#2070977
|
|
|
|
+Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
|
|
|
|
+# Backport of patch for RHEL for Edge rhbz #2027261
|
|
|
|
+Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
|
|
|
+# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
|
|
|
|
+Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
|
|
|
|
+# Instrument with USDT probes related to SHA-1 deprecation
|
|
|
|
+#Patch53: 0053-Add-SHA1-probes.patch
|
|
|
|
+# https://github.com/openssl/openssl/pull/18103
|
|
|
|
+# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
|
|
|
|
+# so the patch should persist
|
|
|
|
+Patch56: 0056-strcasecmp.patch
|
|
|
|
+# https://github.com/openssl/openssl/pull/18444
|
|
|
|
+#Patch58: 0058-replace-expired-certs.patch
|
|
|
|
+
|
|
|
|
|
|
# security fix
|
|
# security fix
|
|
# none
|
|
# none
|
|
@@ -402,6 +419,9 @@ install -m644 %{SOURCE9} \
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
%changelog
|
|
|
|
+* Wed Jun 22 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.4-1
|
|
|
|
+- new upstream release.
|
|
|
|
+
|
|
* Wed Mar 16 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.2-1
|
|
* Wed Mar 16 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.2-1
|
|
- new upstream release.
|
|
- new upstream release.
|
|
|
|
|