File not found: openssl-3-fix-s390x_sha3_absorb.patch
Overview

File openssl.changes of Package openssl

-------------------------------------------------------------------
Tue Jun 24 07:10:58 UTC 2025 - Martin Stibor <martin.von.reichenberg@proton.me>

- Initial upload of Open SSL into Open Build Service (OBS) supporting
  various RPM-based Linux distributions
- Update to the latest upstream stable version - 3.5.0
 * Changed default encryption cipher for req, cms,
   and smime applications from des-ede3-cbc to aes-256-cbc
 * Updated default TLS supported groups list to include
   and prefer hybrid PQC KEM groups, removed some unused groups
 * Changed default TLS keyshares to offer X25519MLKEM768 and X25519
 * Deprecated all BIO_meth_get_*() functions
 * Added configuration option no-tls-deprecated-ec
   to disable support for TLS groups deprecated in RFC8422
 * Added configuration option enable-fips-jitter
   to use JITTER seed source in FIPS provider
   (non-compliant unless validated)

- Update to a later upstream stabl version - 3.3.3
 * Fixed RFC7250 handshakes with unauthenticated servers
   not aborting as expected
 * Fixed timing side-channel in ECDSA signature computation
 * Fixed possible out-of-bounds memory access
   with invalid GF(2^m) elliptic curve parameters

- Update to a later upstream stable version - 3.2.4
 * Fixed RFC7250 handshakes with unauthenticated servers
   not aborting as expected
 * Fixed timing side-channel in ECDSA signature computation

- Update to a later upstream stable version - 3.0.0
 * Fixed incorrect handling of OCSP response verification
   with -no_cert_checks option
 * Fixed RC4-MD5 ciphersuite using AAD data as MAC key,
   allowing predictable MAC in man-in-the-middle attacks
 * Fixed segmentation fault in SSL_check_chain()
   during TLS 1.3 handshake with invalid signature algorithms
 * Revised BN_generate_prime_ex to avoid fingerprinting
   2-prime vs 3-prime RSA keys by computing N mod

- Update to a later upstream stable version - 3.0.x (selected changes)
 * Added feature to retrieve configured TLS signature algorithms
   via openssl list command
 * Deprecated TS_VERIFY_CTX_set_* functions, added TS_VERIFY_CTX_set0_*
   replacements with improved semantics
 * Redesigned Windows OPENSSLDIR/ENGINESDIR/MODULESDIR to use
   registry keys for runtime configuration
 * Added -not_before and -not_after options for setting certificate
   start and end dates in req, x509, and ca commands
 * Changed default hash function for HMAC in openssl speed
   from md5 to sha256
 * Added SSL_OP_PREFER_NO_DHE_KEX option for TLS1.3 servers
   to prefer PSK-only key exchange
 * Added SSL_write_ex2 API for optimized end-of-stream handling
   with QUIC
openSUSE Build Service is sponsored by
Places