Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
56 lines
2.2 KiB
Diff
56 lines
2.2 KiB
Diff
From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001
|
|
From: rpm-build <rpm-build>
|
|
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
|
Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch
|
|
|
|
Patch-name: 0013-skipped-tests-EC-curves.patch
|
|
Patch-id: 13
|
|
Patch-status: |
|
|
# Skipped tests from former 0011-Remove-EC-curves.patch
|
|
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
|
---
|
|
test/recipes/15-test_ec.t | 2 +-
|
|
test/recipes/65-test_cmp_protect.t | 2 +-
|
|
test/recipes/65-test_cmp_vfy.t | 2 +-
|
|
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
Index: openssl-3.2.3/test/recipes/15-test_ec.t
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/test/recipes/15-test_ec.t
|
|
+++ openssl-3.2.3/test/recipes/15-test_ec.t
|
|
@@ -94,7 +94,7 @@ SKIP: {
|
|
|
|
subtest 'Check loading of fips and non-fips keys' => sub {
|
|
plan skip_all => "FIPS is disabled"
|
|
- if $no_fips;
|
|
+ if 1; #SUSE specific, original value is $no_fips;
|
|
|
|
plan tests => 2;
|
|
|
|
Index: openssl-3.2.3/test/recipes/65-test_cmp_protect.t
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/test/recipes/65-test_cmp_protect.t
|
|
+++ openssl-3.2.3/test/recipes/65-test_cmp_protect.t
|
|
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo
|
|
plan skip_all => "This test is not supported in a shared library build on Windows"
|
|
if $^O eq 'MSWin32' && !disabled("shared");
|
|
|
|
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
|
|
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
|
|
|
|
my @basic_cmd = ("cmp_protect_test",
|
|
data_file("prot_RSA.pem"),
|
|
Index: openssl-3.2.3/test/recipes/65-test_cmp_vfy.t
|
|
===================================================================
|
|
--- openssl-3.2.3.orig/test/recipes/65-test_cmp_vfy.t
|
|
+++ openssl-3.2.3/test/recipes/65-test_cmp_vfy.t
|
|
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo
|
|
plan skip_all => "This test is not supported in a no-ec build"
|
|
if disabled("ec");
|
|
|
|
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
|
|
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
|
|
|
|
my @basic_cmd = ("cmp_vfy_test",
|
|
data_file("server.crt"), data_file("client.crt"),
|