diff --git a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json new file mode 100644 index 00000000000..3ef6f5a9c26 --- /dev/null +++ b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "KeysInUse-OpenSSL-0.3.1.tar.gz": "aff345b0d3b699fd4d0e8eeda67bdf4bdec04d1f2d409bf1bf6098a263ecab64" + } +} \ No newline at end of file diff --git a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec new file mode 100644 index 00000000000..cb4c7b24ec5 --- /dev/null +++ b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec @@ -0,0 +1,83 @@ +Summary: The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL +Name: KeysInUse-OpenSSL +Version: 0.3.1 +Release: 1%{?dist} +License: MIT +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System/Libraries +URL: https://github.com/microsoft/KeysInUse-OpenSSL +#Source0: https://github.com/microsoft/KeysInUse-OpenSSL/archive/v%{version}.tar.gz +Source0: %{name}-%{version}.tar.gz +BuildRequires: cmake +BuildRequires: gcc +BuildRequires: golang >= 1.16.6 +BuildRequires: make +BuildRequires: openssl-devel +Requires: openssl < 1.1.2 +Requires: openssl >= 1.1.1 + +%description + The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL + +%prep +%setup -q + +%build +export GO111MODULE=off + +cmake -DCMAKE_TOOLCHAIN_FILE=./cmake-toolchains/linux-amd64-glibc.cmake -H./ -B./build +cmake --build ./build --target keysinuse + +cd ./packaging/util +make $(realpath ../../bin/keysinuseutil) + +%define keysinuse_dir %{buildroot}/%{_libdir}/keysinuse/ + +%install +mkdir -p %{keysinuse_dir} +mkdir -p %{buildroot}%{_bindir}/ + +install -m 0644 ./bin/keysinuse.so %{keysinuse_dir} +install -m 0744 ./bin/keysinuseutil %{buildroot}%{_bindir}/ + +%files +%license LICENSE +%{_libdir}/keysinuse/keysinuse.so +%{_bindir}/keysinuseutil + +%pre +if [ -x %{_bindir}/keysinuseutil ]; then + echo "Disabling version $2 of keysinuse engine for OpenSSL" + %{_bindir}/keysinuseutil uninstall || echo "Failed to deconfigure old version" +fi + +%post +if [ ! -e %{_var}/log/keysinuse ]; then + mkdir %{_var}/log/keysinuse +fi +chown root:root %{_var}/log/keysinuse +chmod 1733 %{_var}/log/keysinuse + +ln -s %{_lib}/keysinuse/keysinuse.so $(%{_bindir}/openssl version -e | awk '{gsub(/"/, "", $2); print $2}')/keysinuse.so + +if [ -x %{_bindir}/keysinuseutil ]; then + echo "Enabling keysinuse engine for OpenSSL" + %{_bindir}/keysinuseutil install || echo "Configuring engine failed" +fi + +%preun +if [ -x %{_bindir}/keysinuseutil ]; then + echo "Disabling keysinuse engine for OpenSSL" + %{_bindir}/keysinuseutil uninstall || echo "Deconfiguring keysinuse engine failed" +fi +with +engine_link=$(%{_bindir}/openssl version -e | awk '{gsub(/"/, "", $2); print $2}')/keysinuse.so +if [ -e $engine_link ]; then + rm $engine_link +fi + +%changelog +* Fri Jun 17 2022 Maxwell Moyer-McKee - 0.3.1-1 +- Original version for CBL-Mariner +- Verified license \ No newline at end of file diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index 29227dd696b..ccf9d43781a 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -8,7 +8,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec
abseil-cpp
accountsservice
acpica-tools
acpid
adobe-mappings-cmap
adobe-mappings-pdf
adwaita-icon-theme
afflib
aide
amtk
amtterm
annobin
ansible-freeipa
archivemount
argparse-manpage
arptables
arpwatch
asio
aspell
aspell-en
at
at-spi2-atk
at-spi2-core
atf
atk
atop
attr
audiofile
augeas
authd
authselect
autoconf213
avahi
babeltrace
babeltrace2
babl
baekmuk-ttf-fonts
bats
bcache-tools
biosdevname
bluez
bmake
bogofilter
boom-boot
botan2
breezy
brotli
buildah
busybox
bwidget
byacc
ca-certificates
cachefilesd
calamares
capstone
catatonit
catch
catch1
celt051
certmonger
cgdcbxd
chan
checkpolicy
checksec
chrony
cim-schema
cjkuni-uming-fonts
cjose
cldr-emoji-annotation
clucene
cmocka
collectd
colm
color-filesystem
colord
colorize
compat-lua
conda
conmon
conntrack-tools
console-setup
container-exception-logger
containernetworking-plugins
convmv
copy-jdk-configs
corosync
corosync-qdevice
cpp-hocon
cppcheck
cpprest
cpuid
criu
crontabs
cryptsetup
cscope
ctags
CUnit
cups
custodia
Cython
dbus-c++
dbus-python
dbxtool
dconf
dcraw
debootstrap
deltarpm
desktop-file-utils
device-mapper-persistent-data
dietlibc
diffstat
ding-libs
discount
distribution-gpg-keys
dmraid
dnf
dnf-plugins-core
docbook-dtds
docbook-simple
docbook-slides
docbook-style-dsssl
docbook-utils
docbook2X
docbook5-schemas
docbook5-style-xsl
dogtail
dos2unix
dotconf
dovecot
dpdk
dpkg
driverctl
dropwatch
drpm
dump
dumpet
dvd+rw-tools
dwarves
dwz
dyninst
ebtables
edac-utils
edk2
efax
efi-rpm-macros
egl-wayland
eglexternalplatform
enca
enchant
enchant2
enscript
environment-modules
evemu
execstack
exempi
exiv2
extra-cmake-modules
fabtests
facter
fakechroot
fakeroot
fapolicyd
fdk-aac-free
fdupes
fence-virt
fetchmail
filebench
fio
fipscheck
firewalld
fish
flac
flite
fltk
fmt
fontawesome-fonts
fontpackages
freeglut
freeipmi
freeradius
freetds
fribidi
fros
fuse-overlayfs
fuse-sshfs
fuse-zip
fuse3
future
fxload
gconf-editor
GConf2
gcovr
gcr
gdk-pixbuf2
generic-logos
