Overview
Request 1133088 superseded
Automatic submission by obs-autosubmit
- Created by factory-maintainer
- In state superseded
- Supersedes 1130980
- Superseded by 1138252
-
Open review for
factory-staging
Hi
At least 15 packages failing directly with openssl + openssl-3:
apache2:test_event apache2:test_prefork apache2:test_worker certmonger ibmswtpm2 nodejs20 perl-IO-Socket-SSL perl-Net-SSLeay python-cheroot python-M2Crypto python-tornado6 python-urllib3_1:test python-websockets qca:qt5 ruby3.2:testsuite
ibmswtpm2 fixed and patch for certmonger is waiting for appoval in devel project 1132824
Request History
factory-maintainer created request
Automatic submission by obs-autosubmit
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar accepted review
anag+factory set openSUSE:Factory:Staging:B as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:B"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:B"
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:B"
anag+factory set openSUSE:Factory:Staging:A as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:A"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:A"
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:A"
anag+factory set openSUSE:Factory:Staging:O as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:O"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:O"
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:O"
- Security fix: [bsc#1218690, CVE-2023-6129]
* POLY1305: Fix vector register clobbering on PowerPC
* Add openssl-CVE-2023-6129.patch
- Add patch to fix BTI enablement on aarch64:
* openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
- Update to 3.2.0:
* The BLAKE2b hash algorithm supports a configurable output length
by setting the "size" parameter.
* Enable extra Arm64 optimization on Windows for GHASH, RAND and
AES.
* Added a function to delete objects from store by URI -
OSSL_STORE_delete() and the corresponding provider-storemgmt API
function OSSL_FUNC_store_delete().
* Added OSSL_FUNC_store_open_ex() provider-storemgmt API function to
pass a passphrase callback when opening a store.
* Changed the default salt length used by PBES2 KDF's (PBKDF2 and
scrypt) from 8 bytes to 16 bytes. The PKCS5 (RFC 8018) standard
uses a 64 bit salt length for PBE, and recommends a minimum of 64
bits for PBES2. For FIPS compliance PBKDF2 requires a salt length
of 128 bits. This affects OpenSSL command line applications such
as "genrsa" and "pkcs8" and API's such as
PEM_write_bio_PrivateKey() that are reliant on the default value.
The additional commandline option 'saltlen' has been added to the
OpenSSL command line applications for "pkcs8" and "enc" to allow
the salt length to be set to a non default value.
* Changed the default value of the ess_cert_id_alg configuration
option which is used to calculate the TSA's public key
certificate identifier. The default algorithm is updated to be
waiting for python-m2crypto