diff --git a/fix-FIPS-getenv-problem.patch b/fix-FIPS-getenv-problem.patch new file mode 100644 index 0000000000000000000000000000000000000000..df05aef7dde3dc03e4899b16b1f48fac3d2f2dab --- /dev/null +++ b/fix-FIPS-getenv-problem.patch @@ -0,0 +1,30 @@ +diff --git a/crypto/o_init.c b/crypto/o_init.c +index b1eef43..4fbb0e5 100644 +--- a/crypto/o_init.c ++++ b/crypto/o_init.c +@@ -7,7 +7,7 @@ + * https://www.openssl.org/source/license.html + */ + +-/* for secure_getenv */ ++/* for ossl_safe_getenv */ + #define _GNU_SOURCE + #include "e_os.h" + #include +@@ -21,6 +21,7 @@ + # include + # include + # include "crypto/fips.h" ++# include "internal/cryptlib.h" + + # define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + +@@ -29,7 +30,7 @@ static void init_fips_mode(void) + char buf[2] = "0"; + int fd; + +- if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { + buf[0] = '1'; + } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; diff --git a/openssl.spec b/openssl.spec index 39dbe2c742ce84687c945e5a7233a41470561a00..80e28c6cca3f4ce17c8298055e209e9b34f2882e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1f -Release: 27 +Release: 28 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -112,6 +112,7 @@ Patch101: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized- Patch102: backport-Update-further-expiring-certificates-that-affect-tes.patch Patch103: backport-CVE-2023-3817.patch Patch104: backport-CVE-2023-3817-testcase.patch +Patch105: fix-FIPS-getenv-problem.patch BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel @@ -296,6 +297,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Thu Sep 7 2023 reverse-world - 1:1.1.1f-28 +- fix FIPS getenv compatibility problem + * Thu Aug 3 2023 liningjie - 1:1.1.1f-27 - fix CVE-2023-3817