From b062a1d507729ae9e8d2d6a73417aaa3d2b0cdfbbde0b0177d16c703fc32ba4c Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Thu, 2 Jan 2025 18:17:13 +0000 Subject: [PATCH] - Add support for userspace livepatching on ppc64le (jsc#PED-11850). - Fix evp_properties section in the openssl.cnf file [bsc#1234647] * Rebase patches: - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch - openssl-TESTS-Disable-default-provider-crypto-policies.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=128 --- openssl-3.changes | 10 +++++++++- openssl-3.spec | 2 +- ...port-for-PROFILE-SYSTEM-system-default-cipher.patch | 3 ++- ...ESTS-Disable-default-provider-crypto-policies.patch | 6 ++++-- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/openssl-3.changes b/openssl-3.changes index b64dd85..4267466 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,9 +1,17 @@ ------------------------------------------------------------------- Mon Dec 23 20:14:08 UTC 2024 - Giuliano Belinassi -- Add support for userspace livepatching on ppc64le (jsc#PED-10952). +- Add support for userspace livepatching on ppc64le (jsc#PED-11850). - Use gcc-13 for ppc64le. +------------------------------------------------------------------- +Tue Dec 17 12:42:19 UTC 2024 - Pedro Monreal + +- Fix evp_properties section in the openssl.cnf file [bsc#1234647] + * Rebase patches: + - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch + - openssl-TESTS-Disable-default-provider-crypto-policies.patch + ------------------------------------------------------------------- Tue Nov 12 15:46:20 UTC 2024 - Pedro Monreal diff --git a/openssl-3.spec b/openssl-3.spec index 06653ca..054b34c 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -1,7 +1,7 @@ # # spec file for package openssl-3 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index ae72609..ab6ed6d 100644 --- a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -322,12 +322,13 @@ Index: openssl-3.2.3/apps/openssl.cnf =================================================================== --- openssl-3.2.3.orig/apps/openssl.cnf +++ openssl-3.2.3/apps/openssl.cnf -@@ -52,6 +52,11 @@ tsa_policy3 = 1.2.3.4.5.7 +@@ -52,6 +52,12 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect +# Load default TLS policy configuration +ssl_conf = ssl_module ++alg_section = evp_properties + +[ evp_properties ] +# This section is intentionally added empty here to be tuned on particular systems diff --git a/openssl-TESTS-Disable-default-provider-crypto-policies.patch b/openssl-TESTS-Disable-default-provider-crypto-policies.patch index de884ed..6a011f0 100644 --- a/openssl-TESTS-Disable-default-provider-crypto-policies.patch +++ b/openssl-TESTS-Disable-default-provider-crypto-policies.patch @@ -2,16 +2,18 @@ Index: openssl-3.2.3/apps/openssl.cnf =================================================================== --- openssl-3.2.3.orig/apps/openssl.cnf +++ openssl-3.2.3/apps/openssl.cnf -@@ -45,7 +45,7 @@ tsa_policy3 = 1.2.3.4.5.7 +@@ -45,8 +45,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect # Load default TLS policy configuration -ssl_conf = ssl_module +-alg_section = evp_properties +##ssl_conf = ssl_module ++##alg_section = evp_properties [ evp_properties ] # This section is intentionally added empty here to be tuned on particular systems -@@ -60,20 +60,20 @@ ssl_conf = ssl_module +@@ -61,20 +61,20 @@ alg_section = evp_properties # to side-channel attacks and as such have been deprecated. [provider_sect]