Browse Source

openssl-3.0.4-1

Tomohiro "Tomo-p" KATO 1 year ago
parent
commit
562a4bc5c3
1 changed files with 21 additions and 1 deletions
  1. 21 1
      o/openssl/openssl-vl.spec

+ 21 - 1
o/openssl/openssl-vl.spec

@@ -9,7 +9,7 @@
 
 Summary: Secure Sockets Layer Toolkit
 Name: openssl
-Version: 3.0.2
+Version: 3.0.4
 Release: 1%{_dist_release}
 Group: system,security
 Vendor: Project Vine
@@ -52,8 +52,25 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
 #Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
 # remove unsupported EC curves
 Patch11: 0011-Remove-EC-curves.patch
+# Disable explicit EC curves
+Patch12: 0012-Disable-explicit-ec.patch
 # Instructions to load legacy provider in openssl.cnf
 #Patch24: 0024-load-legacy-prov.patch
+# Selectively disallow SHA1 signatures rhbz#2070977
+Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
+# Backport of patch for RHEL for Edge rhbz #2027261
+Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
+# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
+Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
+# Instrument with USDT probes related to SHA-1 deprecation
+#Patch53: 0053-Add-SHA1-probes.patch
+# https://github.com/openssl/openssl/pull/18103
+# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
+# so the patch should persist
+Patch56: 0056-strcasecmp.patch
+# https://github.com/openssl/openssl/pull/18444
+#Patch58: 0058-replace-expired-certs.patch
+
 
 # security fix
 # none
@@ -402,6 +419,9 @@ install -m644 %{SOURCE9} \
 
 
 %changelog
+* Wed Jun 22 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.4-1
+- new upstream release.
+
 * Wed Mar 16 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.2-1
 - new upstream release.