Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openssl

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 681715 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 145) 
- Update to 1.1.1b release
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 541546 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 142) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 506205 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 139) 
- Revert back to 1.0.2l for now so we get new fixes of 1.0 openssl
  to tumbleweed

- Update to 1.1.0f release

- Switch default to openssl-1.1.0
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 492985 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 138) 
- Provide pkgconfig(openssl)

- Provide basic baselibs.conf for 32bit subpackages
- Specify this package as noarch (as we just provide README files)

- Fix typo in openssl requires
- Add dependency on the branched devel package
- Provide all pkgconfig symbols to hide them in versioned subpkgs
- This allows us to propagate only the preffered version of openssl
  while allowing us to add extra openssl only as additional dependency

- Remove the ssl provides as it is applicable for only those that
  really provide it

- Prepare to split to various subpackages converting main one to
  dummy package
- Reduce to only provide main pkg and devel and depend on proper
  soversioned package
- Version in this package needs to be synced with the one provided
  by the split package
- Remove all the patches, now in the proper versioned namespace:
  * merge_from_0.9.8k.patch
  * openssl-1.0.0-c_rehash-compat.diff
  * bug610223.patch
  * openssl-ocloexec.patch
  * openssl-1.0.2a-padlock64.patch
  * openssl-fix-pod-syntax.diff
  * openssl-truststore.patch
  * compression_methods_switch.patch
  * 0005-libssl-Hide-library-private-symbols.patch
Yuchen Lin's avatar Yuchen Lin (maxlin_factory) accepted request 485219 from Vítězslav Čížek's avatar Vítězslav Čížek (vitezslav_cizek) (revision 137) 
- Remove O3 from optflags, no need to not rely on distro wide settings
- Remove conditions for sle10 and sle11, we care only about sle12+
- USE SUSE instead of SuSE in readme
- Pass over with spec-cleaner (forwarded request 485192 from scarabeus_iv)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 454260 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 136) 
- fix X509_CERT_FILE path (bsc#1022271) and rename
  updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch (forwarded request 454258 from vitezslav_cizek)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 452919 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 135) 
- Updated to openssl 1.0.2k
  - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results
  - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
  - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read
  - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 433063 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 134) 
- resume reading from /dev/urandom when interrupted by a signal
  (bsc#995075)
  * add openssl-randfile_fread_interrupt.patch

- add FIPS changes from SP2:
- fix problems with locking in FIPS mode (bsc#992120)
  * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428
    and bsc#990207
  * bring back openssl-fipslocking.patch
- drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream)
  (bsc#984323)
- don't check for /etc/system-fips (bsc#982268)
  * add openssl-fips-dont_run_FIPS_module_installed.patch
- refresh openssl-fips-rsagen-d-bits.patch (forwarded request 431508 from vitezslav_cizek)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 430498 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 133) 
- update to openssl-1.0.2j
  * Missing CRL sanity check (CVE-2016-7052 bsc#1001148)

- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
  Severity: High
  * OCSP Status Request extension unbounded memory growth
    (CVE-2016-6304) (bsc#999666)
  Severity: Low
  * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
  * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
  * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
  * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
  * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
  * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
  * Birthday attack against 64-bit block ciphers (SWEET32)
    (CVE-2016-2183) (bsc#995359)
  * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
  * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
  * Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
- update to openssl-1.0.2i
  * remove patches:
    openssl-1.0.2a-new-fips-reqs.patch
    openssl-1.0.2e-fips.patch
  * add patches:
    openssl-1.0.2i-fips.patch
    openssl-1.0.2i-new-fips-reqs.patch

- fix crash in print_notice (bsc#998190)
  * add openssl-print_notice-NULL_crash.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 393456 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 132) 
- OpenSSL Security Advisory [3rd May 2016]
- update to 1.0.2h (boo#977584, boo#977663)
  * Prevent padding oracle in AES-NI CBC MAC check
     A MITM attacker can use a padding oracle attack to decrypt traffic
     when the connection uses an AES CBC cipher and the server support
     AES-NI.
     (CVE-2016-2107, boo#977616)
  * Fix EVP_EncodeUpdate overflow
     An overflow can occur in the EVP_EncodeUpdate() function which is used for
     Base64 encoding of binary data. If an attacker is able to supply very large
     amounts of input data then a length check can overflow resulting in a heap
     corruption.
     (CVE-2016-2105, boo#977614)
  * Fix EVP_EncryptUpdate overflow
     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
     is able to supply very large amounts of input data after a previous call to
     EVP_EncryptUpdate() with a partial block then a length check can overflow
     resulting in a heap corruption.
     (CVE-2016-2106, boo#977615)
  * Prevent ASN.1 BIO excessive memory allocation
     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
     a short invalid encoding can casuse allocation of large amounts of memory
     potentially consuming excessive resources or exhausting memory.
     (CVE-2016-2109, boo#976942)
  * EBCDIC overread
     ASN1 Strings that are over 1024 bytes can cause an overread in applications
     using the X509_NAME_oneline() function on EBCDIC systems. This could result
     in arbitrary stack data being returned in the buffer.
     (CVE-2016-2176, boo#978224)
  * Modify behavior of ALPN to invoke callback after SNI/servername (forwarded request 393446 from vitezslav_cizek)
Displaying revisions 21 - 40 of 171
openSUSE Build Service is sponsored by
Places