genwqe-tools
GeoIP
geolite2
gfs2-utils
ghc-srpm-macros
giflib
gl-manpages
glew
glm
glusterfs
gnome-desktop-testing
gnome-doc-utils
gnome-icon-theme
gnome-keyring
gnome-menus
gnu-efi
go-rpm-macros
gom
google-crosextra-caladea-fonts
google-crosextra-carlito-fonts
google-noto-cjk-fonts
google-noto-emoji-fonts
google-roboto-slab-fonts
gphoto2
gpm
graphene
graphite2
graphviz
grubby
gsettings-desktop-schemas
gsl
gsm
gspell
gssntlmssp
gstreamer1
gtk2
gtk3
gtkspell
gupnp-av
hardening-check
heimdal
help2man
hexedit
hicolor-icon-theme
hiera
highlight
hivex
hsakmt
htop
hunspell
hunspell-af
hunspell-ar
hunspell-as
hunspell-ast
hunspell-az
hunspell-be
hunspell-bg
hunspell-bn
hunspell-br
hunspell-ca
hunspell-cop
hunspell-csb
hunspell-cv
hunspell-cy
hunspell-da
hunspell-de
hunspell-dsb
hunspell-el
hunspell-en
hunspell-eo
hunspell-es
hunspell-et
hunspell-eu
hunspell-fa
hunspell-fj
hunspell-fo
hunspell-fr
hunspell-fur
hunspell-fy
hunspell-ga
hunspell-gd
hunspell-gl
hunspell-grc
hunspell-gu
hunspell-gv
hunspell-haw
hunspell-hi
hunspell-hil
hunspell-hr
hunspell-hsb
hunspell-ht
hunspell-hu
hunspell-hy
hunspell-ia
hunspell-id
hunspell-is
hunspell-it
hunspell-kk
hunspell-km
hunspell-kn
hunspell-ko
hunspell-ku
hunspell-ky
hunspell-la
hunspell-lb
hunspell-ln
hunspell-mai
hunspell-mg
hunspell-mi
hunspell-mk
hunspell-ml
hunspell-mn
hunspell-mos
hunspell-mr
hunspell-ms
hunspell-mt
hunspell-nds
hunspell-ne
hunspell-nl
hunspell-no
hunspell-nr
hunspell-nso
hunspell-ny
hunspell-om
hunspell-or
hunspell-pa
hunspell-pl
hunspell-pt
hunspell-quh
hunspell-ro
hunspell-ru
hunspell-rw
hunspell-se
hunspell-shs
hunspell-si
hunspell-sk
hunspell-sl
hunspell-smj
hunspell-so
hunspell-sq
hunspell-sr
hunspell-sv
hunspell-sw
hunspell-ta
hunspell-te
hunspell-tet
hunspell-th
hunspell-tk
hunspell-tl
hunspell-tn
hunspell-tpi
hunspell-ts
hunspell-uk
hunspell-uz
hunspell-ve
hunspell-vi
hunspell-wa
hunspell-xh
hunspell-yi
hwdata
hwloc
hyperscan
hyperv-daemons
hyphen
hyphen-as
hyphen-bg
hyphen-bn
hyphen-ca
hyphen-da
hyphen-de
hyphen-el
hyphen-es
hyphen-fa
hyphen-fo
hyphen-fr
hyphen-ga
hyphen-gl
hyphen-grc
hyphen-gu
hyphen-hi
hyphen-hsb
hyphen-hu
hyphen-ia
hyphen-id
hyphen-is
hyphen-it
hyphen-kn
hyphen-ku
hyphen-lt
hyphen-mi
hyphen-ml
hyphen-mn
hyphen-mr
hyphen-nl
hyphen-or
hyphen-pa
hyphen-pl
hyphen-pt
hyphen-ro
hyphen-ru
hyphen-sa
hyphen-sk
hyphen-sl
hyphen-sv
hyphen-ta
hyphen-te
hyphen-tk
hyphen-uk
ibus
ibus-chewing
ibus-hangul
ibus-kkc
ibus-libzhuyin
ibus-rawcode
ibus-sayura
ibus-table
ibus-table-chinese
icc-profiles-openicc
icon-naming-utils
icoutils
iftop
iio-sensor-proxy
ilmbase
im-chooser
imaptest
imsettings
indent
infinipath-psm
iniparser
intel-cmt-cat
intel-ipsec-mb
ioping
IP2Location
ipa-pgothic-fonts
ipcalc
ipmitool
iprutils
iptraf-ng
iptstate
irssi
iscsi-initiator-utils
isns-utils
iso-codes
isomd5sum
iw
jabberpy
jasper
javapackages-tools
javapackages-tools-meta
jbigkit
jdom2
jemalloc
jfsutils
jimtcl
jose
js-jquery
jsoncpp
Judy
kde-filesystem
kde-settings
kdump-anaconda-addon
kexec-tools
keybinder3
keycloak-httpd-client-install
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
koan
kpmcore
kronosnet
ksh
kyotocabinet
kyua
ladspa
lame
langtable
lapack
lasso
latencytop
lato-fonts
lcms2
lcov
ldns
leatherman
ledmon
leveldb
lftp
libabw
libaec
libart_lgpl
libasyncns
libatasmart
libavc1394
libbpf
libbsd
libburn
libbytesize
libcacard
libcdio
libcdio-paranoia
libcdr
libcgroup
libchewing
libcli
libcmis
libcomps
libdaemon
libdap
libdatrie
libdazzle
libdbi
libdbi-drivers
libdbusmenu
libdc1394
libdmx
libdnf
libdrm
libdvdnav
libdvdread
libdwarf
libeasyfc
libecap
libecb
libell
libEMF
libeot
libepoxy
libepubgen
libesmtp
libetonyek
libev
libevdev
libewf
libexif
libexttextcat
libfabric
libfontenc
libfreehand
libftdi
libgadu
libgee
libgee06
libgexiv2
libgit2
libgit2-glib
libglade2
libglvnd
libgphoto2
libgsf
libguestfs
libgusb
libgxim
libgxps
libhangul
libhugetlbfs
libibcommon
libical
libICE
libicns
libid3tag
libIDL
libidn2
libiec61883
libieee1284
libimobiledevice
libinput
libiodbc
libipt
libiptcdata
libiscsi
libisoburn
libisofs
libjcat
libkcapi
libkeepalive
libkkc
libkkc-data
liblangtag
libldb
libldm
liblockfile
liblognorm
liblqr-1
liblzf
libmad
libmediaart
libmicrohttpd
libmodman
libmodplug
libmodulemd1
libmpcdec
libmspub
libmtp
libmusicbrainz5
libmwaw
libnbd
libnet
libnfs
libnotify
libntlm
libnumbertext
liboauth
libodfgen
libogg
liboil
libomp
libopenraw
liboping
libotf
libotr
libpagemaker
libpaper
libpciaccess
libpeas
libpfm
libpinyin
libplist
libpmemobj-cpp
libproxy
libpsm2
libpwquality
libqb
libqxp
libraqm
LibRaw
libraw1394
libreswan
librevenge
librsvg2
librx
libsass
libsecret
libsemanage
libsigc++20
libsigsegv
libslirp
libSM
libsmbios
libsmi
libsndfile
libsodium
libspiro
libsrtp
libssh
libstaroffice
libstemmer
libstoragemgmt
libtdb
libteam
libtevent
libthai
libtnc
libtomcrypt
libtommath
libtranslit
libuninameslist
liburing
libusbmuxd
libuser
libutempter
libvarlink
libverto
libvirt-dbus
libvirt-glib
libvirt-java
libvirt-python
libvisio
libvisual
libvoikko
libvorbis
libvpx
libwacom
libwmf
libwnck3
libwpe
libwps
