1.20.0-3 (component version v-2.18.16)

Author: jenkins[bot]

Dependencies.md

@@ -14,17 +14,17 @@
 | libunwind       | 1.8.1        | MIT          | https://github.com/libunwind/libunwind/releases/tag/v1.8.1           |
 | libxml2         | 2.14.5       | MIT          | https://github.com/GNOME/libxml2/tree/v2.14.5                        |
 | magic_enum      | 0.9.7        | MIT          | https://github.com/Neargye/magic_enum/releases/tag/v0.9.7            |
-| openssl*        | 3.0.18       | OpenSSL      | https://github.com/openssl/openssl/tree/openssl-3.0.18               |
+| openssl*        | 3.0.19       | OpenSSL      | https://github.com/openssl/openssl/tree/openssl-3.0.19               |
 | prometheus-cpp  | 1.3.0        | MIT          | https://github.com/jupp0r/prometheus-cpp/releases/tag/v1.3.0         |
 | rapidjson       | cci.20230929 | MIT          | https://github.com/Tencent/rapidjson                                 |
 | redis-plus-plus | 1.3.15       | Apache-2.0   | https://github.com/sewenew/redis-plus-plus/releases/tag/1.3.15       |
 | zlib            | 1.3.1        | Zlib License | https://github.com/madler/zlib/tree/v1.3.1                           |
 | zstd            | 1.5.7        | BSD-3-Clause | https://github.com/facebook/zstd/tree/v1.5.7                         |
 
-\* openssl 3.0.18: The openssl 3.0.18 is based on the version provided by conan-center (https://conan.io/center/)
+\* openssl 3.0.19: The openssl 3.0.19 is based on the version provided by conan-center (https://conan.io/center/)
 additionally a patch has been applied to access the embedded OCSP response.
 The changed package recipes and the patch are located in the subfolder `conan-recipes/openssl`
 
-\* openssl 3.0.18: Die verwendete openssl 3.0.18 basiert auf der auf conan-center (https://conan.io/center/) verfügbaren.
+\* openssl 3.0.19: Die verwendete openssl 3.0.19 basiert auf der auf conan-center (https://conan.io/center/) verfügbaren.
 zusätzlich wird ein weiterer Patch angewandt, der den Zugriff auf die eingebettete OCSP-Response ermöglicht.
 Das geänderte Conan-Rezept und der Patch befinden sich im Unterordner `conan-recipes/openssl`

conan-recipes/README.md

@@ -16,8 +16,8 @@ export each recipe, locally with:
 `conan export . erp/stable`
 
 openssl:
-`conan create conanfile.py --version 3.0.18+erp --build=missing`
-`conan upload -r erp-conan-2 openssl/3.0.18+erp`
+`conan create conanfile.py --version 3.0.19+erp --build=missing`
+`conan upload -r erp-conan-2 openssl/3.0.19+erp`
 
