Comment # 1 on bug 1208393 from Jazz

(In reply to Otto Hollmann from comment #0)
> Indeed, just decoding the certificate fails:
> 
> > openssl x509 -noout -text -in ValidDSAParameterInheritanceTest5EE.crt
> The output includes
> 
> >        Subject Public Key Info:
> >            Public Key Algorithm: dsaEncryption
> >            Unable to load Public Key
> >40477373937F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../crypto/x509/x_pubkey.c:458:
> >40477373937F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../crypto/x509/x_pubkey.c:458:
> >        X509v3 extensions:
> 
> Upstream issues:
> https://github.com/openssl/openssl/issues/20233
> https://github.com/openssl/openssl/issues/20309
> 
> Also it causing build failure of qca:qt5 package and thus blocking release
> of OpenSSL 3.0.8 with 8 CVE fixes.

Hi Otto,

just checked both upstream bugs.

The first one (https://github.com/openssl/openssl/issues/20233) mentions that
there will be no change in upstream, as a change according to the RFC 3279
might cause CVE-2023-0217.

The second bug (https://github.com/openssl/openssl/issues/20309) was closed
without change.

Is there any chance that we could have openssl-3 3.0.8 available as it fixes
various CVE's? Uninstalling libopenssl3 is currently no workaround, as it will
remove hundreds of other packages.