libwvstreams
libX11
libXau
libXaw
libxcb
libXcomposite
libxcrypt
libXcursor
libXdamage
libXdmcp
libXext
libxfce4util
libXfixes
libXfont2
libXft
libXi
libXinerama
libxkbcommon
libxkbfile
libxklavier
libXmu
libXpm
libXrandr
libXrender
libXres
libXScrnSaver
libxshmfence
libXt
libXtst
libXv
libXxf86vm
libyami
libyubikey
libzip
libzmf
linuxptp
lksctp-tools
lldpd
lockdev
logwatch
lpsolve
lrzsz
lua
lua-expat
lua-filesystem
lua-json
lua-lpeg
lua-lunit
lua-rpm-macros
lua-term
luksmeta
lutok
lzip
lzop
m17n-db
m17n-lib
mac-robber
mailcap
mailx
malaga
malaga-suomi-voikko
mallard-rng
man-pages-cs
man-pages-es
man-pages-it
man-pages-ja
man-pages-ko
man-pages-pl
man-pages-ru
man-pages-zh-CN
mariadb-connector-c
mariadb-connector-odbc
marisa
mcelog
mcpp
mcstrans
mdadm
mdds
meanwhile
mecab
mecab-ipadic
media-player-info
memcached
memkind
mesa
mesa-libGLU
metis
microcode_ctl
microdnf
migrationtools
ming
minicom
minizip
mobile-broadband-provider-info
mock
mock-core-configs
mod_auth_gssapi
mod_auth_mellon
mod_auth_openidc
mod_authnz_pam
mod_fcgid
mod_http2
mod_intercept_form_submit
mod_lookup_identity
mod_md
mod_security
mod_security_crs
mod_wsgi
mokutil
mpage
mrtg
mt-st
mtdev
mtools
mtr
mtx
multilib-rpm-config
munge
mutt
mythes
mythes-bg
mythes-ca
mythes-cs
mythes-da
mythes-de
mythes-el
mythes-eo
mythes-es
mythes-fr
mythes-ga
mythes-hu
mythes-mi
mythes-ne
mythes-nl
mythes-pl
mythes-pt
mythes-ro
mythes-ru
mythes-sk
mythes-sl
mythes-sv
mythes-uk
nbd
nbdkit
neon
netavark
netcf
netlabel_tools
netpbm
nfs4-acl-tools
nftables
nilfs-utils
nkf
nload
nodejs-packaging
nss-pam-ldapd
nss_nis
nss_wrapper
ntfs-3g
ntfs-3g-system-compression
numad
numatop
nvmetcli
nvml
oath-toolkit
ocaml
ocaml-alcotest
ocaml-astring
ocaml-base
ocaml-bigarray-compat
ocaml-bisect-ppx
ocaml-calendar
ocaml-camlp5
ocaml-camomile
ocaml-cinaps
ocaml-cmdliner
ocaml-compiler-libs-janestreet
ocaml-cppo
ocaml-csexp
ocaml-csv
ocaml-ctypes
ocaml-curses
ocaml-dune
ocaml-extlib
ocaml-fileutils
ocaml-findlib
ocaml-fmt
ocaml-fpath
ocaml-gettext
ocaml-integers
ocaml-libvirt
ocaml-luv
ocaml-lwt
ocaml-markup
ocaml-migrate-parsetree
ocaml-mmap
ocaml-num
ocaml-ocamlbuild
ocaml-ocplib-endian
ocaml-ounit
ocaml-parsexp
ocaml-ppx-derivers
ocaml-ppxlib
ocaml-re
ocaml-react
ocaml-result
ocaml-seq
ocaml-sexplib
ocaml-sexplib0
ocaml-stdio
ocaml-topkg
ocaml-tyxml
ocaml-uuidm
ocaml-uutf
ocaml-xml-light
ocaml-zarith
ocl-icd
oddjob
omping
opa
open-vm-tools
openblas
opencc
opencl-filesystem
opencl-headers
opencryptoki
opendnssec
OpenEXR
openjade
openjpeg2
openobex
openoffice-lv
opensc
openslp
opensm
opensp
openssl
openssl-ibmpkcs11
openssl-pkcs11
openwsman
optipng
opus
opusfile
orangefs
orc
ortp
os-prober
overpass-fonts
p11-kit
p7zip
pacrunner
pakchois
pam_krb5
pam_wrapper
papi
paps
parallel
patchelf
patchutils
pbzip2
pcp
pcsc-lite
pcsc-lite-ccid
PEGTL
perl
perl-Algorithm-C3
perl-Algorithm-Diff
perl-Alien-Build
perl-Alien-pkgconf
perl-AnyEvent
perl-AnyEvent-AIO
perl-AnyEvent-BDB
perl-App-cpanminus
perl-App-FatPacker
perl-AppConfig
perl-Archive-Extract
perl-Archive-Zip
perl-Authen-SASL
perl-B-Debug
perl-B-Hooks-EndOfScope
perl-B-Hooks-OP-Check
perl-B-Keywords
perl-B-Lint
perl-bareword-filehandles
perl-BDB
perl-Bit-Vector
perl-boolean
perl-Browser-Open
perl-BSD-Resource
perl-Business-ISBN
perl-Business-ISBN-Data
perl-Bytes-Random-Secure
perl-Capture-Tiny
perl-Carp-Clan
perl-CBOR-XS
perl-Class-Accessor
perl-Class-C3
perl-Class-C3-XS
perl-Class-Data-Inheritable
perl-Class-Factory-Util
perl-Class-Inspector
perl-Class-ISA
perl-Class-Load
perl-Class-Load-XS
perl-Class-Method-Modifiers
perl-Class-Singleton
perl-Class-Tiny
perl-Class-XSAccessor
perl-Clone
perl-Color-ANSI-Util
perl-Color-RGB-Util
perl-ColorThemeBase-Static
perl-ColorThemeRole-ANSI
perl-ColorThemes-Standard
perl-ColorThemeUtil-ANSI
perl-Compress-Bzip2
perl-Compress-LZF
perl-Compress-Raw-Lzma
perl-Config-AutoConf
perl-Config-INI
perl-Config-INI-Reader-Multiline
perl-Config-IniFiles
perl-Config-Simple
perl-Config-Tiny
perl-Const-Fast
perl-Convert-ASN1
perl-Convert-Bencode
perl-Coro
perl-Coro-Multicore
perl-CPAN-Changes
perl-CPAN-DistnameInfo
perl-CPAN-Meta-Check
perl-Cpanel-JSON-XS
perl-Crypt-CBC
perl-Crypt-DES
perl-Crypt-IDEA
perl-Crypt-OpenSSL-Bignum
perl-Crypt-OpenSSL-Guess
perl-Crypt-OpenSSL-Random
perl-Crypt-OpenSSL-RSA
perl-Crypt-PasswdMD5
perl-Crypt-Random-Seed
perl-CSS-Tiny
perl-Data-Dump
perl-Data-Munge
perl-Data-OptList
perl-Data-Peek
perl-Data-Section
perl-Data-UUID
perl-Date-Calc
perl-Date-ISO8601
perl-Date-Manip
perl-DateTime
perl-DateTime-Format-Builder
perl-DateTime-Format-DateParse
perl-DateTime-Format-HTTP
perl-DateTime-Format-IBeat
perl-DateTime-Format-ISO8601
perl-DateTime-Format-Mail
perl-DateTime-Format-Strptime
perl-DateTime-Locale
perl-DateTime-TimeZone
perl-DateTime-TimeZone-SystemV
perl-DateTime-TimeZone-Tzfile
perl-DBD-MySQL
perl-Devel-CallChecker
perl-Devel-Caller
perl-Devel-CheckBin
perl-Devel-CheckLib
perl-Devel-Cycle
perl-Devel-EnforceEncapsulation
perl-Devel-GlobalDestruction
perl-Devel-GlobalDestruction-XS
perl-Devel-Hide
perl-Devel-Leak
perl-Devel-LexAlias
