Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory
checked in at 2023-06-28 10:21:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old)
and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.13546 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0"
Wed Jun 28 10:21:35 2023 rev:37 rq: version:1.0.2u
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes
2023-06-27 23:18:04.279887593 +0200
+++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.13546/openssl-1_0_0.changes
2023-06-28 10:21:36.228132248 +0200
@@ -2,21 +1,0 @@
-Tue Jun 20 15:18:56 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com>
-
-- Improve cross-package provides/conflicts [boo#1210313]
- * Remove Conflicts: ssl
- * Add Conflicts: openssl(cli)
-
--------------------------------------------------------------------
-Wed Jun 14 09:34:20 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com>
-
-- Security Fix: [bsc#1207534, CVE-2022-4304]
- * Reworked the Fix for the Timing Oracle in RSA Decryption
- The previous fix for this timing side channel turned out to cause
- a severe 2-3x performance regression in the typical use case
- compared to 1.1.1s.
- * Reworked openssl-CVE-2022-4304.patch
- * Refreshed patches:
- - openssl-CVE-2023-0286.patch
- - openssl-CVE-2023-0464.patch
- - openssl-CVE-2023-0465.patch
-
--------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-1_0_0.spec ++++++
--- /var/tmp/diff_new_pack.O2oc0t/_old 2023-06-28 10:21:37.272138288 +0200
+++ /var/tmp/diff_new_pack.O2oc0t/_new 2023-06-28 10:21:37.276138311 +0200
@@ -136,8 +136,8 @@
BuildRequires: ed
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
+Conflicts: ssl
Provides: ssl
-Conflicts: openssl(cli)
Provides: openssl(cli)
%description
@@ -148,6 +148,7 @@
%package -n libopenssl1_0_0
Summary: Secure Sockets and Transport Layer Security
+License: OpenSSL
Group: Productivity/Networking/Security
Recommends: ca-certificates-mozilla
# Merge back the hmac files bsc#1185116
@@ -162,6 +163,7 @@
%package -n libopenssl10
Summary: Secure Sockets and Transport Layer Security
+License: OpenSSL
Group: Productivity/Networking/Security
%description -n libopenssl10
@@ -176,6 +178,7 @@
%package -n libopenssl1_0_0-steam
Summary: Secure Sockets and Transport Layer Security for steam
+License: OpenSSL
Group: Productivity/Networking/Security
%description -n libopenssl1_0_0-steam
@@ -188,6 +191,7 @@
%package -n libopenssl-1_0_0-devel
Summary: Development files for OpenSSL
+License: OpenSSL
Group: Development/Libraries/C and C++
Requires: libopenssl1_0_0 = %{version}
Requires: pkgconfig(zlib)
@@ -204,6 +208,7 @@
%package doc
Summary: Additional Package Documentation
+License: OpenSSL
Group: Productivity/Networking/Security
Conflicts: openssl-doc
Provides: openssl-doc = %{version}
@@ -216,6 +221,7 @@
%package cavs
Summary: CAVS testing framework and utilities
+License: OpenSSL
Group: Productivity/Networking/Security
Requires: libopenssl1_0_0 = %{version}-%{release}
++++++ openssl-CVE-2022-4304.patch ++++++
++++ 1307 lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-CVE-2022-4304.patch
++++ and
/work/SRC/openSUSE:Factory/.openssl-1_0_0.new.13546/openssl-CVE-2022-4304.patch
++++++ openssl-CVE-2023-0286.patch ++++++
--- /var/tmp/diff_new_pack.O2oc0t/_old 2023-06-28 10:21:37.472139446 +0200
+++ /var/tmp/diff_new_pack.O2oc0t/_new 2023-06-28 10:21:37.476139468 +0200
@@ -14,7 +14,7 @@
+++ b/CHANGES
@@ -9,6 +9,24 @@
- Changes between 1.0.2t and 1.0.2u [20 Dec 2019]
+ Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
+ *) Fixed a type confusion vulnerability relating to X.400 address processing
+ inside an X.509 GeneralName. X.400 addresses were parsed as an
ASN1_STRING
@@ -34,9 +34,9 @@
+
+ [Hugo Landau]
+
- *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
- used in exponentiation with 512-bit moduli. No EC algorithms are
- affected. Analysis suggests that attacks against 2-prime RSA1024,
+ *) Client DoS due to large DH parameter
+
+ During key agreement in a TLS handshake using a DH(E) based ciphersuite a
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -148,7 +148,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
++++++ openssl-CVE-2023-0464.patch ++++++
--- /var/tmp/diff_new_pack.O2oc0t/_old 2023-06-28 10:21:37.488139538 +0200
+++ /var/tmp/diff_new_pack.O2oc0t/_new 2023-06-28 10:21:37.488139538 +0200
@@ -27,7 +27,7 @@
+++ b/CHANGES
@@ -9,6 +9,14 @@
- Changes between 1.0.2t and 1.0.2u [20 Dec 2019]
+ Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
+ *) Limited the number of nodes created in a policy tree to mitigate
+ against CVE-2023-0464. The default limit is set to 1000 nodes, which
++++++ openssl-CVE-2023-0465.patch ++++++
--- /var/tmp/diff_new_pack.O2oc0t/_old 2023-06-28 10:21:37.500139607 +0200
+++ /var/tmp/diff_new_pack.O2oc0t/_new 2023-06-28 10:21:37.504139631 +0200
@@ -30,9 +30,9 @@
+ certificate altogether. (CVE-2023-0465)
+ [Matt Caswell]
+
- *) Limited the number of nodes created in a policy tree to mitigate
- against CVE-2023-0464. The default limit is set to 1000 nodes, which
- should be sufficient for most installations. If required, the limit
+ *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+ used in exponentiation with 512-bit moduli. No EC algorithms are
+ affected. Analysis suggests that attacks against 2-prime RSA1024,
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@