 xmlsec:
 ```sh

conan-recipes/openssl/conandata.yml

@@ -1,13 +1,13 @@
 sources:
-  3.0.18+erp:
-    sha256: d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b
+  3.0.19+erp:
+    sha256: fa5a4143b8aae18be53ef2f3caf29a2e0747430b8bc74d32d88335b94ab63072
     url:
-      - "https://www.openssl.org/source/openssl-3.0.18.tar.gz"
-      - "https://www.openssl.org/source/old/3.0.18/openssl-3.0.18.tar.gz"
+      - "https://www.openssl.org/source/openssl-3.0.19.tar.gz"
+      - "https://www.openssl.org/source/old/3.0.19/openssl-3.0.19.tar.gz"
 
 patches:
-  3.0.18+erp:
-    - patch_file: patches/0001-3.0.18-erp-cms.patch
+  3.0.19+erp:
+    - patch_file: patches/0001-3.0.19-erp-cms.patch
       patch_description: "erp-cms"
-    - patch_file: patches/0002-3.0.18-erp-cms-counter-signature.patch
+    - patch_file: patches/0002-3.0.19-erp-cms-counter-signature.patch
       patch_description: "erp-cms-counter-signature"

…penssl/patches/0001-3.0.18-erp-cms.patch …penssl/patches/0001-3.0.19-erp-cms.patchconan-recipes/openssl/patches/0001-3.0.18-erp-cms.patch renamed to conan-recipes/openssl/patches/0001-3.0.19-erp-cms.patch conan-recipes/openssl/patches/0001-3.0.18-erp-cms.patch renamed to conan-recipes/openssl/patches/0001-3.0.19-erp-cms.patch

@@ -1,34 +1,33 @@
-From a95317169da5b00b00727b2cf48c0f40baec8cf8 Mon Sep 17 00:00:00 2001
+From 01266fb2404157c9f690007dc796c6ea298ee537 Mon Sep 17 00:00:00 2001
 From: redacted <redacted>
-Date: Wed, 1 Oct 2025 12:22:35 +0200
-Subject: [PATCH 1/2] 3.0.18-erp-cms.patch
+Date: Wed, 28 Jan 2026 15:55:28 +0100
+Subject: [PATCH 1/2] 3.0.19-erp-cms.patch
 
 ---
- crypto/cms/cms_asn1.c    |  3 +-
+ crypto/cms/cms_asn1.c    |  2 +-
  crypto/cms/cms_lib.c     | 71 ++++++++++++++++++++++++++++++++++++++++
  crypto/cms/cms_local.h   |  1 +
  include/openssl/cms.h.in |  8 +++++
- 4 files changed, 82 insertions(+), 1 deletion(-)
+ 4 files changed, 81 insertions(+), 1 deletion(-)
 
 diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
-index 9509520..2177835 100644
+index a920f22..ddafc59 100644
 --- a/crypto/cms/cms_asn1.c
 +++ b/crypto/cms/cms_asn1.c
-@@ -69,7 +69,8 @@ ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+@@ -60,7 +60,7 @@ ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
  ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
-         ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
-         ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+     ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+     ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
 -} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
 +} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
-+
 
- ASN1_CHOICE(CMS_RevocationInfoChoice) = {
-         ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+     ASN1_CHOICE(CMS_RevocationInfoChoice)
+     = { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
 diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
-index 67b3562..b063149 100644
+index 0f3d2b4..c3cf633 100644
 --- a/crypto/cms/cms_lib.c
 +++ b/crypto/cms/cms_lib.c
-@@ -611,6 +611,26 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+@@ -609,6 +609,26 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
      return 0;
  }
 
@@ -55,7 +54,7 @@ index 67b3562..b063149 100644
  STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
  {
      STACK_OF(X509) *certs = NULL;
-@@ -663,6 +683,57 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+@@ -660,6 +680,57 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
      return crls;
  }
 
@@ -114,10 +113,10 @@ index 67b3562..b063149 100644
  {
      int ret;
 diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h
-index 1e0e091..0ec4ea4 100644
+index dbf71c5..28a77a9 100644
 --- a/crypto/cms/cms_local.h
 +++ b/crypto/cms/cms_local.h
-@@ -493,6 +493,7 @@ DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+@@ -492,6 +492,7 @@ DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
  DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
  DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
  DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
@@ -126,10 +125,10 @@ index 1e0e091..0ec4ea4 100644
  DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
  DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
 diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in
-index da20ddf..cb24d82 100644
+index 5e71329..c3c2cca 100644
 --- a/include/openssl/cms.h.in
 +++ b/include/openssl/cms.h.in
-@@ -265,6 +265,14 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+@@ -269,6 +269,14 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
  int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
  STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 
@@ -143,6 +142,6 @@ index da20ddf..cb24d82 100644
 +
  int CMS_SignedData_init(CMS_ContentInfo *cms);
  CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-                                 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+     X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
 --
-2.43.0
+2.51.0

…2-3.0.18-erp-cms-counter-signature.patch …2-3.0.19-erp-cms-counter-signature.patchconan-recipes/openssl/patches/0002-3.0.18-erp-cms-counter-signature.patch renamed to conan-recipes/openssl/patches/0002-3.0.19-erp-cms-counter-signature.patch conan-recipes/openssl/patches/0002-3.0.18-erp-cms-counter-signature.patch renamed to conan-recipes/openssl/patches/0002-3.0.19-erp-cms-counter-signature.patch

@@ -1,39 +1,38 @@
-From 7b76c3c5427708f06d1be3d20de60679f7cc2097 Mon Sep 17 00:00:00 2001
+From 0500e2f930ea4505ab22a625af4949d23e7e78b1 Mon Sep 17 00:00:00 2001
 From: redacted <redacted>
-Date: Wed, 1 Oct 2025 12:45:25 +0200
-Subject: [PATCH 2/2] 3.0.18-erp-cms-counter-signature.patch
+Date: Wed, 28 Jan 2026 16:01:13 +0100
+Subject: [PATCH 2/2] 3.0.19-erp-cms-counter-signature.patch
 
 ---
- crypto/cms/cms_att.c     |   3 +-
- crypto/cms/cms_sd.c      | 237 ++++++++++++++++++++++++++++++++++-----
+ crypto/cms/cms_att.c     |   2 +-
+ crypto/cms/cms_sd.c      | 233 +++++++++++++++++++++++++++++++++++----
