diff --git a/0131-sslgroups-memleak.patch b/0131-sslgroups-memleak.patch new file mode 100644 index 0000000..f292790 --- /dev/null +++ b/0131-sslgroups-memleak.patch @@ -0,0 +1,12 @@ +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 51c2283db915d..0928a30c2d37b 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -765,6 +765,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, + tmparr = OPENSSL_memdup(gcb.gid_arr, gcb.gidcnt * sizeof(*tmparr)); + if (tmparr == NULL) + goto end; ++ OPENSSL_free(*pext); + *pext = tmparr; + *pextlen = gcb.gidcnt; + ret = 1; diff --git a/openssl.spec b/openssl.spec index e050ec3..854a07a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -204,6 +204,8 @@ Patch128: 0128-CVE-2023-5363.patch # https://github.com/openssl/openssl/pull/22403 Patch129: 0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch Patch130: 0130-CVE-2023-5678.patch +# https://github.com/openssl/openssl/pull/20317 +Patch131: 0131-sslgroups-memleak.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -538,6 +540,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco Resolves: RHEL-17104 - Add a directory for OpenSSL providers configuration Resolves: RHEL-17193 +- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context + Resolves: RHEL-19515 * Mon Oct 16 2023 Dmitry Belyavskiy - 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted