openssl: Fix CVE-2023-50782 affecting python-cryptography

SPECS/openssl/openssl.spec

@@ -4,7 +4,7 @@
 Summary:        Utilities from the general purpose cryptography library with TLS implementation
 Name:           openssl
 Version:        1.1.1k
-Release:        30%{?dist}
+Release:        31%{?dist}
 License:        OpenSSL
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -61,6 +61,7 @@ Patch37:        CVE-2023-3817.patch
 Patch38:        openssl-1.1.1-improve-safety-of-DH.patch
 Patch39:        openssl-1.1.1-add-null-checks-where-contentinfo-data-can-be-null.patch
 Patch40:        openssl-1.1.1-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch
+Patch41:        openssl-1.1.1-pkcs1-implicit-rejection.patch
 BuildRequires:  perl-Test-Warnings
 BuildRequires:  perl-Text-Template
 BuildRequires:  perl(FindBin)
@@ -174,6 +175,7 @@ cp %{SOURCE4} test/
 %patch38 -p1
 %patch39 -p1
 %patch40 -p1
+%patch41 -p1
 
 %build
 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
@@ -363,8 +365,11 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Thu May 23 2024 Juan Camposeco <juan.camposeco@gmail.com> - 1.1.1k-31
+- Implicit rejection of PKCS#1 v1.5 (CVE-2023-50782)
+
 * Fri Apr 19 2024 Tobias Brick <tobaisb@microsoft.com> - 1.1.1k-30
-* Fix unconstrained session cache growth in TLSv1.3
+- Fix unconstrained session cache growth in TLSv1.3
 
 * Wed Feb 14 2024 Tobias Brick <tobiasb@microsoft.com> - 1.1.1k-29
 - Introduce patch to correctly address NULL ContentInfo data

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.aarch64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-30.cm2.aarch64.rpm
-openssl-devel-1.1.1k-30.cm2.aarch64.rpm
-openssl-libs-1.1.1k-30.cm2.aarch64.rpm
-openssl-perl-1.1.1k-30.cm2.aarch64.rpm
-openssl-static-1.1.1k-30.cm2.aarch64.rpm
+openssl-1.1.1k-31.cm2.aarch64.rpm
+openssl-devel-1.1.1k-31.cm2.aarch64.rpm
+openssl-libs-1.1.1k-31.cm2.aarch64.rpm
+openssl-perl-1.1.1k-31.cm2.aarch64.rpm
+openssl-static-1.1.1k-31.cm2.aarch64.rpm
 libcap-2.60-2.cm2.aarch64.rpm
 libcap-devel-2.60-2.cm2.aarch64.rpm
 debugedit-5.0-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.x86_64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-30.cm2.x86_64.rpm
-openssl-devel-1.1.1k-30.cm2.x86_64.rpm
-openssl-libs-1.1.1k-30.cm2.x86_64.rpm
-openssl-perl-1.1.1k-30.cm2.x86_64.rpm
-openssl-static-1.1.1k-30.cm2.x86_64.rpm
+openssl-1.1.1k-31.cm2.x86_64.rpm
+openssl-devel-1.1.1k-31.cm2.x86_64.rpm
+openssl-libs-1.1.1k-31.cm2.x86_64.rpm
+openssl-perl-1.1.1k-31.cm2.x86_64.rpm
+openssl-static-1.1.1k-31.cm2.x86_64.rpm
 libcap-2.60-2.cm2.x86_64.rpm
 libcap-devel-2.60-2.cm2.x86_64.rpm
 debugedit-5.0-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -270,12 +270,12 @@ npth-1.6-4.cm2.aarch64.rpm
 npth-debuginfo-1.6-4.cm2.aarch64.rpm
 npth-devel-1.6-4.cm2.aarch64.rpm
 ntsysv-1.20-4.cm2.aarch64.rpm
-openssl-1.1.1k-30.cm2.aarch64.rpm
-openssl-debuginfo-1.1.1k-30.cm2.aarch64.rpm
-openssl-devel-1.1.1k-30.cm2.aarch64.rpm
-openssl-libs-1.1.1k-30.cm2.aarch64.rpm
-openssl-perl-1.1.1k-30.cm2.aarch64.rpm
-openssl-static-1.1.1k-30.cm2.aarch64.rpm
+openssl-1.1.1k-31.cm2.aarch64.rpm
+openssl-debuginfo-1.1.1k-31.cm2.aarch64.rpm
+openssl-devel-1.1.1k-31.cm2.aarch64.rpm
+openssl-libs-1.1.1k-31.cm2.aarch64.rpm
+openssl-perl-1.1.1k-31.cm2.aarch64.rpm
+openssl-static-1.1.1k-31.cm2.aarch64.rpm
 p11-kit-0.24.1-1.cm2.aarch64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm
 p11-kit-devel-0.24.1-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -276,12 +276,12 @@ npth-1.6-4.cm2.x86_64.rpm
 npth-debuginfo-1.6-4.cm2.x86_64.rpm
 npth-devel-1.6-4.cm2.x86_64.rpm
 ntsysv-1.20-4.cm2.x86_64.rpm
-openssl-1.1.1k-30.cm2.x86_64.rpm
-openssl-debuginfo-1.1.1k-30.cm2.x86_64.rpm
-openssl-devel-1.1.1k-30.cm2.x86_64.rpm
-openssl-libs-1.1.1k-30.cm2.x86_64.rpm
-openssl-perl-1.1.1k-30.cm2.x86_64.rpm
-openssl-static-1.1.1k-30.cm2.x86_64.rpm
+openssl-1.1.1k-31.cm2.x86_64.rpm
+openssl-debuginfo-1.1.1k-31.cm2.x86_64.rpm
+openssl-devel-1.1.1k-31.cm2.x86_64.rpm
+openssl-libs-1.1.1k-31.cm2.x86_64.rpm
+openssl-perl-1.1.1k-31.cm2.x86_64.rpm
+openssl-static-1.1.1k-31.cm2.x86_64.rpm
 p11-kit-0.24.1-1.cm2.x86_64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.x86_64.rpm
 p11-kit-devel-0.24.1-1.cm2.x86_64.rpm