Revisions of openssl-3
Ana Guerrero (anag+factory)
accepted
request 1217013
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 32)
Ana Guerrero (anag+factory)
accepted
request 1208827
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 31)
Ana Guerrero (anag+factory)
accepted
request 1202944
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 30)
Ana Guerrero (anag+factory)
accepted
request 1198659
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 29)
Dominique Leuenberger (dimstar_suse)
accepted
request 1192379
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 28)
Dominique Leuenberger (dimstar_suse)
accepted
request 1189313
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 27)
Ana Guerrero (anag+factory)
accepted
request 1187470
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 26)
Dominique Leuenberger (dimstar_suse)
accepted
request 1172941
from
Otto Hollmann (ohollmann)
(revision 23)
Dominique Leuenberger (dimstar_suse)
accepted
request 1172431
from
Otto Hollmann (ohollmann)
(revision 22)
Dominique Leuenberger (dimstar_suse)
accepted
request 1153155
from
Otto Hollmann (ohollmann)
(revision 21)
Ana Guerrero (anag+factory)
accepted
request 1144625
from
Otto Hollmann (ohollmann)
(revision 20)
- Add migration script to move old files (bsc#1219562) /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave They will be later restored by openssl-1_1 package to engines1.1.d and engdef1.1.d - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch
Ana Guerrero (anag+factory)
accepted
request 1142584
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 19)
- Encapsulate the fips provider into a new package called libopenssl-3-fips-provider. - Added openssl-3-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ to above versioned directories. - Updated spec file to create the two new necessary directores for the above patch and two symbolic links to above directories. [bsc#1194187, bsc#1207472, bsc#1218933] - Security fix: [bsc#1218810, CVE-2023-6237] * Limit the execution time of RSA public key check * Add openssl-CVE-2023-6237.patch - Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch to openssl-crypto-policies-support.patch - Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch - Load the FIPS provider and set FIPS properties implicitly. * Add openssl-Force-FIPS.patch [bsc#1217934] - Disable the fipsinstall command-line utility. * Add openssl-disable-fipsinstall.patch - Add instructions to load legacy provider in openssl.cnf. * openssl-load-legacy-provider.patch - Disable the default provider for the test suite. * openssl-Disable-default-provider-for-test-suite.patch
Ana Guerrero (anag+factory)
accepted
request 1126784
from
Otto Hollmann (ohollmann)
(revision 18)
- Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch
Ana Guerrero (anag+factory)
accepted
request 1120189
from
Otto Hollmann (ohollmann)
(revision 17)
- Update to 3.1.4: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length [bsc#1216163, CVE-2023-5363]. - Performance enhancements for cryptography from OpenSSL 3.2 [jsc#PED-5086, jsc#PED-3514] * Add patches: - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch - FIPS: Add the FIPS_mode() compatibility macro and flag support. * Add patches: - openssl-Add-FIPS_mode-compatibility-macro.patch - openssl-Add-Kernel-FIPS-mode-flag-support.patch
Ana Guerrero (anag+factory)
accepted
request 1118892
from
Factory Maintainer (factory-maintainer)
(revision 16)
Automatic submission by obs-autosubmit
Ana Guerrero (anag+factory)
accepted
request 1113690
from
Factory Maintainer (factory-maintainer)
(revision 15)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 1101934
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 14)
Ana Guerrero (anag+factory)
accepted
request 1099669
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 13)
Displaying revisions 1 - 20 of 32