pool/openssl-3
SHA256
12
0
Fork 2
Code Issues Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=145

Browse Source
This commit is contained in:
Pedro Monreal Gonzalez
2025-05-28 09:26:43 +00:00
committed by Git OBS Bridge
parent 24d6d64b5c
commit 76538713a2
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
openssl-3.changes
View File

@@ -1,7 +1,8 @@
-------------------------------------------------------------------
Mon May 26 10:16:09 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- bsc#1243564 CVE-2025-4575: Fix the x509 application adding trusted use instead of rejected use
- Security fix: [bsc#1243564, CVE-2025-4575]
* Fix the x509 application adding trusted use instead of rejected use
* Add openssl-CVE-2025-4575.patch
-------------------------------------------------------------------
@@ -25,6 +26,8 @@ Mon May 12 10:47:50 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
Fri Apr 4 13:34:27 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Update to 3.5.0:
* Security fixes:
- [bsc#1243459, CVE-2025-27587] Minerva side channel vulnerability in P-384
* Changes:
- Default encryption cipher for the req, cms, and smime applications
changed from des-ede3-cbc to aes-256-cbc.
@@ -34,7 +37,6 @@ Fri Apr 4 13:34:27 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- The default TLS keyshares have been changed to offer X25519MLKEM768
and and X25519.
- All BIO_meth_get_*() functions were deprecated.
- Fixed CVE-2025-27587
* New features:
- Support for server side QUIC (RFC 9000)
- Support for 3rd party QUIC stacks including 0-RTT support

2
openssl-3.spec
View File

@@ -124,7 +124,7 @@ Patch42: openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
Patch43: openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# PATCH-FIX-FEDORA FIPS: Fix the speed command in FIPS mode for KMAC
Patch44: openssl-FIPS-Fix-openssl-speed-KMAC.patch
# PATCH-FIX-UPSTREAM: The x509 application adds trusted use instead of rejected use [bsc#1243564, CVE-2025-4575]
# PATCH-FIX-UPSTREAM bsc#1243564 CVE-2025-4575 The x509 application adds trusted use instead of rejected use
Patch45: openssl-CVE-2025-4575.patch
# ulp-macros is available according to SUSE version.