Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl-3 for openSUSE:Factory
checked in at 2022-03-16 20:20:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl-3 (Old)
and /work/SRC/openSUSE:Factory/.openssl-3.new.25692 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-3"
Wed Mar 16 20:20:36 2022 rev:2 rq:962004 version:3.0.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl-3/openssl-3.changes 2022-02-02
22:40:08.648048164 +0100
+++ /work/SRC/openSUSE:Factory/.openssl-3.new.25692/openssl-3.changes
2022-03-16 20:20:41.740980107 +0100
@@ -1,0 +2,29 @@
+Tue Mar 15 17:41:47 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 3.0.2: [bsc#1196877, CVE-2022-0778]
+ * Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
+ in BN_mod_sqrt() reachable when parsing certificates.
+ * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
+ (RFC 5489) to the list of ciphersuites providing Perfect Forward
+ Secrecy as required by SECLEVEL >= 3.
+ * Made the AES constant time code for no-asm configurations
+ optional due to the resulting 95% performance degradation.
+ The AES constant time code can be enabled, for no assembly
+ builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
+ * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to
+ use empty passphrase strings.
+ * The negative return value handling of the certificate
+ verification callback was reverted. The replacement is to set
+ the verification retry state with the SSL_set_retry_verify()
+ function.
+ * Rebase openssl-use-versioned-config.patch
+
+-------------------------------------------------------------------
+Tue Feb 22 18:46:13 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- Keep CA_default and tsa_config1 default paths in openssl3.cnf
+- Rebase patches:
+ * openssl-Override-default-paths-for-the-CA-directory-tree.patch
+ * openssl-use-versioned-config.patch
+
+-------------------------------------------------------------------
Old:
----
openssl-3.0.1.tar.gz
openssl-3.0.1.tar.gz.asc
New:
----
openssl-3.0.2.tar.gz
openssl-3.0.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-3.spec ++++++
--- /var/tmp/diff_new_pack.hZMK97/_old 2022-03-16 20:20:42.668980775 +0100
+++ /var/tmp/diff_new_pack.hZMK97/_new 2022-03-16 20:20:42.672980778 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openssl-3
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-3
# Don't forget to update the version in the "openssl" package!
-Version: 3.0.1
+Version: 3.0.2
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0
@@ -52,7 +52,6 @@
# Add requires for ct_log_list.cnf{,.dist}
Requires: openssl
-
%description
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
++++++ openssl-3.0.1.tar.gz -> openssl-3.0.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/openssl-3/openssl-3.0.1.tar.gz
/work/SRC/openSUSE:Factory/.openssl-3.new.25692/openssl-3.0.2.tar.gz differ:
char 13, line 1
++++++ openssl-Override-default-paths-for-the-CA-directory-tree.patch ++++++
--- /var/tmp/diff_new_pack.hZMK97/_old 2022-03-16 20:20:42.776980853 +0100
+++ /var/tmp/diff_new_pack.hZMK97/_new 2022-03-16 20:20:42.780980856 +0100
@@ -40,22 +40,4 @@
####################################################################
[ ca ]
-@@ -79,7 +88,7 @@ default_ca = CA_default # The default c
- ####################################################################
- [ CA_default ]
-
--dir = ./demoCA # Where everything is kept
-+dir = /etc/pki/CA # Where everything is kept
- certs = $dir/certs # Where the issued certs are kept
- crl_dir = $dir/crl # Where the issued crl are kept
- database = $dir/index.txt # database index file.
-@@ -309,7 +318,7 @@ default_tsa = tsa_config1 # the default
- [ tsa_config1 ]
-
- # These are used by the TSA reply generation only.
