Skip to content

Commit

Permalink
openssl: Fix CVE-2023-50782 affecting python-cryptography (#9209)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcamposeco
jcamposeco authored Jun 5, 2024
1 parent f91578a commit 92416a7
Show file tree
Hide file tree
Showing 6 changed files with 1,170 additions and 24 deletions.
1,141 changes: 1,141 additions & 0 deletions SPECS/openssl/openssl-1.1.1-pkcs1-implicit-rejection.patch
View file

Large diffs are not rendered by default.

9 changes: 7 additions & 2 deletions SPECS/openssl/openssl.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1k
Release: 30%{?dist}
Release: 31%{?dist}
License: OpenSSL
Vendor: Microsoft Corporation
Distribution: Mariner
Expand Down Expand Up @@ -61,6 +61,7 @@ Patch37: CVE-2023-3817.patch
Patch38: openssl-1.1.1-improve-safety-of-DH.patch
Patch39: openssl-1.1.1-add-null-checks-where-contentinfo-data-can-be-null.patch
Patch40: openssl-1.1.1-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch
Patch41: openssl-1.1.1-pkcs1-implicit-rejection.patch
BuildRequires: perl-Test-Warnings
BuildRequires: perl-Text-Template
BuildRequires: perl(FindBin)
Expand Down Expand Up @@ -174,6 +175,7 @@ cp %{SOURCE4} test/
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1

%build
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
Expand Down Expand Up @@ -363,8 +365,11 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
%postun libs -p /sbin/ldconfig

%changelog
* Thu May 23 2024 Juan Camposeco <juan.camposeco@gmail.com> - 1.1.1k-31
- Implicit rejection of PKCS#1 v1.5 (CVE-2023-50782)

* Fri Apr 19 2024 Tobias Brick <tobaisb@microsoft.com> - 1.1.1k-30
* Fix unconstrained session cache growth in TLSv1.3
- Fix unconstrained session cache growth in TLSv1.3

* Wed Feb 14 2024 Tobias Brick <tobiasb@microsoft.com> - 1.1.1k-29
- Introduce patch to correctly address NULL ContentInfo data
Expand Down
10 changes: 5 additions & 5 deletions toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.aarch64.rpm
gtk-doc-1.33.2-1.cm2.noarch.rpm
autoconf-2.71-3.cm2.noarch.rpm
automake-1.16.5-1.cm2.noarch.rpm
openssl-1.1.1k-30.cm2.aarch64.rpm
openssl-devel-1.1.1k-30.cm2.aarch64.rpm
openssl-libs-1.1.1k-30.cm2.aarch64.rpm
openssl-perl-1.1.1k-30.cm2.aarch64.rpm
openssl-static-1.1.1k-30.cm2.aarch64.rpm
openssl-1.1.1k-31.cm2.aarch64.rpm
openssl-devel-1.1.1k-31.cm2.aarch64.rpm
openssl-libs-1.1.1k-31.cm2.aarch64.rpm
openssl-perl-1.1.1k-31.cm2.aarch64.rpm
openssl-static-1.1.1k-31.cm2.aarch64.rpm
libcap-2.60-2.cm2.aarch64.rpm
libcap-devel-2.60-2.cm2.aarch64.rpm
debugedit-5.0-2.cm2.aarch64.rpm
Expand Down
10 changes: 5 additions & 5 deletions toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.x86_64.rpm
gtk-doc-1.33.2-1.cm2.noarch.rpm
autoconf-2.71-3.cm2.noarch.rpm
automake-1.16.5-1.cm2.noarch.rpm
openssl-1.1.1k-30.cm2.x86_64.rpm
openssl-devel-1.1.1k-30.cm2.x86_64.rpm
openssl-libs-1.1.1k-30.cm2.x86_64.rpm
openssl-perl-1.1.1k-30.cm2.x86_64.rpm
openssl-static-1.1.1k-30.cm2.x86_64.rpm
openssl-1.1.1k-31.cm2.x86_64.rpm
openssl-devel-1.1.1k-31.cm2.x86_64.rpm
openssl-libs-1.1.1k-31.cm2.x86_64.rpm
openssl-perl-1.1.1k-31.cm2.x86_64.rpm
openssl-static-1.1.1k-31.cm2.x86_64.rpm
libcap-2.60-2.cm2.x86_64.rpm
libcap-devel-2.60-2.cm2.x86_64.rpm
debugedit-5.0-2.cm2.x86_64.rpm
Expand Down
12 changes: 6 additions & 6 deletions toolkit/resources/manifests/package/toolchain_aarch64.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,12 +270,12 @@ npth-1.6-4.cm2.aarch64.rpm
npth-debuginfo-1.6-4.cm2.aarch64.rpm
npth-devel-1.6-4.cm2.aarch64.rpm
ntsysv-1.20-4.cm2.aarch64.rpm
openssl-1.1.1k-30.cm2.aarch64.rpm
openssl-debuginfo-1.1.1k-30.cm2.aarch64.rpm
openssl-devel-1.1.1k-30.cm2.aarch64.rpm
openssl-libs-1.1.1k-30.cm2.aarch64.rpm
openssl-perl-1.1.1k-30.cm2.aarch64.rpm
openssl-static-1.1.1k-30.cm2.aarch64.rpm
openssl-1.1.1k-31.cm2.aarch64.rpm
openssl-debuginfo-1.1.1k-31.cm2.aarch64.rpm
openssl-devel-1.1.1k-31.cm2.aarch64.rpm
openssl-libs-1.1.1k-31.cm2.aarch64.rpm
openssl-perl-1.1.1k-31.cm2.aarch64.rpm
openssl-static-1.1.1k-31.cm2.aarch64.rpm
p11-kit-0.24.1-1.cm2.aarch64.rpm
p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm
p11-kit-devel-0.24.1-1.cm2.aarch64.rpm
Expand Down
12 changes: 6 additions & 6 deletions toolkit/resources/manifests/package/toolchain_x86_64.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,12 +276,12 @@ npth-1.6-4.cm2.x86_64.rpm
npth-debuginfo-1.6-4.cm2.x86_64.rpm
npth-devel-1.6-4.cm2.x86_64.rpm
ntsysv-1.20-4.cm2.x86_64.rpm
openssl-1.1.1k-30.cm2.x86_64.rpm
openssl-debuginfo-1.1.1k-30.cm2.x86_64.rpm
openssl-devel-1.1.1k-30.cm2.x86_64.rpm
openssl-libs-1.1.1k-30.cm2.x86_64.rpm
openssl-perl-1.1.1k-30.cm2.x86_64.rpm
openssl-static-1.1.1k-30.cm2.x86_64.rpm
openssl-1.1.1k-31.cm2.x86_64.rpm
openssl-debuginfo-1.1.1k-31.cm2.x86_64.rpm
openssl-devel-1.1.1k-31.cm2.x86_64.rpm
openssl-libs-1.1.1k-31.cm2.x86_64.rpm
openssl-perl-1.1.1k-31.cm2.x86_64.rpm
openssl-static-1.1.1k-31.cm2.x86_64.rpm
p11-kit-0.24.1-1.cm2.x86_64.rpm
p11-kit-debuginfo-0.24.1-1.cm2.x86_64.rpm
p11-kit-devel-0.24.1-1.cm2.x86_64.rpm
Expand Down

0 comments on commit 92416a7

Please sign in to comment.