expected. [bsc#1236599, CVE-2024-12797]

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=133
2025-02-12 07:58:33 +00:00 · 2025-02-12 07:58:33 +00:00 · 76e0808cc2
commit 76e0808cc2
parent ef668cd7fa
2 changed files with 1 additions and 4 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -3,7 +3,7 @@ Tue Feb 11 18:21:12 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>

 - Update to 3.2.4:
  * Fixed RFC7250 handshakes with unauthenticated servers don't abort as
-    expected. [CVE-2024-12797]
+    expected. [bsc#1236599, CVE-2024-12797]
  * Fixed timing side-channel in ECDSA signature computation. [CVE-2024-13176]
  * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
    curve parameters. [CVE-2024-9143]
--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -145,8 +145,6 @@ Patch64:        openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
 Patch65:        openssl-3-fix-sha3-squeeze-ppc64.patch
 Patch66:        openssl-3-fix-quic_multistream_test.patch

-BuildRequires:  pkgconfig
-
 # ulp-macros is available according to SUSE version.
 %ifarch x86_64
 %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
@ -159,7 +157,6 @@ BuildRequires:  gcc13
 BuildRequires:  ulp-macros
 %endif
 %endif
-
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}