NotificationsYou must be signed in to change notification settings
Fork600
Star4.5k

Commitaa96992

authored

[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade openssl to 3.3.5 CVEs - branch 3.0-dev (#14891)

Co-authored-by: Tobias Brick <tobiasb@microsoft.com>Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>Co-authored-by: jslobodzian <joslobo@microsoft.com>

1 parentfbb2526 commitaa96992Copy full SHA for aa96992

File tree

9 files changed

+40

-74

lines changed

9 files changed

+40

-74

lines changed

`‎SPECS/openssl/0008-Add-FIPS_mode-compatibility-macro.patch‎`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`		`-From8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001`
	`1`	`+Fromf803c320433fb1663a818a5ce97f39c3cd46fdd9 Mon Sep 17 00:00:00 2001`
`2`	`2`	`From: rpm-build <rpm-build>`
`3`	`3`	`Date: Mon, 31 Jul 2023 09:41:27 +0200`
`4`		`-Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch`
	`4`	`+Subject: [PATCH] 0008-Add-FIPS_mode-compatibility-macro.patch`
`5`	`5`
`6`	`6`	`Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch`
`7`	`7`	`Patch-id: 8`
`@@ -16,7 +16,7 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd`
`16`	`16`
`17`	`17`	`diff --git a/include/openssl/fips.h b/include/openssl/fips.h`
`18`	`18`	`new file mode 100644`
`19`		`-index0000000000..4162cbf88e`
	`19`	`+index0000000..4162cbf`
`20`	`20`	`--- /dev/null`
`21`	`21`	`+++ b/include/openssl/fips.h`
`22`	`22`	`@@ -0,0 +1,26 @@`
`@@ -47,10 +47,10 @@ index 0000000000..4162cbf88e`
`47`	`47`	`+# endif`
`48`	`48`	`+#endif`
`49`	`49`	`diff --git a/test/property_test.c b/test/property_test.c`
`50`		`-index45b1db3e85..8894c1c1cb 100644`
	`50`	`+indexe62ff24..37489e4 100644`
`51`	`51`	`--- a/test/property_test.c`
`52`	`52`	`+++ b/test/property_test.c`
`53`		`-@@ -677,6 +677,19 @@ static inttest_property_list_to_string(int i)`
	`53`	`+@@ -703,6 +703,19 @@ static inttest_property_list_to_string_bounds(void)`
`54`	`54`	`return ret;`
`55`	`55`	`}`
`56`	`56`
`@@ -70,14 +70,14 @@ index 45b1db3e85..8894c1c1cb 100644`
`70`	`70`	`int setup_tests(void)`
`71`	`71`	`{`
`72`	`72`	`ADD_TEST(test_property_string);`
`73`		`-@@ -690,6 +703,7 @@ int setup_tests(void)`
	`73`	`+@@ -716,6 +729,7 @@ int setup_tests(void)`
`74`	`74`	`ADD_TEST(test_property);`
`75`	`75`	`ADD_TEST(test_query_cache_stochastic);`
`76`	`76`	`ADD_TEST(test_fips_mode);`
`77`	`77`	`+ ADD_TEST(test_downstream_FIPS_mode);`
`78`	`78`	`ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));`
	`79`	`+ ADD_TEST(test_property_list_to_string_bounds);`
`79`	`80`	`return 1;`
`80`		`- }`
`81`	`81`	`--`
`82`		`-2.41.0`
	`82`	`+2.45.4`
`83`	`83`

`‎SPECS/openssl/Keep-the-provided-peer-EVP_PKEY-in-the-EVP_PKEY_CTX-too.patch‎`

Lines changed: 0 additions & 34 deletions

This file was deleted.

