pool/openssl-3
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 962004 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/962004
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=2
This commit is contained in:
Dominique Leuenberger 2022-03-16 19:20:36 +00:00 committed by Git OBS Bridge
commit 7eec039543
8 changed files with 67 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openssl-3.0.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1
size 15011207

11
openssl-3.0.1.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmG4w10ACgkQ2cTSbQ5g
RJFu/QgAqWC12aiVe7Ktr3Rhv9Ktee+7QwuGjDsB7LItm6oDX6abdRyfJZfRRVYL
vAPa+HhISfVDZe5uQ/ZjKubLwnpfBxAmIXHjY5o4qnTtp6jz0owfw8eSsYjjp7iD
3DfOI6ySVUWSLsG+rcEGrdh3iuYDqjnZ4/gyuY42xoHaYxhAbmz6tSIeB4eodXiU
1CGMe+UfiKjIQ3WSyCRYrVHCUFdqir2vVy36enHdJ6diR8PHtbUX9txpjW6BqK73
CdNJn92yx3XSUQhT6C//1tyj18oNhO7MBqEc/lsi9qzF4mCLCO0e52BAntKvLEJ5
hIFVk6e5DK2qkfDGE/p60bJF9LOouA==
=51AA
-----END PGP SIGNATURE-----

3
openssl-3.0.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63
size 15038141

11
openssl-3.0.2.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmIwowMACgkQ2cTSbQ5g
RJFDvAf/RVYnplRE1x9i/ejoJeTAO7YhibCRpnp+UzkpgMrDL1y9Rpw3ZJCYh9Fq
HEotKmbuZvNGPgYUxSov00xnhKcpzTHKiZQA767rZpNL4F+g3SpOh06IB6tJzn1k
dx9oqAmWgIeWLY4kRHXrqqFa95Zu9LNxJ04NuqaaWxeK0/fYl534sYW5DU6uug9u
4NcBamvnPv1+4A3Ow6jdN96tb7O3HuJ14RvGPzgUx1FPv/zU6NE2fgTnVcBzaYIP
5rfB1EQa3+1NTtej+uUQb0i0NxFpgggFMF+qCc5Yrl9i3o8Q+wnbaVw4bNURk9En
gNgfw0J0TG14PgtkF/Q6he++BQoNYQ==
=pMVy
-----END PGP SIGNATURE-----

29
openssl-3.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Tue Mar 15 17:41:47 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.0.2: [bsc#1196877, CVE-2022-0778]
* Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
in BN_mod_sqrt() reachable when parsing certificates.
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
* Made the AES constant time code for no-asm configurations
optional due to the resulting 95% performance degradation.
The AES constant time code can be enabled, for no assembly
builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
* Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to
use empty passphrase strings.
* The negative return value handling of the certificate
verification callback was reverted. The replacement is to set
the verification retry state with the SSL_set_retry_verify()
function.
* Rebase openssl-use-versioned-config.patch
-------------------------------------------------------------------
Tue Feb 22 18:46:13 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Keep CA_default and tsa_config1 default paths in openssl3.cnf
- Rebase patches:
* openssl-Override-default-paths-for-the-CA-directory-tree.patch
* openssl-use-versioned-config.patch
-------------------------------------------------------------------
Tue Feb 1 13:55:24 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

5
openssl-3.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package openssl-3
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-3
# Don't forget to update the version in the "openssl" package!
Version: 3.0.1
Version: 3.0.2
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0
@ -52,7 +52,6 @@ BuildRequires: pkgconfig
# Add requires for ct_log_list.cnf{,.dist}
Requires: openssl
%description
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or

18
openssl-Override-default-paths-for-the-CA-directory-tree.patch
View File

@ -40,21 +40,3 @@ Index: openssl-3.0.1/apps/openssl.cnf
####################################################################
[ ca ]
@@ -79,7 +88,7 @@ default_ca = CA_default # The default c
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -309,7 +318,7 @@ default_tsa = tsa_config1 # the default
[ tsa_config1 ]
# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/pki/CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate

