From ccc44492970582d5d58abc8b8e8f8879ac3bd32d Mon Sep 17 00:00:00 2001 From: reverse-world Date: Fri, 8 Sep 2023 22:30:17 +0800 Subject: [PATCH] fix FIPS getenv compatibility problem fix FIPS getenv compatibility problem fix FIPS getenv compatibility problem fix FIPS getenv compatibility problem fix FIPS getenv compatibility problem --- Fix-FIPS-getenv-build-failure.patch | 30 +++++++++++++++++++++++++++++ openssl.spec | 6 +++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 Fix-FIPS-getenv-build-failure.patch diff --git a/Fix-FIPS-getenv-build-failure.patch b/Fix-FIPS-getenv-build-failure.patch new file mode 100644 index 0000000..fc57d2d --- /dev/null +++ b/Fix-FIPS-getenv-build-failure.patch @@ -0,0 +1,30 @@ +diff --git a/crypto/o_init.c b/crypto/o_init.c +index b1eef43..4fbb0e5 100644 +--- a/crypto/o_init.c ++++ b/crypto/o_init.c +@@ -7,7 +7,7 @@ + * https://www.openssl.org/source/license.html + */ + +-/* for secure_getenv */ ++/* for ossl_safe_getenv */ + #define _GNU_SOURCE + #include "e_os.h" + #include +@@ -21,6 +21,7 @@ + # include + # include + # include "crypto/fips.h" ++# include "internal/cryptlib.h" + + # define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + +@@ -29,7 +30,7 @@ static void init_fips_mode(void) + char buf[2] = "0"; + int fd; + +- if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { + buf[0] = '1'; + } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; diff --git a/openssl.spec b/openssl.spec index a13037d..96c93ac 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 22 +Release: 23 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -65,6 +65,7 @@ Patch54: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized- Patch55: backport-update-expired-certificates-for-sm2.patch Patch56: backport-CVE-2023-3817.patch Patch57: backport-CVE-2023-3817-testcase.patch +Patch58: Fix-FIPS-getenv-build-failure.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -267,6 +268,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Sep 8 2023 reverse-world - 1:1.1.1m-23 +- fix FIPS getenv compatibility problem + * Wed Aug 2 2023 liningjie - 1:1.1.1m-22 - fix CVE-2023-3817 -- Gitee