Revert "We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream"

This reverts commit f2a49ef424.
2 years ago · 0c023023d6
parent a3e063a370
commit 0c023023d6
2 changed files with 10 additions and 54 deletions
--- a/0056-strcasecmp.patch
+++ b/0056-strcasecmp.patch
@ -1,54 +1,14 @@
 diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
 --- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
 +++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
-@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
+@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
+ ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
- OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
- OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
-+OPENSSL_strcasecmp                      ?	3_0_1	EXIST::FUNCTION:
-+OPENSSL_strncasecmp                     ? 	3_0_1	EXIST::FUNCTION:
+-OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+-OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
+OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
+OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
 ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
 ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
-diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
--- openssl-3.0.7/crypto/o_str.c.cmp	2022-11-25 12:50:22.449760653 +0100
-+++ openssl-3.0.7/crypto/o_str.c	2022-11-25 12:51:19.416350584 +0100
-@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
- #endif
- }
- 
-int OPENSSL_strcasecmp(const char *s1, const char *s2)
-+int
-+#ifndef FIPS_MODULE
-+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
-+                    symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
-+#endif
-+OPENSSL_strcasecmp(const char *s1, const char *s2)
- {
-     int t;
- 
-@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
-     return t;
- }
- 
-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
-+int
-+#ifndef FIPS_MODULE
-+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
-+                    symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
-+#endif
-+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
- {
-     int t;
-     size_t i;
-diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp	2022-11-25 18:19:05.669769076 +0100
-+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t	2022-11-25 18:31:20.993392678 +0100
-@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
-                 s| .*||;
-                 # Drop OpenSSL dynamic version information if there is any
-                 s|\@\@.+$||;
-+                s|\@.+$||;
-                 # Return the result
-                 $_
-             }
--- a/openssl3.spec
+++ b/openssl3.spec
@ -95,11 +95,7 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
 # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
 Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
-# Originally from https://github.com/openssl/openssl/pull/18103
-# As we rebased to 3.0.7 and used the version of the function
-# not matching the upstream one, we have to use aliasing.
-# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
-# should also be removed
+# https://github.com/openssl/openssl/pull/18103
 Patch56: 0056-strcasecmp.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
 Patch58: 0058-FIPS-limit-rsa-encrypt.patch
@ -295,8 +291,7 @@ export HASHBANGPERL=/usr/bin/perl
 	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
 	enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
 	no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
-	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
-	-Wl,--allow-multiple-definition
+	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'

 # Do not run this in a production package the FIPS symbols must be patched-in
 #util/mkdef.pl crypto update
@ -504,6 +499,7 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/{make,renew}-dummy-cert
 %changelog
 * Thu Feb 09 2023 Michel Alexandre Salim <salimma@fedoraproject.org> 3.0.7-5.1
 - Merge c9s openssl changes to pick up CVE fixes
+- Back out f2a49ef424f831aac988356fc8b2b910e443dc42 as that caused test failures

 * Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5
 - Fixed X.509 Name Constraints Read Buffer Overflow