From 38921057deaa404d6bdb925a6592bed66bc2febf1276fdb1ebff15dbd3cbe4d7 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Thu, 13 Jan 2022 17:50:59 +0000 Subject: [PATCH] Accepting request 946113 from security:tls:unstable OBS-URL: https://build.opensuse.org/request/show/946113 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=31 --- openssl-3.0.0.tar.gz | 3 --- openssl-3.0.0.tar.gz.asc | 16 ---------------- openssl-3.0.1.tar.gz | 3 +++ openssl-3.0.1.tar.gz.asc | 11 +++++++++++ openssl-3.changes | 33 +++++++++++++++++++++++++++++++++ openssl-3.spec | 2 +- 6 files changed, 48 insertions(+), 20 deletions(-) delete mode 100644 openssl-3.0.0.tar.gz delete mode 100644 openssl-3.0.0.tar.gz.asc create mode 100644 openssl-3.0.1.tar.gz create mode 100644 openssl-3.0.1.tar.gz.asc diff --git a/openssl-3.0.0.tar.gz b/openssl-3.0.0.tar.gz deleted file mode 100644 index 98ed970..0000000 --- a/openssl-3.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:59eedfcb46c25214c9bd37ed6078297b4df01d012267fe9e9eee31f61bc70536 -size 14978663 diff --git a/openssl-3.0.0.tar.gz.asc b/openssl-3.0.0.tar.gz.asc deleted file mode 100644 index 567948e..0000000 --- a/openssl-3.0.0.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmE3US4ACgkQ1enkP335 -7ozFmhAApo+mmAqXAm9hLJ8eCxOHRzHeCPVZxw4YG/7HP/bfpu9fEOuS2FvfKDKR -rOLU6313TmUsMIyOuw3ddZLAL/niW9h2Vw159QVdqvngaEMrkZui115DRizCKpRa -PBHPPu3RRHOA2o4X/ipnKEo7pDjjzB11/HjG2lj812fLMja2SQpYyNC8D1lLMjm2 -7oD1B/GMahLp68bRrRTxY+Zbx+AOJnSxokyfxjLgwokcwwJU0oSlo97Q/W3Ug40q -iTMnOcJRcRv+dt2r4M5alEMUBoy8XvXp/YrjtOLWYArbh5NlMdWdWelB2QXizaUw -q338sXV+n53/xNC0Hj4bZItpgJ4H9rc4BECYW5x9azLB6rvpGoDAzii5Cu3Usjk+ -TOmhScE6YGvIDVk0dIfzy3iWn2QLPBk+OkgYqYT68NnBLROVKfqnHil3Zi5AKGar -UyclGkdhBrVlOvnkfi7NTKETqyxiyPEk+2MxPANBvO3zsPSfofiuARo+rr/FIdv1 -ywfhatm+XleXylhR6CC6U6FkXX8RaTZfhD9DbZRYzpxQwair6n4ZrI36yOKpFvXj -eknrkB6RDJcCaPC8pBCjw3iEsoQHPaLDYv7n6wJ3MEjye6XevNhzXpRQ4Dd2FC5+ -3WbHW+9zr6beDAhc+yxE0yd4F0W3fTdwBAwQuKfdpAtL87Ye5vQ= -=YzJz ------END PGP SIGNATURE----- diff --git a/openssl-3.0.1.tar.gz b/openssl-3.0.1.tar.gz new file mode 100644 index 0000000..7f01e76 --- /dev/null +++ b/openssl-3.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1 +size 15011207 diff --git a/openssl-3.0.1.tar.gz.asc b/openssl-3.0.1.tar.gz.asc new file mode 100644 index 0000000..5ca3080 --- /dev/null +++ b/openssl-3.0.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmG4w10ACgkQ2cTSbQ5g +RJFu/QgAqWC12aiVe7Ktr3Rhv9Ktee+7QwuGjDsB7LItm6oDX6abdRyfJZfRRVYL +vAPa+HhISfVDZe5uQ/ZjKubLwnpfBxAmIXHjY5o4qnTtp6jz0owfw8eSsYjjp7iD +3DfOI6ySVUWSLsG+rcEGrdh3iuYDqjnZ4/gyuY42xoHaYxhAbmz6tSIeB4eodXiU +1CGMe+UfiKjIQ3WSyCRYrVHCUFdqir2vVy36enHdJ6diR8PHtbUX9txpjW6BqK73 +CdNJn92yx3XSUQhT6C//1tyj18oNhO7MBqEc/lsi9qzF4mCLCO0e52BAntKvLEJ5 +hIFVk6e5DK2qkfDGE/p60bJF9LOouA== +=51AA +-----END PGP SIGNATURE----- diff --git a/openssl-3.changes b/openssl-3.changes index 2ccad3c..cf2a39b 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Thu Jan 13 10:49:26 UTC 2022 - Pedro Monreal + +- Update to 3.0.1 + * RNDR and RNDRRS support in provider functions to provide + random number generation for Arm CPUs (aarch64). + * s_client and s_server apps now explicitly say when the TLS + version does not include the renegotiation mechanism. This + avoids confusion between that scenario versus when the TLS + version includes secure renegotiation but the peer lacks + support for it. + * The default SSL/TLS security level has been changed from 1 to 2. + RSA, DSA and DH keys of 1024 bits and above and less than 2048 + bits and ECC keys of 160 bits and above and less than 224 bits + were previously accepted by default but are now no longer + allowed. By default TLS compression was already disabled in + previous OpenSSL versions. At security level 2 it cannot be + enabled. + * The SSL_CTX_set_cipher_list family functions now accept + ciphers using their IANA standard names. + * The PVK key derivation function has been moved from + b2i_PVK_bio_ex() into the legacy crypto provider as an + EVP_KDF. Applications requiring this KDF will need to load + the legacy crypto provider. + * The various OBJ_* functions have been made thread safe. + * CCM8 cipher suites in TLS have been downgraded to security + level zero because they use a short authentication tag which + lowers their strength. + * Subject or issuer names in X.509 objects are now displayed + as UTF-8 strings by default. + * Parallel dual-prime 1536/2048-bit modular exponentiation + for AVX512_IFMA capable processors. + ------------------------------------------------------------------- Tue Sep 7 14:58:35 UTC 2021 - Pedro Monreal diff --git a/openssl-3.spec b/openssl-3.spec index 073f661..fd6b59c 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-3 # Don't forget to update the version in the "openssl" package! -Version: 3.0.0 +Version: 3.0.1 Release: 0 Summary: Secure Sockets and Transport Layer Security License: Apache-2.0