perl-Devel-Size
perl-Devel-StackTrace
perl-Devel-Symdump
perl-Digest-CRC
perl-Digest-HMAC
perl-Digest-SHA1
perl-Dist-CheckConflicts
perl-DynaLoader-Functions
perl-Email-Address
perl-Email-Date-Format
perl-Encode-Detect
perl-Encode-EUCJPASCII
perl-Encode-IMAPUTF7
perl-Encode-Locale
perl-Env-ShellWords
perl-Error
perl-EV
perl-Eval-Closure
perl-Event
perl-Exception-Class
perl-Expect
perl-ExtUtils-Config
perl-ExtUtils-Depends
perl-ExtUtils-Helpers
perl-ExtUtils-InstallPaths
perl-ExtUtils-PkgConfig
perl-FCGI
perl-Fedora-VSP
perl-FFI-CheckLib
perl-File-BaseDir
perl-File-BOM
perl-File-chdir
perl-File-CheckTree
perl-File-Copy-Recursive
perl-File-DesktopEntry
perl-File-Find-Object
perl-File-Find-Object-Rule
perl-File-Find-Rule
perl-File-Find-Rule-Perl
perl-File-Inplace
perl-File-Listing
perl-File-MimeInfo
perl-File-pushd
perl-File-ReadBackwards
perl-File-Remove
perl-File-ShareDir
perl-File-ShareDir-Install
perl-File-Slurp
perl-File-Slurp-Tiny
perl-File-Slurper
perl-File-Type
perl-Font-TTF
perl-FreezeThaw
perl-GD
perl-GD-Barcode
perl-generators
perl-Getopt-ArgvFile
perl-gettext
perl-Graphics-ColorNamesLite-WWW
perl-GSSAPI
perl-Guard
perl-Hook-LexWrap
perl-HTML-Parser
perl-HTML-Tagset
perl-HTML-Tree
perl-HTTP-Cookies
perl-HTTP-Daemon
perl-HTTP-Date
perl-HTTP-Message
perl-HTTP-Negotiate
perl-Image-Base
perl-Image-Xbm
perl-Image-Xpm
perl-Import-Into
perl-Importer
perl-inc-latest
perl-indirect
perl-Inline-Files
perl-IO-AIO
perl-IO-All
perl-IO-CaptureOutput
perl-IO-Compress-Lzma
perl-IO-HTML
perl-IO-Multiplex
perl-IO-SessionData
perl-IO-Socket-INET6
perl-IO-String
perl-IO-stringy
perl-IO-Tty
perl-IPC-Run
perl-IPC-Run3
perl-IPC-System-Simple
perl-JSON
perl-JSON-Color
perl-JSON-MaybeXS
perl-LDAP
perl-libwww-perl
perl-libxml-perl
perl-Lingua-EN-Inflect
perl-List-MoreUtils-XS
perl-local-lib
perl-Locale-Codes
perl-Locale-Maketext-Gettext
perl-Locale-Msgfmt
perl-Locale-PO
perl-Log-Message
perl-Log-Message-Simple
perl-LWP-MediaTypes
perl-LWP-Protocol-https
perl-Mail-AuthenticationResults
perl-Mail-IMAPTalk
perl-MailTools
perl-Math-Int64
perl-Math-Random-ISAAC
perl-MIME-Charset
perl-MIME-Lite
perl-MIME-Types
perl-Mixin-Linewise
perl-MLDBM
perl-Mock-Config
perl-Module-Build-Tiny
perl-Module-CPANfile
perl-Module-Implementation
perl-Module-Install-AuthorRequires
perl-Module-Install-AuthorTests
perl-Module-Install-GithubMeta
perl-Module-Install-ManifestSkip
perl-Module-Install-ReadmeMarkdownFromPod
perl-Module-Install-Repository
perl-Module-Install-TestBase
perl-Module-Load-Util
perl-Module-Manifest
perl-Module-Manifest-Skip
perl-Module-Package
perl-Module-Pluggable
perl-Module-Runtime
perl-Module-Signature
perl-Mojolicious
perl-Moo
perl-Mozilla-CA
perl-Mozilla-LDAP
perl-MRO-Compat
perl-multidimensional
perl-namespace-autoclean
perl-namespace-clean
perl-Net-CIDR-Lite
perl-Net-Daemon
perl-Net-HTTP
perl-Net-IMAP-Simple
perl-Net-IMAP-Simple-SSL
perl-Net-LibIDN2
perl-Net-Patricia
perl-Net-SMTP-SSL
perl-Net-SNMP
perl-Net-Telnet
perl-Newt
perl-NNTPClient
perl-NTLM
perl-Number-Compare
perl-Object-Deadly
perl-Object-HashBase
perl-Package-Anon
perl-Package-Constants
perl-Package-DeprecationManager
perl-Package-Generator
perl-Package-Stash
perl-Package-Stash-XS
perl-PadWalker
perl-Paper-Specs
perl-PAR-Dist
perl-Parallel-Iterator
perl-Params-Classify
perl-Params-Util
perl-Params-Validate
perl-Params-ValidationCompiler
perl-Parse-PMFile
perl-Parse-RecDescent
perl-Parse-Yapp
perl-Path-Tiny
perl-Perl-Critic
perl-Perl-Critic-More
perl-Perl-Destruct-Level
perl-Perl-MinimumVersion
perl-Perl4-CoreLibs
perl-PerlIO-gzip
perl-PerlIO-utf8_strict
perl-PkgConfig-LibPkgConf
perl-Pod-Coverage
perl-Pod-Coverage-TrustPod
perl-Pod-Eventual
perl-Pod-LaTeX
perl-Pod-Markdown
perl-Pod-Parser
perl-Pod-Plainer
perl-Pod-POM
perl-Pod-Spell
perl-PPI
perl-PPI-HTML
perl-PPIx-QuoteLike
perl-PPIx-Regexp
perl-PPIx-Utilities
perl-prefork
perl-Probe-Perl
perl-Readonly
perl-Readonly-XS
perl-Ref-Util
perl-Ref-Util-XS
perl-Regexp-Pattern-Perl
perl-Return-MultiLevel
perl-Role-Tiny
perl-Scope-Guard
perl-Scope-Upper
perl-SGMLSpm
perl-SNMP_Session
perl-Socket6
perl-Software-License
perl-Sort-Versions
perl-Specio
perl-Spiffy
perl-strictures
perl-String-CRC32
perl-String-Format
perl-String-ShellQuote
perl-String-Similarity
perl-Sub-Exporter
perl-Sub-Exporter-Progressive
perl-Sub-Identify
perl-Sub-Info
perl-Sub-Install
perl-Sub-Name
perl-Sub-Quote
perl-Sub-Uplevel
perl-SUPER
perl-Switch
perl-Syntax-Highlight-Engine-Kate
perl-Sys-CPU
perl-Sys-MemInfo
perl-Sys-Virt
perl-Taint-Runtime
perl-Task-Weaken
perl-Term-Size-Any
perl-Term-Size-Perl
perl-Term-Table
perl-Term-UI
perl-TermReadKey
perl-Test-Base
perl-Test-ClassAPI
perl-Test-CPAN-Meta
perl-Test-CPAN-Meta-JSON
perl-Test-Deep
perl-Test-Differences
perl-Test-DistManifest
perl-Test-Distribution
perl-Test-EOL
perl-Test-Exception
perl-Test-Exit
perl-Test-FailWarnings
perl-Test-Fatal
perl-Test-File
perl-Test-File-ShareDir
perl-Test-HasVersion
perl-Test-InDistDir
perl-Test-Inter
perl-Test-LeakTrace
perl-Test-LongString
perl-Test-Manifest
perl-Test-Memory-Cycle
perl-Test-MinimumVersion
perl-Test-MockObject
