Update to alpha 16 version

Avoids sending alert after orderly connection close Resolves: rhbz#1952901, rhbz#1903209 Signed-off-by: Sahana Prasad <sahana@redhat.com>
4 years ago · ef962954ab
parent eeabdb936d
commit ef962954ab
7 changed files with 15870 additions and 44 deletions
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@ -322,9 +322,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- EVP_CIPHER_CTX_get0_cipher              ?	3_0_0	EXIST::FUNCTION:
- EVP_CIPHER_CTX_get1_cipher              ?	3_0_0	EXIST::FUNCTION:
- OSSL_LIB_CTX_get0_global_default        ?	3_0_0	EXIST::FUNCTION:
+ BIO_new_ex                              ?	3_0_0	EXIST::FUNCTION:
+ BIO_s_core                              ?	3_0_0	EXIST::FUNCTION:
+ OSSL_LIB_CTX_new_from_dispatch          ?	3_0_0	EXIST::FUNCTION:
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2
--- a/0009-Add-Kernel-FIPS-mode-flag-support.patch
+++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch
@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips	2021-03-16 00:09:55.814826432 +0100
 +++ openssl-3.0.0-alpha13/crypto/context.c	2021-03-16 00:15:55.129043811 +0100
@@ -12,11 +12,54 @@
- #include "internal/property.h"
 #include "internal/core.h"
+ #include "internal/bio.h"
 
 +#ifndef FIPS_MODULE
 +# include <sys/types.h>
--- a/0010-Avoid-sending-alert-after-shutdown.patch
+++ b/0010-Avoid-sending-alert-after-shutdown.patch
@ -0,0 +1,12 @@
+diff -up openssl-3.0.0-alpha16/ssl/s3_msg.c.shut-down openssl-3.0.0-alpha16/ssl/s3_msg.c
+--- openssl-3.0.0-alpha16/ssl/s3_msg.c.shut-down	2021-05-17 11:11:11.050702699 +0200
+++ openssl-3.0.0-alpha16/ssl/s3_msg.c	2021-05-17 11:12:37.741526784 +0200
+@@ -52,6 +52,8 @@ int ssl3_send_alert(SSL *s, int level, i
+                                           * protocol_version alerts */
+     if (desc < 0)
+         return -1;
+    if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
+        return -1;
+     /* If a fatal one, remove from cache */
+     if ((level == SSL3_AL_FATAL) && (s->session != NULL))
+         SSL_CTX_remove_session(s->session_ctx, s->session);
--- a/0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch
+++ b/0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch
@ -1,16 +0,0 @@
-diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.diff openssl-3.0.0-alpha13/test/evp_extra_test.c
--- openssl-3.0.0-alpha13/test/evp_extra_test.c.diff	2021-04-01 17:59:42.096566581 +0200
-+++ openssl-3.0.0-alpha13/test/evp_extra_test.c	2021-04-01 18:21:38.433182330 +0200
-@@ -2415,8 +2415,11 @@ err:
- 
- #ifndef OPENSSL_NO_EC
- static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
-    NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
-+    NID_secp384r1, NID_secp521r1,
-+#ifndef OPENSSL_NO_EC2M
-+    NID_sect233k1, NID_sect233r1, NID_sect283r1,
-     NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
-+#endif
-     NID_brainpoolP384r1, NID_brainpoolP512r1};
- 
- static int test_ecpub(int idx)
--- a/0011-Remove-EC-curves.patch
+++ b/0011-Remove-EC-curves.patch
--- a/openssl.spec
+++ b/openssl.spec
@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 0.alpha15.1%{?dist}
+Release: 0.alpha16.1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -50,8 +50,8 @@ Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
 Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
 # Add check to see if fips flag is enabled in kernel
 Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
-# Fixes EVP extra test by removing 7 unsupported curves
-Patch10: 0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch
+# Avoid sending alerts after shutdown
+Patch10: 0010-Avoid-sending-alert-after-shutdown.patch
 # remove unsupported EC curves
 Patch11: 0011-Remove-EC-curves.patch

@ -109,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.

 %prep
-%autosetup -S git -n %{name}-%{version}-alpha15
+%autosetup -S git -n %{name}-%{version}-alpha16

 # The hobble_openssl is called here redundantly, just to be sure.
 # The tarball has already the sources removed.
@ -372,6 +372,10 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs

 %changelog
+* Mon May 17 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.1
+- Update to alpha 16 version
+  Resolves: rhbz#1952901 openssl sends alert after orderly connection close
+
 * Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1
 - Update to alpha 15 version
  Resolves: rhbz#1903209, rhbz#1952598, 
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-3.0.0-hobbled.tar.xz) = aeb95ea4781cf18d61150abe2e8307d4985928b0385170da62504eaf30370d3a564642028b362c4bc366acffa043c3f136d67bd2401719bb3c2cdf79a86511ba
+SHA512 (openssl-3.0.0-hobbled.tar.xz) = fa5e40d22f0358b39d8eb47ee675e91ad88a93a5234dab12b27ec19c455a701042a3a70541fee1ba7ee28dbbca6024e84deb5b2fa6cc7e773374ea1e067a1b80