59
openssl-use-versioned-config.patch
View File

@ -6,10 +6,10 @@ Subject: [PATCH] Updates the conf file to openssl11.cnf Resolves:
Refactored for SUSE by Simon Lees sflees@suse.de
Index: openssl-3.0.1/include/internal/cryptlib.h
Index: openssl-3.0.2/include/internal/cryptlib.h
===================================================================
--- openssl-3.0.1.orig/include/internal/cryptlib.h
+++ openssl-3.0.1/include/internal/cryptlib.h
--- openssl-3.0.2.orig/include/internal/cryptlib.h
+++ openssl-3.0.2/include/internal/cryptlib.h
@@ -61,7 +61,7 @@ DEFINE_STACK_OF(EX_CALLBACK)
typedef struct mem_st MEM;
DEFINE_LHASH_OF(MEM);
@ -19,19 +19,10 @@ Index: openssl-3.0.1/include/internal/cryptlib.h
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR
Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl
Index: openssl-3.0.2/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-3.0.1.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.0.1/Configurations/unix-Makefile.tmpl
@@ -129,7 +129,7 @@ GENERATED_PODS={- # common0.tmpl provide
fill_lines(" ", $COLUMNS - 15,
map { my $x = $_;
(
- grep {
+ grep {
$unified_info{attributes}->{depends}
->{$x}->{$_}->{pod} // 0
}
--- openssl-3.0.2.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.0.2/Configurations/unix-Makefile.tmpl
@@ -675,14 +675,14 @@ install_ssldirs:
: {- output_on() if windowsdll(); "" -}; \
fi; \
@ -71,21 +62,21 @@ Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl.cnf
+link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl3.cnf
$(BLDDIR)/util/opensslwrap.sh: configdata.pm
$(BLDDIR)/util/opensslwrap.sh: Makefile
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
@@ -1382,7 +1382,7 @@ $(BLDDIR)/util/opensslwrap.sh: configdat
@@ -1382,7 +1382,7 @@ $(BLDDIR)/util/opensslwrap.sh: Makefile
ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \
fi
-$(BLDDIR)/apps/openssl.cnf: configdata.pm
+$(BLDDIR)/apps/openssl3.cnf: configdata.pm
-$(BLDDIR)/apps/openssl.cnf: Makefile
+$(BLDDIR)/apps/openssl3.cnf: Makefile
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
mkdir -p "$(BLDDIR)/apps"; \
ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \
Index: openssl-3.0.1/Configure
Index: openssl-3.0.2/Configure
===================================================================
--- openssl-3.0.1.orig/Configure
+++ openssl-3.0.1/Configure
--- openssl-3.0.2.orig/Configure
+++ openssl-3.0.2/Configure
@@ -56,7 +56,7 @@ EOF
# directories bin, lib, include, share/man, share/doc/openssl
# This becomes the value of INSTALLTOP in Makefile
@ -95,10 +86,10 @@ Index: openssl-3.0.1/Configure
# If it's a relative directory, it will be added on the directory
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
Index: openssl-3.0.1/doc/HOWTO/certificates.txt
Index: openssl-3.0.2/doc/HOWTO/certificates.txt
===================================================================
--- openssl-3.0.1.orig/doc/HOWTO/certificates.txt
+++ openssl-3.0.1/doc/HOWTO/certificates.txt
--- openssl-3.0.2.orig/doc/HOWTO/certificates.txt
+++ openssl-3.0.2/doc/HOWTO/certificates.txt
@@ -16,7 +16,7 @@ Certificate authorities should read http
In all the cases shown below, the standard configuration file, as
compiled into openssl, will be used. You may find it in /etc/,
@ -108,10 +99,10 @@ Index: openssl-3.0.1/doc/HOWTO/certificates.txt
You can specify a different configuration file using the
'-config {file}' argument with the commands shown below.
Index: openssl-3.0.1/doc/man3/OPENSSL_config.pod
Index: openssl-3.0.2/doc/man3/OPENSSL_config.pod
===================================================================
--- openssl-3.0.1.orig/doc/man3/OPENSSL_config.pod
+++ openssl-3.0.1/doc/man3/OPENSSL_config.pod
--- openssl-3.0.2.orig/doc/man3/OPENSSL_config.pod
+++ openssl-3.0.2/doc/man3/OPENSSL_config.pod
@@ -17,7 +17,7 @@ see L<openssl_user_macros(7)>:
=head1 DESCRIPTION
@ -121,16 +112,10 @@ Index: openssl-3.0.1/doc/man3/OPENSSL_config.pod
reads from the application section B<appname>. If B<appname> is NULL then
the default section, B<openssl_conf>, will be used.
Errors are silently ignored.
Index: openssl-3.0.1/INSTALL.md
Index: openssl-3.0.2/INSTALL.md
===================================================================
--- openssl-3.0.1.orig/INSTALL.md
+++ openssl-3.0.1/INSTALL.md
@@ -1,4 +1,4 @@
-Build and Install
+fBuild and Install
=================
This document describes installation on all supported operating
--- openssl-3.0.2.orig/INSTALL.md
+++ openssl-3.0.2/INSTALL.md
@@ -567,7 +567,7 @@ is an objective.
### no-autoload-config