perl-Test-MockRandom
perl-Test-Needs
perl-Test-NoTabs
perl-Test-NoWarnings
perl-Test-Object
perl-Test-Output
perl-Test-Pod
perl-Test-Pod-Coverage
perl-Test-Portability-Files
perl-Test-Requires
perl-Test-RequiresInternet
perl-Test-Script
perl-Test-SubCalls
perl-Test-Synopsis
perl-Test-Taint
perl-Test-TrailingSpace
perl-Test-utf8
perl-Test-Vars
perl-Test-Warn
perl-Test-Without-Module
perl-Test2-Plugin-NoWarnings
perl-Test2-Suite
perl-Test2-Tools-Explain
perl-TestML
perl-Text-CharWidth
perl-Text-CSV_XS
perl-Text-Diff
perl-Text-Glob
perl-Text-Iconv
perl-Text-Soundex
perl-Text-Unidecode
perl-Text-WrapI18N
perl-Tie-IxHash
perl-TimeDate
perl-Tree-DAG_Node
perl-Unicode-LineBreak
perl-Unicode-Map8
perl-Unicode-String
perl-Unicode-UTF8
perl-UNIVERSAL-can
perl-UNIVERSAL-isa
perl-Unix-Syslog
perl-URI
perl-Variable-Magic
perl-Version-Requirements
perl-WWW-RobotRules
perl-XML-Catalog
perl-XML-DOM
perl-XML-Dumper
perl-XML-Filter-BufferText
perl-XML-Generator
perl-XML-Grove
perl-XML-Handler-YAWriter
perl-XML-NamespaceSupport
perl-XML-Parser-Lite
perl-XML-RegExp
perl-XML-SAX
perl-XML-SAX-Base
perl-XML-SAX-Writer
perl-XML-Simple
perl-XML-TokeParser
perl-XML-TreeBuilder
perl-XML-Twig
perl-XML-Writer
perl-XML-XPath
perl-XML-XPathEngine
perl-XString
perl-YAML-LibYAML
perl-YAML-PP
perl-YAML-Syck
perltidy
pesign
php
php-pear
physfs
picosat
pinfo
pixman
pkcs11-helper
pkgconf
plotutils
plymouth
pmdk-convert
pmix
pngnq
po4a
podman
poetry
policycoreutils
polkit-pkla-compat
portreserve
postfix
potrace
powertop
ppp
pps-tools
pptp
procmail
prometheus
prometheus-node-exporter
ps_mem
psacct
psutils
publicsuffix-list
pugixml
puppet
pwgen
pyatspi
pybind11
pycairo
pyelftools
pyflakes
pygobject3
PyGreSQL
pylint
pyparted
pyproject-rpm-macros
pyserial
python-aiodns
python-aiohttp
python-alsa
python-argcomplete
python-astroid
python-async-generator
python-augeas
python-azure-sdk
python-betamax
python-blinker
python-blivet
python-charset-normalizer
python-cheetah
python-click
python-cliff
python-cmd2
python-colorama
python-CommonMark
python-conda-package-handling
python-configshell
python-cpuinfo
python-cups
python-curio
python-cytoolz
python-d2to1
python-dbus-client-gen
python-dbus-python-client-gen
python-dbus-signature-pyparsing
python-debtcollector
python-decorator
python-dmidecode
python-dns
python-dtopt
python-dulwich
python-entrypoints
python-ethtool
python-evdev
python-extras
python-faker
python-fields
python-filelock
python-fixtures
python-flake8
python-flask
python-flit
python-flit-core
python-fluidity-sm
python-frozendict
python-funcsigs
python-genshi
python-google-auth
python-greenlet
python-gssapi
python-hacking
python-hs-dbus-signature
python-html5lib
python-humanize
python-hwdata
python-importlib-metadata
python-inotify
python-into-dbus-python
python-IPy
python-iso8601
python-isodate
python-isort
python-itsdangerous
python-justbases
python-justbytes
python-jwcrypto
python-jwt
python-kdcproxy
python-kerberos
python-keyring
python-kmod
python-kombu
python-kubernetes
python-lazy-object-proxy
python-ldap
python-linux-procfs
python-lit
python-markdown
python-mccabe
python-mimeparse
python-mock
python-monotonic
python-mutagen
python-nose2
python-ntlm-auth
python-openpyxl
python-openstackdocstheme
python-os-service-types
python-oslo-sphinx
python-pexpect
python-pluggy
python-podman-api
python-process-tests
python-productmd
python-ptyprocess
python-pycares
python-pycdlib
python-pycosat
python-pydbus
python-pymongo
python-PyMySQL
python-pyperclip
python-pyroute2
python-pyrsistent
python-pysocks
python-pytest-benchmark
python-pytest-cov
python-pytest-expect
python-pytest-flake8
python-pytest-forked
python-pytest-mock
python-pytest-runner
python-pytest-subtests
python-pytest-timeout
python-pytest-xdist
python-pytoml
python-pyudev
python-pywbem
python-qrcode
python-recommonmark
python-redis
python-requests-file
python-requests-ftp
python-requests-kerberos
python-requests-mock
python-requests-oauthlib
python-requests-toolbelt
python-requests_ntlm
python-responses
python-retrying
python-rfc3986
python-rpm-generators
python-rpmfluff
python-rtslib
python-ruamel-yaml
python-ruamel-yaml-clib
python-s3transfer
python-schedutils
python-semantic_version
python-should_dsl
python-simpleline
python-slip
python-sniffio
python-soupsieve
python-sphinx
python-sphinx-epytext
python-sphinx-theme-py3doc-enhanced
python-sphinx_rtd_theme
python-sphinxcontrib-apidoc
python-sphinxcontrib-applehelp
python-sphinxcontrib-devhelp
python-sphinxcontrib-htmlhelp
python-sphinxcontrib-httpdomain
python-sphinxcontrib-jsmath
python-sphinxcontrib-qthelp
python-sphinxcontrib-serializinghtml
python-sqlalchemy
python-stevedore
python-suds
python-systemd
python-tempita
python-templated-dictionary
python-testrepository
python-testresources
python-testscenarios
python-testtools
python-tidy
python-toml
python-tomli
python-toolz
python-tornado
python-tox
python-tox-current-env
python-tqdm
python-trio
python-uamqp
python-unittest2
python-uritemplate
python-urwid
python-varlink
python-voluptuous
python-webencodings
python-wheel
