Merge pull request #87 from cyberark/update-openssl-1.0.2ze

Update to openssl 1.0.2ze

Author: andytinkham

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+
+## [2.0.2] - 2022-05-17
+
+### Changed
+
+- Upgrade OpenSSL version from 1.0.2zd to 1.0.2ze
+  [cyberark/conjur-base-image#87](https://github.com/cyberark/conjur-base-image/pull/87)
+
 ## [2.0.1] - 2022-04-14
 
 ### Changed

README.md

@@ -36,10 +36,10 @@ work with Conjur Open Source as documented. For more detailed information on our
 * Jenkins pipeline for building the Docker image
 * Automated tests validate FIPS mode is successfully enabled and all artifacts are compiled against the FIPS 140-2 compliant
 * OpenSSL version installed in the Phusion and Ubuntu images:
-  * OpenSSL version: `openssl-1.0.2zd`
+  * OpenSSL version: `openssl-1.0.2ze`
   * OpenSSL FIPS Module version: `openssl-fips-2.0.16`
 * OpenSSL version installed in the UBI image:
-  * OpenSSL version: `openssl-1.1.1c`
+  * OpenSSL version: `openssl-1.1.1k`
 
 ## Usage
 

openssl-builder/README.md

@@ -1,7 +1,7 @@
 # ubuntu-openssl-builder
 An openssl FIPS 140-2 builder
 
-* OpenSSL: `openssl-1.0.2zd`
+* OpenSSL: `openssl-1.0.2ze`
 * OpenSSL FIPS Module: `openssl-fips-2.0.16`
 
 ## Build steps

openssl-builder/build.sh

@@ -4,7 +4,7 @@ set -euxo pipefail
 
 cd "$(dirname "$0")"
 
-OPENSSL_NONFREE_VER='1.0.2zd'
+OPENSSL_NONFREE_VER='1.0.2ze'
 OPENSSL_OSS_VER='1.0.2u'
 OPENSSL_OSS_HASH='ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16'
 OPENSSL_VER="${OPENSSL_VER:-${OPENSSL_NONFREE_VER}}"

phusion-ruby-fips/Description.md

@@ -3,10 +3,10 @@
  with Ruby compiled against the FIPS 140-2 compliant [OpenSSL module](https://www.openssl.org/docs/fips.html).  
 This image includes the following packages:
 
-* OpenSSL version `1.0.2u`: built with  FIPS 140-2 compliant OpenSSL module version `2.0.16`.
+* OpenSSL version `1.0.ze`: built with  FIPS 140-2 compliant OpenSSL module version `2.0.16`.
 * Ruby version `3.0.4`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * OpenLDAP version `2.4.46`: built using OpenSSL rather than gnutls and compiled against the FIPS 140-2 compliant OpenSSL module. 
-* Bundler version `2.2.30`.
+* Bundler version `2.2.33`.
 
 Source code: https://github.com/cyberark/conjur-base-image

phusion-ruby-fips/README.md

@@ -1,11 +1,11 @@
 # Phusion container image
 This container image includes Phusion version `0.11` which contains the following packages:
 
-* OpenSSL version `1.0.2u`: built with  FIPS 140-2 compliant OpenSSL module version: `2.0.16`.
+* OpenSSL version `1.0.2ze`: built with  FIPS 140-2 compliant OpenSSL module version: `2.0.16`.
 * Ruby version `3.0.4`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * OpenLDAP version `2.4.46`: built using openssl rather than gnutls and compiled against the FIPS 140-2 compliant OpenSSL module.
-* Bundler version `2.2.30`.
+* Bundler version `2.2.33`.
 
 
 ## Build steps

phusion-ruby-fips/test.yml

@@ -16,4 +16,4 @@ commandTests:
        xargs strings |
        grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" |
        sort | uniq | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]

test.yml

@@ -8,21 +8,21 @@ commandTests:
   - name: "OpenSSL version"
     command: "openssl"
     args: ["version"]
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022\n$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022\n$"]
   - name: "libssl.so version"
     setup: [["apt-get", "update"], ["apt-get", "install", "-y", "binutils"]]
     command: "bash"
     args:
       - -c
       - find / -type f -name libssl.so* -exec strings {} \; | grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]
   - name: "libcrypto.so version"
     setup: [["apt-get", "update"], ["apt-get", "install", "-y", "binutils"]]
     command: "bash"
     args:
       - -c
       - find / -type f -name libcrypto.so* -exec strings {} \; | grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]
   - name: "OpenSSL accepts FIPS compliant algorithms"
     command: "openssl"
     args:
@@ -52,21 +52,21 @@ commandTests:
     args:
       - -c
       - find / -name *ssl*.*so* | grep ruby | xargs ldd | grep "libcrypto.so" | cut -d' ' -f3 | xargs strings | grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]
   - name: "Ruby linked with valid libssl.so version"
     setup: [["apt-get", "update"], ["apt-get", "install", "-y", "binutils"]]
     command: "bash"
     args:
       - -c
       - find / -name *ssl*.*so* | grep ruby | xargs ldd | grep "libssl.so" | cut -d' ' -f3 | xargs strings | grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]
   - name: "Ruby sees valid OpenSSL version"
     command: "ruby"
     args:
       - -ropenssl
       - -e
       - 'puts OpenSSL::OPENSSL_LIBRARY_VERSION'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022\n$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022\n$"]
   - name: "Ruby accepts FIPS compliant algorithms"
     command: "ruby"
     args:
@@ -92,14 +92,14 @@ commandTests:
     args:
       - -c
       - find / -type f -name libpq.so* | xargs ldd | grep "libcrypto.so" | cut -d' ' -f3 | xargs strings | grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]
   - name: "libpq linked with valid libssl.so version"
     setup: [["apt-get", "update"], ["apt-get", "install", "-y", "binutils"]]
     command: "bash"
     args:
       - -c
       - find / -type f -name libpq.so* | xargs ldd | grep "libssl.so" | cut -d' ' -f3 | xargs strings | grep "^OpenSSL\s\([0-9]\.\)\{2\}[0-9]" | tr -d '\n'
-    expectedOutput: ["^OpenSSL 1.0.2zd-fips  15 Mar 2022$"]
+    expectedOutput: ["^OpenSSL 1.0.2ze-fips  3 May 2022$"]
   - name: "Postgres version"
     command: "pg_dump"
     args: ["--version"]

ubi-ruby-fips/Description.md

@@ -3,9 +3,9 @@
  with Ruby compiled against the FIPS 140-2 compliant [OpenSSL module](https://www.openssl.org/docs/fips.html).  
 This image includes the following packages:
 
-* OpenSSL version `1.1.1c`: with FIPS 140-2 compliant OpenSSL module from RedHat UBI 8.
+* OpenSSL version `1.1.1k`: with FIPS 140-2 compliant OpenSSL module from RedHat UBI 8.
 * Ruby version `3.0.4`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
-* Bundler version `2.2.30`.
+* Bundler version `2.2.33`.
 
 Source code: https://github.com/cyberark/conjur-base-image

ubi-ruby-fips/README.md

@@ -1,10 +1,10 @@
 # UBI container image
 This container image includes UBI version `8` which contains the following packages:
 
-* OpenSSL version `1.1.1c`: with FIPS 140-2 compliant OpenSSL module from RedHat UBI 8.
+* OpenSSL version `1.1.1k`: with FIPS 140-2 compliant OpenSSL module from RedHat UBI 8.
 * Ruby version `3.0.4`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
-* Bundler version `2.2.30`.
+* Bundler version `2.2.33`.
 
 
 ## Build steps