Revisions of openssl
Stephan Kulow (coolo)
accepted
request 229715
from
Shawn Chang (shawn2012)
(revision 111)
- openssl-gcc-attributes.patch
* annotate memory allocation wrappers with attribute(alloc_size)
so the compiler can tell us if it knows they are being misused
* OPENSSL_showfatal is annotated with attribute printf to detect
format string problems.
- It is time to try to disable SSLv2 again, it was tried a while
ago but broke too many things, nowadays Debian, Ubuntu, the BSDs
all have disabled it, most components are already fixed.
I will fix the remaining fallout if any. (email me) (forwarded request 229674 from elvigia)
Stephan Kulow (coolo)
accepted
request 229370
from
Marcus Meissner (msmeissn)
(revision 110)
- update to 1.0.1g: * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299) * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945) * Workaround for the "TLS hang bug" (see FAQ and PR#2771) - remove CVE-2014-0076.patch - openssl.keyring: upstream changed to: pub 4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org> uid Dr Stephen Henson <shenson@drh-consultancy.co.uk> uid Dr Stephen Henson <shenson@opensslfoundation.com>
Stephan Kulow (coolo)
accepted
request 227508
from
Stephan Kulow (coolo)
(revision 109)
Fix bug[ bnc#869945] CVE-2014-0076: openssl: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack; Add file: CVE-2014-0076.patch (forwarded request 227417 from shawn2012)
Stephan Kulow (coolo)
accepted
request 224423
from
Marcus Meissner (msmeissn)
(revision 108)
additional changes required for FIPS validation( from Fedora repo); Add patch file: openssl-1.0.1e-new-fips-reqs.patch (forwarded request 224375 from shawn2012)
Stephan Kulow (coolo)
accepted
request 213629
from
Shawn Chang (shawn2012)
(revision 107)
Remove GCC option -O3 for compiliation issue of ARM version; Modify: openssl.spec (forwarded request 213627 from shawn2012)
Stephan Kulow (coolo)
accepted
request 213132
from
Shawn Chang (shawn2012)
(revision 106)
Fixed bnc#857850, openssl doesn't load engine; Modify file: openssl.spec (forwarded request 213131 from shawn2012)
Tomáš Chvátal (scarabeus_factory)
accepted
request 212714
from
Dirk Mueller (dirkmueller)
(revision 105)
Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss; Add file: CVE-2013-6450.patch (forwarded request 212653 from shawn2012)
Stephan Kulow (coolo)
accepted
request 212087
from
Dr. Werner Fink (WernerFink)
(revision 104)
Fixed bnc#856687, openssl: crash when using TLS 1.2; Add file: CVE-2013-6449.patch (forwarded request 212077 from shawn2012)
Stephan Kulow (coolo)
accepted
request 211421
from
Marcus Meissner (msmeissn)
(revision 103)
- compression_methods_switch.patch: setenv might not be successful if a surrounding library or application filters it, like e.g. sudo. As setenv() does not seem to be useful anyway, remove it. bnc#849377 (forwarded request 211400 from msmeissn)
Stephan Kulow (coolo)
accepted
request 210985
from
Shawn Chang (shawn2012)
(revision 102)
Adjust the installation path; Modify files: README-FIPS.txt openssl.spec (forwarded request 210984 from shawn2012)
Stephan Kulow (coolo)
committed
(revision 101)
osc copypac from project:openSUSE:Factory package:openssl revision:99
Stephan Kulow (coolo)
accepted
request 208487
from
Marcus Meissner (msmeissn)
(revision 100)
Patches for OpenSSL FIPS-140-2/3 certification; Add patch files: openssl-1.0.1e-fips.patch, openssl-1.0.1e-fips-ec.patch,openssl-1.0.1e-fips-ctor.patch (forwarded request 208378 from shawn2012)
Tomáš Chvátal (scarabeus_factory)
accepted
request 204475
from
Shawn Chang (shawn2012)
(revision 99)
(forwarded request 204370 from elvigia)
Tomáš Chvátal (scarabeus_factory)
accepted
request 203428
from
Cristian Rodríguez (elvigia)
(revision 98)
- openssl-1.0.1c-ipv6-apps.patch: Support ipv6 in the openssl s_client / s_server commandline app. (forwarded request 203361 from msmeissn)
Stephan Kulow (coolo)
accepted
request 201094
from
Marcus Meissner (msmeissn)
(revision 97)
- VPN openconnect problem (DTLS handshake failed) (git 9fe4603b8, bnc#822642, openssl ticket#2984) (forwarded request 201079 from dmacvicar)
Stephan Kulow (coolo)
accepted
request 197451
from
Dr. Werner Fink (WernerFink)
(revision 95)
Fix armv6l arch (armv7 was previously used to build armv6 which lead to illegal instruction when used) (forwarded request 197443 from Guillaume_G)
Tomáš Chvátal (scarabeus_factory)
accepted
request 186710
from
Tomáš Chvátal (scarabeus_factory)
(revision 94)
Fix bug[ bnc#832833] openssl ssl_set_cert_masks() is broken; Add patch file: SSL_get_certificate-broken.patch (forwarded request 186693 from shawn2012)
Stephan Kulow (coolo)
accepted
request 185827
from
Dr. Werner Fink (WernerFink)
(revision 93)
- 0005-libssl-Hide-library-private-symbols.patch: hide private symbols, this *only* applies to libssl where it is straightforward to do so as applications should not be using any of the symbols declared/defined in headers that the library does not install. A separate patch MAY be provided in the future for libcrypto where things are much more complicated and threfore requires careful testing. (forwarded request 185819 from elvigia)
Stephan Kulow (coolo)
accepted
request 184582
from
Marcus Meissner (msmeissn)
(revision 92)
- compression_methods_switch.patch: Disable compression by default to
avoid the CRIME attack (CVE-2012-4929 bnc#793420)
Can be override by setting environment variable
OPENSSL_NO_DEFAULT_ZLIB=no
Displaying revisions 61 - 80 of 171