python-whoosh
python-winrm
python-wrapt
python-xmltodict
python-zipp
python-zmq
python3-mallard-ducktype
python3-pytest-asyncio
python3-typed_ast
pyusb
pywbem
pyxattr
qemu
qhull
qpdf
qperf
qr-code-generator
qt5-qtbase
qt5-qtconnectivity
qt5-qtdeclarative
qt5-qtsensors
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
quagga
quota
radvd
ragel
raptor2
rarian
rasdaemon
rasqal
rdist
rdma-core
re2
re2c
realmd
rear
recode
redland
resource-agents
rest
rhash
rp-pppoe
rpm-mpi-hooks
rpmdevtools
rpmlint
rtkit
rtl-sdr
ruby-augeas
rubygem-coderay
rubygem-hpricot
rubygem-introspection
rubygem-liquid
rubygem-metaclass
rubygem-mongo
rubygem-mustache
rubygem-pkg-config
rubygem-rake
rubygem-rake-compiler
rubygem-ronn
rubygem-rouge
rubygem-rspec
rusers
rust-packaging
samba
sanlock
sassist
satyr
sbc
sblim-cim-client2
sblim-cmpi-base
sblim-cmpi-devel
sblim-cmpi-fsvol
sblim-cmpi-network
sblim-cmpi-nfsv3
sblim-cmpi-nfsv4
sblim-cmpi-params
sblim-cmpi-sysfs
sblim-cmpi-syslog
sblim-indication_helper
sblim-sfcb
sblim-sfcc
sblim-sfcCommon
sblim-testsuite
sblim-wbemcli
scl-utils
screen
scrub
sdparm
seabios
secilc
selinux-policy
sendmail
serd
setools
setroubleshoot
setroubleshoot-plugins
setserial
setuptool
sgabios
sgml-common
sgpio
shared-mime-info
sharutils
sip
skkdic
sleuthkit
slirp4netns
smartmontools
smc-tools
socket_wrapper
softhsm
sombok
sord
sos
sound-theme-freedesktop
soundtouch
soxr
sparsehash
spausedd
speex
speexdsp
spice-protocol
spice-vdagent
spirv-headers
spirv-tools
splix
squashfs-tools
sscg
star
startup-notification
stratis-cli
stunnel
subunit
SuperLU
supermin
switcheroo-control
symlinks
sysfsutils
systemd-bootchart
t1lib
t1utils
taglib
tang
targetcli
targetd
tbb
tcl-pgtcl
teckit
telnet
tidy
time
tini
tinycdb
tk
tlog
tmpwatch
tn5250
tofrodos
tokyocabinet
toolbox
tpm-quote-tools
tpm-tools
tss2
ttembed
ttmkfdir
tuna
twolame
uclibc-ng
ucpp
ucs-miscfixed-fonts
ucx
udftools
udica
uglify-js
uid_wrapper
unicode-emoji
unicode-ucd
unique3
units
upower
urlview
usb_modeswitch
usb_modeswitch-data
usbguard
usbip
usbmuxd
usbredir
usermode
ustr
uthash
uuid
uw-imap
v4l-utils
varnish
varnish-modules
vhostmd
vino
virglrenderer
virt-p2v
virt-top
virt-what
virt-who
vitess
vmem
volume_key
vte291
vulkan-headers
vulkan-loader
watchdog
wavpack
wayland
wayland-protocols
web-assets
webrtc-audio-processing
websocketpp
whois
wireless-regdb
wireshark
woff2
words
wpebackend-fdo
wsmancli
wvdial
x3270
Xaw3d
xcb-proto
xcb-util
xcb-util-image
xcb-util-keysyms
xcb-util-renderutil
xcb-util-wm
xdelta
xdg-dbus-proxy
xdg-user-dirs
xdg-utils
xfconf
xfsdump
xguest
xhtml1-dtds
xkeyboard-config
xmlstarlet
xmltoman
xorg-x11-apps
xorg-x11-drv-libinput
xorg-x11-font-utils
xorg-x11-fonts
xorg-x11-proto-devel
xorg-x11-server
xorg-x11-server-utils
xorg-x11-util-macros
xorg-x11-utils
xorg-x11-xauth
xorg-x11-xbitmaps
xorg-x11-xinit
xorg-x11-xkb-utils
xorg-x11-xtrans-devel
xrestop
xterm
xxhash
yajl
yaml-cpp
yasm
yelp-tools
yelp-xsl
ykclient
yp-tools
ypbind
ypserv
z3
zenity
zerofree
zfs-fuse
zipper | | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome
librabbitmq | | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka | -| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
azcopy
azure-iot-sdk-c
azure-storage-cpp
bazel
blobfuse
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor
cmake-fedora
coredns-1.8.0
coredns-1.8.4
coredns-1.8.6
dbus-x11
dcos-cli
debugedit
dejavu-fonts
distroless-packages
doxygen
dtc
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
installkernel
intel-pf-bb-config
ivykis
jsonbuilder
jx
keda
kernel-signed
kpatch
kubernetes-1.18.14
kubernetes-1.18.17
kubernetes-1.19.7
kubernetes-1.19.9
kubernetes-1.20.2
kubernetes-1.20.5
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
lld
lsb-release
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
mm-common
moby-buildx
moby-cli
moby-containerd
moby-engine
moby-runc
msgpack
ncompress
nlohmann-json
nmap
nmi
node-problem-detector
ntopng
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
python-cachetools
python-cherrypy
python-execnet
python-logutils
python-nocasedict
python-pecan
python-remoto
python-repoze-lru
python-routes
python-rsa
python-sphinxcontrib-websupport
python-yamlloader
R
rocksdb
rubygem-asciidoctor
rubygem-bigdecimal
rubygem-concurrent-ruby
rubygem-console
rubygem-deep_merge
rubygem-eventmachine
rubygem-fiber-local
rubygem-hocon
rubygem-hoe
rubygem-minitest
rubygem-mocha
rubygem-multi_json
rubygem-power_assert
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-semantic_puppet
rubygem-test-unit
rubygem-thor
sdbus-cpp
shim
shim-unsigned
shim-unsigned-aarch64
shim-unsigned-x64
skopeo
span-lite
swupdate
SymCrypt
SymCrypt-OpenSSL
terraform
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
verity-read-only-root
vnstat
zstd | +| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
azcopy
azure-iot-sdk-c
azure-storage-cpp
bazel
blobfuse
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor
cmake-fedora
coredns-1.8.0
coredns-1.8.4
coredns-1.8.6
dbus-x11
dcos-cli
debugedit
dejavu-fonts
distroless-packages
doxygen
dtc
