diff options
author | B Stack <bgstack15@gmail.com> | 2019-07-16 13:24:31 +0000 |
---|---|---|
committer | B Stack <bgstack15@gmail.com> | 2019-07-16 13:24:31 +0000 |
commit | 6651ddc4ddc52ef4491e79a74c2dc3576dab2c70 (patch) | |
tree | 6fb69bb5ec481b1ce68892d0b4c14e7bb75e66c2 /openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch | |
parent | freefilesync 10.14 dpkg (diff) | |
parent | remove dep crypto-policies (diff) | |
download | stackrpms-6651ddc4ddc52ef4491e79a74c2dc3576dab2c70.tar.gz stackrpms-6651ddc4ddc52ef4491e79a74c2dc3576dab2c70.tar.bz2 stackrpms-6651ddc4ddc52ef4491e79a74c2dc3576dab2c70.zip |
Merge branch 'freefilesync-rpm' into 'freefilesync-bump'
Bring rpm changes into main bump branch
See merge request bgstack15/stackrpms!72
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch')
-rw-r--r-- | openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch new file mode 100644 index 0000000..5756c68 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch @@ -0,0 +1,26 @@ +diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c +--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100 +@@ -7,6 +7,9 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE ++ + #include <stdio.h> + #include <time.h> + #include <sys/types.h> +@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it + if (ret != 2) + goto err; + ret = -1; ++ } else if ((mdnid == NID_md5 ++ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type = EVP_get_digestbynid(mdnid); + |