`‎SPECS/openssl/openssl.signatures.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,6 @@`
`5`	`5`	`"configuration-prefix.h":"11aba0dcfab381269e7e6ba1fdde1e4e8dfe51e39d8c7a2918f3b28a32cb98fd",`
`6`	`6`	`"configuration-switch.h":"400439d7e8c551e7d5de8bfc648dcc0ddf6f4a7552750af4813449f68941b928",`
`7`	`7`	`"genpatches":"9da7f988d4378adf499b1322e79f29e94c889c4bf10cd6e79e6991b673de2463",`
`8`		`-"openssl-3.3.3.tar.gz":"712590fd20aaa60ec75d778fe5b810d6b829ca7fb1e530577917a131f9105539"`
	`8`	`+"openssl-3.3.5.tar.gz":"9d62c00a5a6903740c8703f0e006257f429d565d3b91ac1a9bd4a4c700002e01"`
`9`	`9`	`}`
`10`	`10`	`}`

`‎SPECS/openssl/openssl.spec‎`

Lines changed: 7 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,8 @@`
`8`	`8`
`9`	`9`	`Summary: Utilities from the general purpose cryptography library with TLS implementation`
`10`	`10`	`Name: openssl`
`11`		`-Version: 3.3.3`
`12`		`-Release:3%{?dist}`
	`11`	`+Version: 3.3.5`
	`12`	`+Release:1%{?dist}`
`13`	`13`	`Vendor: Microsoft Corporation`
`14`	`14`	`Distribution: Azure Linux`
`15`	`15`	`Source: https://github.com/openssl/openssl/releases/download/openssl-%{version}/openssl-%{version}.tar.gz`
`@@ -29,7 +29,7 @@ Patch3: 0003-Do-not-install-html-docs.patch`
`29`	`29`	`Patch5: 0005-apps-ca-fix-md-option-help-text.patch`
`30`	`30`	`# # Disable signature verification with totally unsafe hash algorithms`
`31`	`31`	`Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch`
`32`		`-##Add FIPS_mode() compatibility macro`
	`32`	`+# Add FIPS_mode() compatibility macro`
`33`	`33`	`Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch`
`34`	`34`	`# # Add check to see if fips flag is enabled in kernel`
`35`	`35`	`Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch`
`@@ -62,10 +62,6 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch`
`62`	`62`	`# # See notes in the patch for details, but this patch will not be needed if`
`63`	`63`	`# # the openssl issue https://github.com/openssl/openssl/issues/7048 is ever implemented and released.`
`64`	`64`	`Patch80: 0001-Replacing-deprecated-functions-with-NULL-or-highest.patch`
`65`		`-# Fix crashes in openssl speed with providers that don't refcount keys.`
`66`		`-# Upstream: https://github.com/openssl/openssl/pull/26976 has been merged into 3.3, so if we`
`67`		`-# upgrade to 3.3.4 when it comes out, we can remove this patch.`
`68`		`-Patch81: Keep-the-provided-peer-EVP_PKEY-in-the-EVP_PKEY_CTX-too.patch`
`69`	`65`	`# The Symcrypt provider, which is our default, doesn't support some of the`
`70`	`66`	`# algorithms that are used in the speed tests. This patch skips those tests.`
`71`	`67`	`# If SymCrypt adds support, we should change and eventually remove this patch.`
`@@ -94,6 +90,7 @@ BuildRequires: sed`
`94`	`90`	`BuildRequires: perl(Math::BigInt)`
`95`	`91`	`BuildRequires: perl(Test::Harness)`
`96`	`92`	`BuildRequires: perl(Test::More)`
	`93`	`+BuildRequires: perl(Time::Piece)`
`97`	`94`	`%endif`
`98`	`95`
`99`	`96`	`Requires: %{name}-libs%{?_isa}= %{version}-%{release}`
`@@ -365,6 +362,9 @@ install -m644 %{SOURCE9} \`
`365`	`362`	`%ldconfig_scriptlets libs`
`366`	`363`
`367`	`364`	`%changelog`
	`365`	`+*Thu Oct 02 2025CBL-Mariner Servicing Account<cblmargh@microsoft.com> -3.3.5-1`
	`366`	`+-Auto-upgrade to 3.3.5 for CVE-2025-9230 and CVE-2025-9232`
	`367`	`+`
`368`	`368`	`*Mon Aug 25 2025Andrew Phelps<anphel@microsoft.com> -3.3.3-3`
`369`	`369`	`-Bump to rebuild with build-id fix from toolchain gcc`
`370`	`370`

