Overview

File _patchinfo of Package patchinfo.4936

<patchinfo incident="4936">
  <issue id="1027688" tracker="bnc">FIPS: openssl: build openssl-cavs</issue>
  <issue id="1044175" tracker="bnc"> new openssl getrandom() usage causes hangs in openqa</issue>
  <issue id="1019637" tracker="bnc">FIPS: openssl: AES XTS key parts must not be identical (FIPS 140-2 IG A.9)</issue>
  <issue id="1029523" tracker="bnc">OpenSSL : Extended feature support for Zen</issue>
  <issue id="1028723" tracker="bnc">FIPS: openssl: implement run-time switching between generic code and s390x optimized code</issue>
  <issue id="902364" tracker="bnc">FIPS: openssl, CAVS tests for AES GCM validation tool</issue>
  <issue id="1028281" tracker="bnc">"SSL3 alert write:fatal:handshake failure" after upgrading to 12 SP2</issue>
  <issue id="1027079" tracker="bnc">FIPS: openssl: use getrandom system call for DRBG seeding</issue>
  <issue id="1044095" tracker="bnc">FIPS: openssl: implement AES KeyWrap tests</issue>
  <issue id="1044107" tracker="bnc">FIPS: openssl: RSA keygen test needs to zero-pad keys to the requested bit length</issue>
  <issue id="1027908" tracker="bnc">VUL-0: openssl: adjust DEFAULT_SUSE to meet 1.0.2 and current state</issue>
  <issue id="1042392" tracker="bnc">L3-Question: Self-built application (naemon) causes high system load after update to SP2</issue>
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for openssl fixes the following issues including fixes for our ongoing FIPS 140-2 evaluation:

- Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32
  problem (bsc#1027908)
- Use getrandom syscall instead of reading from /dev/urandom to get
  at least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079 bsc#1044175)
- Fix x86 extended feature detection (bsc#1029523)
- Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"
  environmental variable (bsc#1028723)
- s_client sent empty client certificate (bsc#1028281)
  Add back certificate initialization set_cert_key_stuff()
  which was removed in a previous update.
- Fix a bug in XTS key handling (bsc#1019637)
- Don't run FIPS power-up self-tests when the checksum files aren't
  installed (bsc#1042392)
</description>
  <summary>Recommended update for openssl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places