openSUSE Build Service

Ana Guerrero (anag+factory) accepted request 1217013 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 7 days ago (revision 32)

Ana Guerrero (anag+factory) accepted request 1208827 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 16 days ago (revision 31)

Ana Guerrero (anag+factory) accepted request 1202944 from

Pedro Monreal Gonzalez (pmonrealgonzalez) about 1 month ago (revision 30)

Ana Guerrero (anag+factory) accepted request 1198659 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 2 months ago (revision 29)

Dominique Leuenberger (dimstar_suse) accepted request 1192379 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 3 months ago (revision 28)

Dominique Leuenberger (dimstar_suse) accepted request 1189313 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 3 months ago (revision 27)

Ana Guerrero (anag+factory) accepted request 1187470 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 4 months ago (revision 26)

Ana Guerrero (anag+factory) accepted request 1178897 from

Otto Hollmann (ohollmann) 5 months ago (revision 25)

Ana Guerrero (anag+factory) accepted request 1175444 from

Otto Hollmann (ohollmann) 6 months ago (revision 24)

Dominique Leuenberger (dimstar_suse) accepted request 1172941 from

Otto Hollmann (ohollmann) 6 months ago (revision 23)

Dominique Leuenberger (dimstar_suse) accepted request 1172431 from

Otto Hollmann (ohollmann) 6 months ago (revision 22)

Dominique Leuenberger (dimstar_suse) accepted request 1153155 from

Otto Hollmann (ohollmann) 8 months ago (revision 21)

Ana Guerrero (anag+factory) accepted request 1144625 from

Otto Hollmann (ohollmann) 9 months ago (revision 20)

- Add migration script to move old files (bsc#1219562)
  /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave
  /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave
  They will be later restored by openssl-1_1 package
  to engines1.1.d and engdef1.1.d

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch

Ana Guerrero (anag+factory) accepted request 1142584 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 9 months ago (revision 19)

- Encapsulate the fips provider into a new package called
  libopenssl-3-fips-provider.

- Added openssl-3-use-include-directive.patch so that the default
  /etc/ssl/openssl.cnf file will include any configuration files that
  other packages might place into /etc/ssl/engines3.d/ and
  /etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
  and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
  the above patch and two symbolic links to above directories.
  [bsc#1194187, bsc#1207472, bsc#1218933]

- Security fix: [bsc#1218810, CVE-2023-6237]
  * Limit the execution time of RSA public key check
  * Add openssl-CVE-2023-6237.patch

- Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch
  to openssl-crypto-policies-support.patch

- Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch

- Load the FIPS provider and set FIPS properties implicitly.
  * Add openssl-Force-FIPS.patch [bsc#1217934]
- Disable the fipsinstall command-line utility.
  * Add openssl-disable-fipsinstall.patch
- Add instructions to load legacy provider in openssl.cnf.
  * openssl-load-legacy-provider.patch
- Disable the default provider for the test suite.
  * openssl-Disable-default-provider-for-test-suite.patch

Ana Guerrero (anag+factory) accepted request 1126784 from

Otto Hollmann (ohollmann) 12 months ago (revision 18)

- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch

Ana Guerrero (anag+factory) accepted request 1120189 from

Otto Hollmann (ohollmann) about 1 year ago (revision 17)

- Update to 3.1.4:
  * Fix incorrect key and IV resizing issues when calling
    EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
    with OSSL_PARAM parameters that alter the key or IV length
    [bsc#1216163, CVE-2023-5363].

- Performance enhancements for cryptography from OpenSSL 3.2
  [jsc#PED-5086, jsc#PED-3514]
  * Add patches:
    - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
    - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
    - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
    - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
    - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
    - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch

- FIPS: Add the FIPS_mode() compatibility macro and flag support.
  * Add patches:
    - openssl-Add-FIPS_mode-compatibility-macro.patch
    - openssl-Add-Kernel-FIPS-mode-flag-support.patch

Ana Guerrero (anag+factory) accepted request 1118892 from