`‎cgmanifest.json‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -15593,8 +15593,8 @@`
`15593`	`15593`	`"type": "other",`
`15594`	`15594`	`"other": {`
`15595`	`15595`	`"name": "openssl",`
`15596`		`- "version": "3.3.3",`
`15597`		`- "downloadUrl": "https://github.com/openssl/openssl/releases/download/openssl-3.3.3/openssl-3.3.3.tar.gz"`
	`15596`	`+ "version": "3.3.5",`
	`15597`	`+ "downloadUrl": "https://github.com/openssl/openssl/releases/download/openssl-3.3.5/openssl-3.3.5.tar.gz"`
`15598`	`15598`	`}`
`15599`	`15599`	`}`
`15600`	`15600`	`},`

`‎toolkit/resources/manifests/package/pkggen_core_aarch64.txt‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -170,11 +170,11 @@ gtk-doc-1.33.2-1.azl3.noarch.rpm`
`170`	`170`	`autoconf-2.72-2.azl3.noarch.rpm`
`171`	`171`	`automake-1.16.5-2.azl3.noarch.rpm`
`172`	`172`	`ocaml-srpm-macros-9-4.azl3.noarch.rpm`
`173`		`-openssl-3.3.3-3.azl3.aarch64.rpm`
`174`		`-openssl-devel-3.3.3-3.azl3.aarch64.rpm`
`175`		`-openssl-libs-3.3.3-3.azl3.aarch64.rpm`
`176`		`-openssl-perl-3.3.3-3.azl3.aarch64.rpm`
`177`		`-openssl-static-3.3.3-3.azl3.aarch64.rpm`
	`173`	`+openssl-3.3.5-1.azl3.aarch64.rpm`
	`174`	`+openssl-devel-3.3.5-1.azl3.aarch64.rpm`
	`175`	`+openssl-libs-3.3.5-1.azl3.aarch64.rpm`
	`176`	`+openssl-perl-3.3.5-1.azl3.aarch64.rpm`
	`177`	`+openssl-static-3.3.5-1.azl3.aarch64.rpm`
`178`	`178`	`libcap-2.69-8.azl3.aarch64.rpm`
`179`	`179`	`libcap-devel-2.69-8.azl3.aarch64.rpm`
`180`	`180`	`debugedit-5.0-2.azl3.aarch64.rpm`

`‎toolkit/resources/manifests/package/pkggen_core_x86_64.txt‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -170,11 +170,11 @@ gtk-doc-1.33.2-1.azl3.noarch.rpm`
`170`	`170`	`autoconf-2.72-2.azl3.noarch.rpm`
`171`	`171`	`automake-1.16.5-2.azl3.noarch.rpm`
`172`	`172`	`ocaml-srpm-macros-9-4.azl3.noarch.rpm`
`173`		`-openssl-3.3.3-3.azl3.x86_64.rpm`
`174`		`-openssl-devel-3.3.3-3.azl3.x86_64.rpm`
`175`		`-openssl-libs-3.3.3-3.azl3.x86_64.rpm`
`176`		`-openssl-perl-3.3.3-3.azl3.x86_64.rpm`
`177`		`-openssl-static-3.3.3-3.azl3.x86_64.rpm`
	`173`	`+openssl-3.3.5-1.azl3.x86_64.rpm`
	`174`	`+openssl-devel-3.3.5-1.azl3.x86_64.rpm`
	`175`	`+openssl-libs-3.3.5-1.azl3.x86_64.rpm`
	`176`	`+openssl-perl-3.3.5-1.azl3.x86_64.rpm`
	`177`	`+openssl-static-3.3.5-1.azl3.x86_64.rpm`
`178`	`178`	`libcap-2.69-8.azl3.x86_64.rpm`
`179`	`179`	`libcap-devel-2.69-8.azl3.x86_64.rpm`
`180`	`180`	`debugedit-5.0-2.azl3.x86_64.rpm`