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
installkernel
intel-pf-bb-config
ivykis
jsonbuilder
jx
keda
kernel-signed
KeysInUse-OpenSSL
kpatch
kubernetes-1.18.14
kubernetes-1.18.17
kubernetes-1.19.7
kubernetes-1.19.9
kubernetes-1.20.2
kubernetes-1.20.5
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
lld
lsb-release
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
mm-common
moby-buildx
moby-cli
moby-containerd
moby-engine
moby-runc
msgpack
ncompress
nlohmann-json
nmap
nmi
node-problem-detector
ntopng
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
python-cachetools
python-cherrypy
python-execnet
python-logutils
python-nocasedict
python-pecan
python-remoto
python-repoze-lru
python-routes
python-rsa
python-sphinxcontrib-websupport
python-yamlloader
R
rocksdb
rubygem-asciidoctor
rubygem-bigdecimal
rubygem-concurrent-ruby
rubygem-console
rubygem-deep_merge
rubygem-eventmachine
rubygem-fiber-local
rubygem-hocon
rubygem-hoe
rubygem-minitest
rubygem-mocha
rubygem-multi_json
rubygem-power_assert
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-semantic_puppet
rubygem-test-unit
rubygem-thor
sdbus-cpp
shim
shim-unsigned
shim-unsigned-aarch64
shim-unsigned-x64
skopeo
span-lite
swupdate
SymCrypt
SymCrypt-OpenSSL
terraform
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
verity-read-only-root
vnstat
zstd | | Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan | | Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad | | NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | knem
libnvidia-container
mlnx-ofa_kernel
mlnx-tools
mlx-bootctl
nvidia-container-runtime
nvidia-container-toolkit
nvidia-docker2
ofed-scripts
perftest | diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json index 29032add7e6..8f22f1495ca 100644 --- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json +++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json @@ -1995,6 +1995,7 @@ "jx", "keda", "kernel-signed", + "KeysInUse-OpenSSL", "kpatch", "kubernetes-1.18.14", "kubernetes-1.18.17", diff --git a/SPECS/openssl/openssl-1.1.1-fips-SymCrypt.patch b/SPECS/openssl/openssl-1.1.1-load-default-engines.patch similarity index 58% rename from SPECS/openssl/openssl-1.1.1-fips-SymCrypt.patch rename to SPECS/openssl/openssl-1.1.1-load-default-engines.patch index af46c5d4c95..fccec5c9f36 100644 --- a/SPECS/openssl/openssl-1.1.1-fips-SymCrypt.patch +++ b/SPECS/openssl/openssl-1.1.1-load-default-engines.patch @@ -1,8 +1,8 @@ diff --git a/crypto/init.c b/crypto/init.c -index 1b0d523bea..9482633c9b 100644 +index 1b0d523bea..86e31c193e 100644 --- a/crypto/init.c +++ b/crypto/init.c -@@ -402,6 +402,67 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) +@@ -402,6 +402,128 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) } # endif # endif @@ -30,7 +30,7 @@ index 1b0d523bea..9482633c9b 100644 + dynamic = ENGINE_by_id("dynamic"); + if (!dynamic) + goto err; -+ ++ + // Add the engines directory to the list of directories to load from and specify that loading + // from the directory list is mandatory (via DIR_LOAD = 2). Otherwise OpenSSL will try to load + // the engine from the default ld search path, fail, and skip loading from the engines dir. @@ -55,6 +55,7 @@ index 1b0d523bea..9482633c9b 100644 + if (!ENGINE_set_default_string(symcrypt, "ALL")) + goto err; + ++ ret = 1; +err: + ENGINE_free(symcrypt); + ENGINE_free(dynamic); @@ -66,11 +67,71 @@ index 1b0d523bea..9482633c9b 100644 + + return ret; +} ++# endif ++ ++#ifndef OPENSSL_NO_KEYSINUSE_ENGINE ++static CRYPTO_ONCE engine_keysinuse = CRYPTO_ONCE_STATIC_INIT; ++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_keysinuse) ++{ ++ int ret = 0; ++ ++ ENGINE *dynamic = NULL; ++ ENGINE *keysinuse = NULL; ++ ++ dynamic = ENGINE_by_id("dynamic"); ++ if (!dynamic) ++ goto err; ++ ++ // Get the default engine directory from the environment - may be NULL ++ char *load_dir = ossl_safe_getenv("OPENSSL_ENGINES"); ++ ++ # ifdef ENGINESDIR ++ // Use the default engines directory, if defined ++ if (load_dir == NULL) ++ { ++ load_dir = ENGINESDIR; ++ } ++ # endif ++ ++ if (!ENGINE_ctrl_cmd_string(dynamic, "DIR_ADD", load_dir, 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(dynamic, "DIR_LOAD", "2", 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(dynamic, "SO_PATH", "keysinuse.so", 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(dynamic, "ID", "keysinuse", 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(dynamic, "LIST_ADD", "2", 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(dynamic, "LOAD", NULL, 0)) ++ goto err; ++ ++ // Pass config values to keysinuse engine ++ keysinuse = ENGINE_by_id("keysinuse"); ++ if (!keysinuse) ++ goto err; ++ ++ // Make KeysInUse the default engine for RSA and EC algorithms ++ if (!ENGINE_set_default_string(keysinuse, "RSA,EC")) ++ goto err; ++ ++ ret = 1; ++err: ++ ENGINE_free(keysinuse); ++ ENGINE_free(dynamic); ++ ++# ifdef OPENSSL_INIT_DEBUG ++ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_keysinuse: %d \n", ++ ret); ++# endif ++ ++ return ret; ++} +# endif #endif #ifndef OPENSSL_NO_COMP -@@ -723,9 +784,13 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) +@@ -723,9 +845,14 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) return 0; # endif @@ -81,8 +142,9 @@ index 1b0d523bea..9482633c9b 100644 + { + if (!RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) + return 0; -+ ++ + RUN_ONCE(&engine_symcrypt, ossl_init_engine_symcrypt); ++ RUN_ONCE(&engine_keysinuse, ossl_init_engine_keysinuse); + } # ifndef OPENSSL_NO_STATIC_ENGINE # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index 4172050a36e..6fac3899a76 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -4,7 +4,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1k -Release: 19%{?dist} +Release: 20%{?dist} License: OpenSSL Vendor: Microsoft Corporation Distribution: Mariner @@ -42,7 +42,7 @@ Patch18: openssl-1.1.1-fips-curves.patch Patch19: openssl-1.1.1-sp80056arev3.patch Patch20: openssl-1.1.1-jitterentropy.patch Patch21: openssl-1.1.1-drbg-seed.patch -Patch22: openssl-1.1.1-fips-SymCrypt.patch +Patch22: openssl-1.1.1-load-default-engines.patch Patch23: CVE-2021-3711.patch Patch24: CVE-2021-3712.patch Patch25: CVE-2022-0778.patch @@ -339,6 +339,9 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist %postun libs -p /sbin/ldconfig %changelog +* Mon Aug 15 2022 Pawel Winogrodzki - 1.1.1k-20 +- Bumping "Release" to sync spec versions across branches. + * Wed Jul 13 2022 Maxwell Moyer-McKee - 1.1.1k-19 - Removed portion of load-default-engines test causing unit test failure diff --git a/cgmanifest.json b/cgmanifest.json index 07268def9e1..940509161b7 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -7336,6 +7336,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "KeysInUse-OpenSSL", + "version": "0.3.1", + "downloadUrl": "https://github.com/microsoft/KeysInUse-OpenSSL/archive/v0.3.1.tar.gz" + } + } + }, { "component": { "type": "other", diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 3e9b48aeea3..1c734f7a653 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.aarch64.rpm gtk-doc-1.33.2-1.cm2.noarch.rpm autoconf-2.71-3.cm2.noarch.rpm automake-1.16.5-1.cm2.noarch.rpm -openssl-1.1.1k-19.cm2.aarch64.rpm -openssl-devel-1.1.1k-19.cm2.aarch64.rpm -openssl-libs-1.1.1k-19.cm2.aarch64.rpm -openssl-perl-1.1.1k-19.cm2.aarch64.rpm -openssl-static-1.1.1k-19.cm2.aarch64.rpm +openssl-1.1.1k-20.cm2.aarch64.rpm +openssl-devel-1.1.1k-20.cm2.aarch64.rpm +openssl-libs-1.1.1k-20.cm2.aarch64.rpm +openssl-perl-1.1.1k-20.cm2.aarch64.rpm +openssl-static-1.1.1k-20.cm2.aarch64.rpm libcap-2.60-1.cm2.aarch64.rpm libcap-devel-2.60-1.cm2.aarch64.rpm debugedit-5.0-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 25b4b79d54c..a6ec7a95c63 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.x86_64.rpm gtk-doc-1.33.2-1.cm2.noarch.rpm autoconf-2.71-3.cm2.noarch.rpm automake-1.16.5-1.cm2.noarch.rpm -openssl-1.1.1k-19.cm2.x86_64.rpm -openssl-devel-1.1.1k-19.cm2.x86_64.rpm -openssl-libs-1.1.1k-19.cm2.x86_64.rpm -openssl-perl-1.1.1k-19.cm2.x86_64.rpm -openssl-static-1.1.1k-19.cm2.x86_64.rpm +openssl-1.1.1k-20.cm2.x86_64.rpm +openssl-devel-1.1.1k-20.cm2.x86_64.rpm +openssl-libs-1.1.1k-20.cm2.x86_64.rpm +openssl-perl-1.1.1k-20.cm2.x86_64.rpm +openssl-static-1.1.1k-20.cm2.x86_64.rpm libcap-2.60-1.cm2.x86_64.rpm libcap-devel-2.60-1.cm2.x86_64.rpm debugedit-5.0-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 7e9b727c307..46bb3b68457 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -259,12 +259,12 @@ npth-1.6-4.cm2.aarch64.rpm npth-debuginfo-1.6-4.cm2.aarch64.rpm npth-devel-1.6-4.cm2.aarch64.rpm ntsysv-1.20-3.cm2.aarch64.rpm -openssl-1.1.1k-19.cm2.aarch64.rpm -openssl-debuginfo-1.1.1k-19.cm2.aarch64.rpm -openssl-devel-1.1.1k-19.cm2.aarch64.rpm -openssl-libs-1.1.1k-19.cm2.aarch64.rpm -openssl-perl-1.1.1k-19.cm2.aarch64.rpm -openssl-static-1.1.1k-19.cm2.aarch64.rpm +openssl-1.1.1k-20.cm2.aarch64.rpm +openssl-debuginfo-1.1.1k-20.cm2.aarch64.rpm +openssl-devel-1.1.1k-20.cm2.aarch64.rpm +openssl-libs-1.1.1k-20.cm2.aarch64.rpm +openssl-perl-1.1.1k-20.cm2.aarch64.rpm +openssl-static-1.1.1k-20.cm2.aarch64.rpm p11-kit-0.24.1-1.cm2.aarch64.rpm p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm p11-kit-devel-0.24.1-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 9f2227f95a9..295f5b3dd42 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -259,12 +259,12 @@ npth-1.6-4.cm2.x86_64.rpm npth-debuginfo-1.6-4.cm2.x86_64.rpm npth-devel-1.6-4.cm2.x86_64.rpm ntsysv-1.20-3.cm2.x86_64.rpm -openssl-1.1.1k-19.cm2.x86_64.rpm -openssl-debuginfo-1.1.1k-19.cm2.x86_64.rpm -openssl-devel-1.1.1k-19.cm2.x86_64.rpm -openssl-libs-1.1.1k-19.cm2.x86_64.rpm -openssl-perl-1.1.1k-19.cm2.x86_64.rpm -openssl-static-1.1.1k-19.cm2.x86_64.rpm +openssl-1.1.1k-20.cm2.x86_64.rpm +openssl-debuginfo-1.1.1k-20.cm2.x86_64.rpm +openssl-devel-1.1.1k-20.cm2.x86_64.rpm +openssl-libs-1.1.1k-20.cm2.x86_64.rpm +openssl-perl-1.1.1k-20.cm2.x86_64.rpm +openssl-static-1.1.1k-20.cm2.x86_64.rpm p11-kit-0.24.1-1.cm2.x86_64.rpm p11-kit-debuginfo-0.24.1-1.cm2.x86_64.rpm p11-kit-devel-0.24.1-1.cm2.x86_64.rpm