pool/openssl-3
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 893363 from security:tls:unstable

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/893363
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=24
This commit is contained in:
Jason Sikes 2021-05-17 22:28:37 +00:00 committed by Git OBS Bridge
parent fc84692df0
commit 2830ba6131
6 changed files with 104 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openssl-3.0.0-alpha12.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8d78239be66af578b969441252e7c125aa134ef3b9bac6179d84275cfe01950c
size 14142492

11
openssl-3.0.0-alpha12.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAugwsACgkQ2cTSbQ5g
RJE4Wgf6A+BC1k0BFDx27kWfKX0gT2BrD4CjFqRFVXaYVp5GzV2+Z4t4i1YxO94P
VsZffgiepSkh9I4a1pnzrv8AQtljkNLInmfWjONL7wBmo7eIu5uevXojUR78xSTA
gF9TNs3w40krdUlhut7KUQ6BYaqLL1QEBMWRgnMlgtDGB0MIy6u6CMj+Fhhzy7Fx
PXhb4D74ZSVKNwalWIu3C0NtsNmfNs//o//gYq2k1bkoJlw+pjEHs6SQR0AD9Q+i
Cu4UIyhke/sURHonykkBRbyemJFzjWt6QUpNfb8f5AJAUFxm6S1FwT+e3iyolOGv
kjmGBO7H48PAsVnCgg03O9kk1KJurA==
=Kxt4
-----END PGP SIGNATURE-----

3
openssl-3.0.0-alpha16.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:08ce8244b59d75f40f91170dfcb012bf25309cdcb1fef9502e39d694f883d1d1
size 14491795

11
openssl-3.0.0-alpha16.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEyBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3csACgkQ2cTSbQ5g
RJHKXQf4pr540Byd8XODtO0TE/CL1LSRKMGfkA7b0gtjApNQinuF75RjMAwFrGCe
kR+ghu+JiSgH7oavVSwzappJcjKhfG0bu6HHUPnss07h3pB22SPuF9dc6DUP62t0
l1ML0gyBpG/zUI83L8a7Zi7LmVXjgKf18Ie0KPa7NjCdpqmGKICCLxt/fyFGBiaK
Z9yXYswFHwK8B+pjTn/Fc9LUL5Pwqmhu8plt9XAklT0ANmogoAoazuotAup5nUbf
uzYvFy3VRanPi0/3xToefG/EjuFCsWnldmpEiCuGBNpsu33N3v2+vzeNK6NEYKKc
VMmnPyM2kMd4ZeJ5xapUKELS5jzX
=8r5H
-----END PGP SIGNATURE-----

