Accepting request 946113 from security:tls:unstable

OBS-URL: https://build.opensuse.org/request/show/946113
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=31

openssl-3.0.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59eedfcb46c25214c9bd37ed6078297b4df01d012267fe9e9eee31f61bc70536
-size 14978663

openssl-3.0.0.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmE3US4ACgkQ1enkP335
-7ozFmhAApo+mmAqXAm9hLJ8eCxOHRzHeCPVZxw4YG/7HP/bfpu9fEOuS2FvfKDKR
-rOLU6313TmUsMIyOuw3ddZLAL/niW9h2Vw159QVdqvngaEMrkZui115DRizCKpRa
-PBHPPu3RRHOA2o4X/ipnKEo7pDjjzB11/HjG2lj812fLMja2SQpYyNC8D1lLMjm2
-7oD1B/GMahLp68bRrRTxY+Zbx+AOJnSxokyfxjLgwokcwwJU0oSlo97Q/W3Ug40q
-iTMnOcJRcRv+dt2r4M5alEMUBoy8XvXp/YrjtOLWYArbh5NlMdWdWelB2QXizaUw
-q338sXV+n53/xNC0Hj4bZItpgJ4H9rc4BECYW5x9azLB6rvpGoDAzii5Cu3Usjk+
-TOmhScE6YGvIDVk0dIfzy3iWn2QLPBk+OkgYqYT68NnBLROVKfqnHil3Zi5AKGar
-UyclGkdhBrVlOvnkfi7NTKETqyxiyPEk+2MxPANBvO3zsPSfofiuARo+rr/FIdv1
-ywfhatm+XleXylhR6CC6U6FkXX8RaTZfhD9DbZRYzpxQwair6n4ZrI36yOKpFvXj
-eknrkB6RDJcCaPC8pBCjw3iEsoQHPaLDYv7n6wJ3MEjye6XevNhzXpRQ4Dd2FC5+
-3WbHW+9zr6beDAhc+yxE0yd4F0W3fTdwBAwQuKfdpAtL87Ye5vQ=
-=YzJz
------END PGP SIGNATURE-----

openssl-3.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1
+size 15011207

openssl-3.0.1.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmG4w10ACgkQ2cTSbQ5g
+RJFu/QgAqWC12aiVe7Ktr3Rhv9Ktee+7QwuGjDsB7LItm6oDX6abdRyfJZfRRVYL
+vAPa+HhISfVDZe5uQ/ZjKubLwnpfBxAmIXHjY5o4qnTtp6jz0owfw8eSsYjjp7iD
+3DfOI6ySVUWSLsG+rcEGrdh3iuYDqjnZ4/gyuY42xoHaYxhAbmz6tSIeB4eodXiU
+1CGMe+UfiKjIQ3WSyCRYrVHCUFdqir2vVy36enHdJ6diR8PHtbUX9txpjW6BqK73
+CdNJn92yx3XSUQhT6C//1tyj18oNhO7MBqEc/lsi9qzF4mCLCO0e52BAntKvLEJ5
+hIFVk6e5DK2qkfDGE/p60bJF9LOouA==
+=51AA
+-----END PGP SIGNATURE-----

openssl-3.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Thu Jan 13 10:49:26 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.1
+  * RNDR and RNDRRS support in provider functions to provide
+    random number generation for Arm CPUs (aarch64).
+  * s_client and s_server apps now explicitly say when the TLS
+    version does not include the renegotiation mechanism. This
+    avoids confusion between that scenario versus when the TLS
+    version includes secure renegotiation but the peer lacks
+    support for it.
+  * The default SSL/TLS security level has been changed from 1 to 2.
+    RSA, DSA and DH keys of 1024 bits and above and less than 2048
+    bits and ECC keys of 160 bits and above and less than 224 bits
+    were previously accepted by default but are now no longer
+    allowed. By default TLS compression was already disabled in
+    previous OpenSSL versions. At security level 2 it cannot be
+    enabled.
+  * The SSL_CTX_set_cipher_list family functions now accept
+    ciphers using their IANA standard names.
+  * The PVK key derivation function has been moved from
+    b2i_PVK_bio_ex() into the legacy crypto provider as an
+    EVP_KDF. Applications requiring this KDF will need to load
+    the legacy crypto provider.
+  * The various OBJ_* functions have been made thread safe.
+  * CCM8 cipher suites in TLS have been downgraded to security
+    level zero because they use a short authentication tag which
+    lowers their strength.
+  * Subject or issuer names in X.509 objects are now displayed
+    as UTF-8 strings by default.
+  * Parallel dual-prime 1536/2048-bit modular exponentiation
+    for AVX512_IFMA capable processors.
+
 -------------------------------------------------------------------
 Tue Sep  7 14:58:35 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 

openssl-3.spec

@@ -21,7 +21,7 @@
 %define _rname  openssl
 Name:           openssl-3
 # Don't forget to update the version in the "openssl" package!
-Version:        3.0.0
+Version:        3.0.1
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        Apache-2.0