- Fix the definitions of RSA_get0_key, EVP_MD_CTX_new,
  EVP_MD_CTX_free and X509_NAME_ENTRY_set to prevent segfaults
  on running Salt Testsuite with old OpenSSL versions.
- Modified:
  * fix-build-with-old-ssl.patch

• Files Changed
• Browse Source

- Make patch for missing ERR_GET_... definitions more flexible
  for different OpenSSL versions
- Add simple test into %check section to check if the definitions
  are in place on building the package
- Modified:
  * definitions-ERR_GET.patch

• Files Changed
• Browse Source

- Apply fips-mode.patch and definitions-ERR_GET.patch on
  Ubuntu 24.04 and fix the condition in advance for future products

• Files Changed
• Browse Source

- Apply fips-mode.patch and definitions-ERR_GET.patch on SL Micro 6.0
  and other new SUSE clients.

• Files Changed
• Browse Source

next to testing

• Files Changed
• Browse Source

- Adding missing file reference:
  * saltbundlepy-cryptography.keyring

• Files Changed
• Browse Source

- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects

• Files Changed
• Browse Source

- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (>2GB) could
    result in an integer overflow, leading to buffer overflows.
    CVE-2020-36242
  - drops CVE-2020-36242-buffer-overflow.patch on older dists
- update to 3.3.1:
  * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use 
- update to 3.3.0
  - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
    due to low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
    to 1024-bit (8 byte to 128 byte) initialization vectors. This
    change is to conform with an upcoming OpenSSL release that will
    no longer support sizes outside this window.
  - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
    now raise ValueError rather than UnsupportedAlgorithm when an
    unsupported cipher is used. This change is to conform with an
    upcoming OpenSSL release that will no longer distinguish
    between error types.
  - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
    field Diffie-Hellman parameters of less than 512 bits in
    length. This change is to conform with an upcoming OpenSSL
    release that no longer supports smaller sizes. These keys were
    already wildly insecure and should not have been used in any
    application outside of testing.
  - Updated Windows, macOS, and manylinux wheels to be compiled
    with OpenSSL 1.1.1i.
  - Python 2 support is deprecated in cryptography. This is the
    last release that will support Python 2.

• Files Changed
• Browse Source

- Drop support for older LibreSSL for RH 9 and higher based distros

• Files Changed
• Browse Source

- Drop support for older LibreSSL for Ubuntu 22.04
- Added:
  * drop-older-libressl.patch

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy-cryptography revision:7

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle package:saltbundlepy-cryptography revision:5

• Browse Source