85
openssl-3.changes
View File

@ -1,3 +1,88 @@
-------------------------------------------------------------------
Mon May 10 02:13:06 UTC 2021 - Jason Sikes <jsikes@suse.com>
- Update to 3.0.0. Alpha 16
* Mark pop/clear error stack in der2key_decode_p8
-------------------------------------------------------------------
Sat May 1 19:58:48 UTC 2021 - Jason Sikes <jsikes@suse.com>
- Update to 3.0.0 Alpha 15
* The default manual page suffix ($MANSUFFIX) has been changed to "ossl"
* Added support for Kernel TLS (KTLS). In order to use KTLS, support for it
must be compiled in using the "enable-ktls" compile time option. It must
also be enabled at run time using the SSL_OP_ENABLE_KTLS option.
* The error return values from some control calls (ctrl) have changed.
One significant change is that controls which used to return -2 for
invalid inputs, now return -1 indicating a generic error condition instead.
* Removed EVP_PKEY_set_alias_type().
* All of these low level RSA functions have been deprecated without
replacement:
RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
RSAPrivateKey_dup, RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and
RSA_test_flags.
* All of these RSA flags have been deprecated without replacement:
RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
RSA_METHOD_FLAG_NO_CHECK.
* These low level DH functions have been deprecated without replacement:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags and DH_test_flags.
The DH_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
The DH_FLAG_TYPE_DH and DH_FLAG_TYPE_DHX have been deprecated. Use
EVP_PKEY_is_a() to determine the type of a key. There is no replacement for
setting these flags.
* These low level DSA functions have been deprecated without replacement:
DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
DSA_test_flags.
* The DSA_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
* Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This is a breaking
change from previous OpenSSL versions.
Unlike in previous OpenSSL versions, this means that applications must not
call `EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)` to get SM2 computations.
The `EVP_PKEY_set_alias_type` function has now been removed.
* Parameter and key generation is also reworked to make it possible
to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
SM2 keys directly and must not create an EVP_PKEY_EC key first.
-------------------------------------------------------------------
Wed Apr 14 17:55:21 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.0.0 Alpha 13
* A public key check is now performed during EVP_PKEY_derive_set_peer().
Previously DH was internally doing this during EVP_PKEY_derive().
To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). This
may mean that an error can occur in EVP_PKEY_derive_set_peer() rather than
during EVP_PKEY_derive().
* The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
are deprecated. They are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
* The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
x509 and crl applications.
* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations.
As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA
capable processors.
* Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
is to support encryption and decryption of a digital envelope that is both
authenticated and encrypted using AES GCM mode.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Feb 19 08:58:35 UTC 2021 - Pedro Monreal <pmonreal@suse.com> Fri Feb 19 08:58:35 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

9
openssl-3.spec
View File

@ -20,7 +20,7 @@
%define sover 3 %define sover 3
%define _rname openssl %define _rname openssl
%define vernum 3.0.0 %define vernum 3.0.0
%define relnum alpha12 %define relnum alpha16
%define dash_version %{vernum}-%{relnum} %define dash_version %{vernum}-%{relnum}
Name: openssl-3 Name: openssl-3
# Don't forget to update the version in the "openssl" package! # Don't forget to update the version in the "openssl" package!
@ -42,7 +42,7 @@ Source5: showciphers.c
Patch1: openssl-1.1.0-no-html.patch Patch1: openssl-1.1.0-no-html.patch
Patch2: openssl-truststore.patch Patch2: openssl-truststore.patch
Patch3: openssl-pkgconfig.patch Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch #Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch Patch5: openssl-ppc64-config.patch
Patch6: openssl-no-date.patch Patch6: openssl-no-date.patch
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -119,7 +119,6 @@ export MACHINE=armv6l
enable-ec_nistp_64_gcc_128 \ enable-ec_nistp_64_gcc_128 \
%endif %endif
enable-camellia \ enable-camellia \
no-ec2m \
--prefix=%{_prefix} \ --prefix=%{_prefix} \
--libdir=%{_lib} \ --libdir=%{_lib} \
--openssldir=%{ssletcdir} \ --openssldir=%{ssletcdir} \
@ -168,6 +167,8 @@ find . -type f -exec chmod 644 {} +
# scripts go havoc, among them /usr/sbin/Check. # scripts go havoc, among them /usr/sbin/Check.
# Replace spaces by underscores # Replace spaces by underscores
# for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done # for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
touch $OLDPWD/filelist.doc $OLDPWD/filelist
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) } which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
for i in man?/*; do for i in man?/*; do
if test -L $i ; then if test -L $i ; then
@ -203,7 +204,7 @@ cp %{SOURCE5} .
%{_libdir}/libcrypto.so.%{sover} %{_libdir}/libcrypto.so.%{sover}
%{_libdir}/engines-%{sover} %{_libdir}/engines-%{sover}
%dir %{_libdir}/ossl-modules %dir %{_libdir}/ossl-modules
%{_libdir}/ossl-modules/fips.so #%{_libdir}/ossl-modules/fips.so
%{_libdir}/ossl-modules/legacy.so %{_libdir}/ossl-modules/legacy.so
%files -n libopenssl-3-devel %files -n libopenssl-3-devel