  include/openssl/cms.h.in |   5 +
- 3 files changed, 217 insertions(+), 28 deletions(-)
+ 3 files changed, 217 insertions(+), 23 deletions(-)
 
 diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
-index 64acda7..18ae55c 100644
+index 86852af..cbe760c 100644
 --- a/crypto/cms/cms_att.c
 +++ b/crypto/cms/cms_att.c
-@@ -43,8 +43,7 @@ static const struct {
+@@ -41,7 +41,7 @@ static const struct {
+     int flags;
+ } cms_attribute_properties[] = {
      /* See RFC Section 11 */
-     { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED
-                              | CMS_ATTR_F_ONLY_ONE
--                             | CMS_ATTR_F_ONE_ATTR_VALUE
--                             | CMS_ATTR_F_REQUIRED_COND },
-+                             | CMS_ATTR_F_ONE_ATTR_VALUE },
-     { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED
-                                | CMS_ATTR_F_ONLY_ONE
-                                | CMS_ATTR_F_ONE_ATTR_VALUE
+-    { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE | CMS_ATTR_F_REQUIRED_COND },
++    { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE },
+     { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE | CMS_ATTR_F_REQUIRED_COND },
+     { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE },
+     { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED },
 diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
-index 4758d04..7016ea2 100644
+index e6ba17c..c562976 100644
 --- a/crypto/cms/cms_sd.c
 +++ b/crypto/cms/cms_sd.c
-@@ -302,23 +302,15 @@ static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si,
+@@ -299,23 +299,15 @@ static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si,
      return ret;
  }
 
 -CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
--                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
--                                unsigned int flags)
+-    X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+-    unsigned int flags)
 +/* Creates and partially initializes a new signer info and adjusts signed data in CMS,
 + * but still do not add it to CMS directly */
 +CMS_SignerInfo *cms_SignerInfo_init(CMS_SignedData *sd,
@@ -57,7 +56,7 @@ index 4758d04..7016ea2 100644
      si = M_ASN1_new_of(CMS_SignerInfo);
      if (!si)
          goto merr;
-@@ -352,7 +344,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+@@ -349,7 +341,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
      if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx))
          goto err;
 
@@ -66,16 +65,16 @@ index 4758d04..7016ea2 100644
          int def_nid;
 
          if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) {
-@@ -360,25 +352,42 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-                            "pkey nid=%d", EVP_PKEY_get_id(pk));
+@@ -357,25 +349,46 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                 "pkey nid=%d", EVP_PKEY_get_id(pk));
              goto err;
          }
 -        md = EVP_get_digestbynid(def_nid);
 -        if (md == NULL) {
 +        *md = EVP_get_digestbynid(def_nid);
 +        if (*md == NULL) {
              ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
-                            "default md nid=%d", def_nid);
+                 "default md nid=%d", def_nid);
              goto err;
          }
      }
@@ -87,10 +86,10 @@ index 4758d04..7016ea2 100644
 +    X509_ALGOR_set_md(si->digestAlgorithm, *md);
 +    return si;
 
--    if (md == NULL) {
--        ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET);
--        goto err;
--    }
+     if (md == NULL) {
+         ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET);
+         goto err;
+     }
 + merr:
 +    ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
 + err:
@@ -120,7 +119,7 @@ index 4758d04..7016ea2 100644
 
      /* See if digest is present in digestAlgorithms */
      for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
-@@ -1114,3 +1123,179 @@ int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+@@ -1112,3 +1125,179 @@ int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
          return 0;
      return 1;
  }
@@ -301,27 +300,27 @@ index 4758d04..7016ea2 100644
 +
 +}
 diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in
-index cb24d82..18c3e14 100644
+index c3c2cca..60a425a 100644
 --- a/include/openssl/cms.h.in
 +++ b/include/openssl/cms.h.in
-@@ -50,6 +50,7 @@ typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
- -}
+@@ -54,6 +54,7 @@ typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+ /* clang-format on */
 
  DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 +DECLARE_ASN1_FUNCTIONS(CMS_SignerInfo)
  DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
  DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
-@@ -391,6 +392,10 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+@@ -395,6 +396,10 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
  int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
-                           ASN1_OCTET_STRING *ukm, int keylen);
+     ASN1_OCTET_STRING *ukm, int keylen);
 
 +int CMS_add1_counter_signature(CMS_SignerInfo *si, CMS_ContentInfo* cms,
 +                               X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
 +                               unsigned int flags);
 +
  /* Backward compatibility for spelling errors. */
- # define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
- # define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
+ #define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
+ #define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
 --
-2.43.0
+2.51.0

conanfile.py

@@ -72,7 +72,7 @@ class ErpProcessingContext(ConanFile):
         'libpqxx/7.10.1',
         'libxml2/2.14.5',
         'magic_enum/0.9.7',
-        'openssl/3.0.18+erp',
+        'openssl/3.0.19+erp',
         'prometheus-cpp/1.3.0',
         'rapidjson/cci.20230929',
         'redis-plus-plus/1.3.15',

version.txt

@@ -1 +1 @@
-v-2.18.15
+v-2.18.16