Overview
Request 1142584 accepted
- Encapsulate the fips provider into a new package called
libopenssl-3-fips-provider.
- Added openssl-3-use-include-directive.patch so that the default
/etc/ssl/openssl.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
the above patch and two symbolic links to above directories.
[bsc#1194187, bsc#1207472, bsc#1218933]
- Security fix: [bsc#1218810, CVE-2023-6237]
* Limit the execution time of RSA public key check
* Add openssl-CVE-2023-6237.patch
- Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch
to openssl-crypto-policies-support.patch
- Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch
- Load the FIPS provider and set FIPS properties implicitly.
* Add openssl-Force-FIPS.patch [bsc#1217934]
- Disable the fipsinstall command-line utility.
* Add openssl-disable-fipsinstall.patch
- Add instructions to load legacy provider in openssl.cnf.
* openssl-load-legacy-provider.patch
- Disable the default provider for the test suite.
* openssl-Disable-default-provider-for-test-suite.patch
- Created by pmonrealgonzalez
- In state accepted
- Supersedes 1141237
Request History
pmonrealgonzalez created request
- Encapsulate the fips provider into a new package called
libopenssl-3-fips-provider.
- Added openssl-3-use-include-directive.patch so that the default
/etc/ssl/openssl.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
the above patch and two symbolic links to above directories.
[bsc#1194187, bsc#1207472, bsc#1218933]
- Security fix: [bsc#1218810, CVE-2023-6237]
* Limit the execution time of RSA public key check
* Add openssl-CVE-2023-6237.patch
- Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch
to openssl-crypto-policies-support.patch
- Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch
- Load the FIPS provider and set FIPS properties implicitly.
* Add openssl-Force-FIPS.patch [bsc#1217934]
- Disable the fipsinstall command-line utility.
* Add openssl-disable-fipsinstall.patch
- Add instructions to load legacy provider in openssl.cnf.
* openssl-load-legacy-provider.patch
- Disable the default provider for the test suite.
* openssl-Disable-default-provider-for-test-suite.patch
anag+factory set openSUSE:Factory:Staging:O as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:O"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:O"
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
darix accepted review
Accepted review for by_group opensuse-review-team request 1142584 from user factory-auto
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:O got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:O got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:O got accepted.