`‎toolkit/resources/manifests/package/toolchain_aarch64.txt‎`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -287,12 +287,12 @@ npth-debuginfo-1.6-4.azl3.aarch64.rpm`
`287`	`287`	`npth-devel-1.6-4.azl3.aarch64.rpm`
`288`	`288`	`ntsysv-1.25-1.azl3.aarch64.rpm`
`289`	`289`	`ocaml-srpm-macros-9-4.azl3.noarch.rpm`
`290`		`-openssl-3.3.3-3.azl3.aarch64.rpm`
`291`		`-openssl-debuginfo-3.3.3-3.azl3.aarch64.rpm`
`292`		`-openssl-devel-3.3.3-3.azl3.aarch64.rpm`
`293`		`-openssl-libs-3.3.3-3.azl3.aarch64.rpm`
`294`		`-openssl-perl-3.3.3-3.azl3.aarch64.rpm`
`295`		`-openssl-static-3.3.3-3.azl3.aarch64.rpm`
	`290`	`+openssl-3.3.5-1.azl3.aarch64.rpm`
	`291`	`+openssl-debuginfo-3.3.5-1.azl3.aarch64.rpm`
	`292`	`+openssl-devel-3.3.5-1.azl3.aarch64.rpm`
	`293`	`+openssl-libs-3.3.5-1.azl3.aarch64.rpm`
	`294`	`+openssl-perl-3.3.5-1.azl3.aarch64.rpm`
	`295`	`+openssl-static-3.3.5-1.azl3.aarch64.rpm`
`296`	`296`	`p11-kit-0.25.0-1.azl3.aarch64.rpm`
`297`	`297`	`p11-kit-debuginfo-0.25.0-1.azl3.aarch64.rpm`
`298`	`298`	`p11-kit-devel-0.25.0-1.azl3.aarch64.rpm`

`‎toolkit/resources/manifests/package/toolchain_x86_64.txt‎`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -295,12 +295,12 @@ npth-debuginfo-1.6-4.azl3.x86_64.rpm`
`295`	`295`	`npth-devel-1.6-4.azl3.x86_64.rpm`
`296`	`296`	`ntsysv-1.25-1.azl3.x86_64.rpm`
`297`	`297`	`ocaml-srpm-macros-9-4.azl3.noarch.rpm`
`298`		`-openssl-3.3.3-3.azl3.x86_64.rpm`
`299`		`-openssl-debuginfo-3.3.3-3.azl3.x86_64.rpm`
`300`		`-openssl-devel-3.3.3-3.azl3.x86_64.rpm`
`301`		`-openssl-libs-3.3.3-3.azl3.x86_64.rpm`
`302`		`-openssl-perl-3.3.3-3.azl3.x86_64.rpm`
`303`		`-openssl-static-3.3.3-3.azl3.x86_64.rpm`
	`298`	`+openssl-3.3.5-1.azl3.x86_64.rpm`
	`299`	`+openssl-debuginfo-3.3.5-1.azl3.x86_64.rpm`
	`300`	`+openssl-devel-3.3.5-1.azl3.x86_64.rpm`
	`301`	`+openssl-libs-3.3.5-1.azl3.x86_64.rpm`
	`302`	`+openssl-perl-3.3.5-1.azl3.x86_64.rpm`
	`303`	`+openssl-static-3.3.5-1.azl3.x86_64.rpm`
`304`	`304`	`p11-kit-0.25.0-1.azl3.x86_64.rpm`
`305`	`305`	`p11-kit-debuginfo-0.25.0-1.azl3.x86_64.rpm`
`306`	`306`	`p11-kit-devel-0.25.0-1.azl3.x86_64.rpm`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitaa96992

File tree

9 files changed

9 files changed

`‎SPECS/openssl/0008-Add-FIPS_mode-compatibility-macro.patch‎`

`‎SPECS/openssl/Keep-the-provided-peer-EVP_PKEY-in-the-EVP_PKEY_CTX-too.patch‎`

`‎SPECS/openssl/openssl.signatures.json‎`

`‎SPECS/openssl/openssl.spec‎`

`‎cgmanifest.json‎`

`‎toolkit/resources/manifests/package/pkggen_core_aarch64.txt‎`

`‎toolkit/resources/manifests/package/pkggen_core_x86_64.txt‎`

`‎toolkit/resources/manifests/package/toolchain_aarch64.txt‎`

`‎toolkit/resources/manifests/package/toolchain_x86_64.txt‎`

0 commit comments