--dir = ./demoCA # TSA root directory
-+dir = /etc/pki/CA # TSA root directory
- serial = $dir/tsaserial # The current serial number
(mandatory)
- crypto_device = builtin # OpenSSL engine to use for signing
- signer_cert = $dir/tsacert.pem # The TSA signing certificate
++++++ openssl-use-versioned-config.patch ++++++
--- /var/tmp/diff_new_pack.hZMK97/_old 2022-03-16 20:20:42.808980876 +0100
+++ /var/tmp/diff_new_pack.hZMK97/_new 2022-03-16 20:20:42.808980876 +0100
@@ -6,10 +6,10 @@
Refactored for SUSE by Simon Lees sfl...@suse.de
-Index: openssl-3.0.1/include/internal/cryptlib.h
+Index: openssl-3.0.2/include/internal/cryptlib.h
===================================================================
---- openssl-3.0.1.orig/include/internal/cryptlib.h
-+++ openssl-3.0.1/include/internal/cryptlib.h
+--- openssl-3.0.2.orig/include/internal/cryptlib.h
++++ openssl-3.0.2/include/internal/cryptlib.h
@@ -61,7 +61,7 @@ DEFINE_STACK_OF(EX_CALLBACK)
typedef struct mem_st MEM;
DEFINE_LHASH_OF(MEM);
@@ -19,19 +19,10 @@
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR
-Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl
+Index: openssl-3.0.2/Configurations/unix-Makefile.tmpl
===================================================================
---- openssl-3.0.1.orig/Configurations/unix-Makefile.tmpl
-+++ openssl-3.0.1/Configurations/unix-Makefile.tmpl
-@@ -129,7 +129,7 @@ GENERATED_PODS={- # common0.tmpl provide
- fill_lines(" ", $COLUMNS - 15,
- map { my $x = $_;
- (
-- grep {
-+ grep {
-
$unified_info{attributes}->{depends}
- ->{$x}->{$_}->{pod} // 0
- }
+--- openssl-3.0.2.orig/Configurations/unix-Makefile.tmpl
++++ openssl-3.0.2/Configurations/unix-Makefile.tmpl
@@ -675,14 +675,14 @@ install_ssldirs:
: {- output_on() if windowsdll(); "" -}; \
fi; \
@@ -71,21 +62,21 @@
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl.cnf
+link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl3.cnf
- $(BLDDIR)/util/opensslwrap.sh: configdata.pm
+ $(BLDDIR)/util/opensslwrap.sh: Makefile
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
-@@ -1382,7 +1382,7 @@ $(BLDDIR)/util/opensslwrap.sh: configdat
+@@ -1382,7 +1382,7 @@ $(BLDDIR)/util/opensslwrap.sh: Makefile
ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \
fi
--$(BLDDIR)/apps/openssl.cnf: configdata.pm
-+$(BLDDIR)/apps/openssl3.cnf: configdata.pm
+-$(BLDDIR)/apps/openssl.cnf: Makefile
++$(BLDDIR)/apps/openssl3.cnf: Makefile
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
mkdir -p "$(BLDDIR)/apps"; \
ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \
-Index: openssl-3.0.1/Configure
+Index: openssl-3.0.2/Configure
===================================================================
---- openssl-3.0.1.orig/Configure
-+++ openssl-3.0.1/Configure
+--- openssl-3.0.2.orig/Configure
++++ openssl-3.0.2/Configure
@@ -56,7 +56,7 @@ EOF
# directories bin, lib, include, share/man, share/doc/openssl
# This becomes the value of INSTALLTOP in Makefile
@@ -95,10 +86,10 @@
# If it's a relative directory, it will be added on the
directory
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
-Index: openssl-3.0.1/doc/HOWTO/certificates.txt
+Index: openssl-3.0.2/doc/HOWTO/certificates.txt
===================================================================
---- openssl-3.0.1.orig/doc/HOWTO/certificates.txt
-+++ openssl-3.0.1/doc/HOWTO/certificates.txt
+--- openssl-3.0.2.orig/doc/HOWTO/certificates.txt
++++ openssl-3.0.2/doc/HOWTO/certificates.txt
@@ -16,7 +16,7 @@ Certificate authorities should read http
In all the cases shown below, the standard configuration file, as
compiled into openssl, will be used. You may find it in /etc/,
@@ -108,10 +99,10 @@
You can specify a different configuration file using the
'-config {file}' argument with the commands shown below.
-Index: openssl-3.0.1/doc/man3/OPENSSL_config.pod
+Index: openssl-3.0.2/doc/man3/OPENSSL_config.pod
===================================================================
---- openssl-3.0.1.orig/doc/man3/OPENSSL_config.pod
-+++ openssl-3.0.1/doc/man3/OPENSSL_config.pod
+--- openssl-3.0.2.orig/doc/man3/OPENSSL_config.pod
++++ openssl-3.0.2/doc/man3/OPENSSL_config.pod
@@ -17,7 +17,7 @@ see L<openssl_user_macros(7)>:
=head1 DESCRIPTION
@@ -121,16 +112,10 @@
reads from the application section B<appname>. If B<appname> is NULL then
the default section, B<openssl_conf>, will be used.
Errors are silently ignored.
-Index: openssl-3.0.1/INSTALL.md
+Index: openssl-3.0.2/INSTALL.md
===================================================================
---- openssl-3.0.1.orig/INSTALL.md
-+++ openssl-3.0.1/INSTALL.md
-@@ -1,4 +1,4 @@
--Build and Install
-+fBuild and Install
- =================
-
- This document describes installation on all supported operating
+--- openssl-3.0.2.orig/INSTALL.md
++++ openssl-3.0.2/INSTALL.md
@@ -567,7 +567,7 @@ is an objective.
### no-autoload-config
