openSUSE Build Service

Ana Guerrero (anag+factory) accepted request 1151504 from

Martin Pluskal (pluskalm) 2 months ago (revision 43)

Ana Guerrero (anag+factory) accepted request 1144563 from

Otto Hollmann (ohollmann) 3 months ago (revision 42)

Ana Guerrero (anag+factory) accepted request 1126788 from

Otto Hollmann (ohollmann) 5 months ago (revision 41)

- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch

Dominique Leuenberger (dimstar_suse) accepted request 1102939 from

Otto Hollmann (ohollmann) 9 months ago (revision 40)

- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_0-CVE-2023-3817.patch

Dominique Leuenberger (dimstar_suse) accepted request 1099702 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 9 months ago (revision 39)

Dominique Leuenberger (dimstar_suse) accepted request 1095763 from

Dominique Leuenberger (dimstar_suse) 10 months ago (revision 38)

Reintroduce change, sync with openssl 3.0

Dominique Leuenberger (dimstar_suse) committed 10 months ago (revision 37)

Revert; change needs to be synced with openssl 3.0 update

Dominique Leuenberger (dimstar_suse) accepted request 1095610 from

Otto Hollmann (ohollmann) 10 months ago (revision 36)

- Improve cross-package provides/conflicts [boo#1210313]
  * Remove Conflicts: ssl
  * Add Conflicts: openssl(cli)

- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Reworked openssl-CVE-2022-4304.patch
  * Refreshed patches:
    - openssl-CVE-2023-0286.patch
    - openssl-CVE-2023-0464.patch
    - openssl-CVE-2023-0465.patch

Dominique Leuenberger (dimstar_suse) accepted request 1090920 from

Pedro Monreal Gonzalez (pmonrealgonzalez) 11 months ago (revision 35)

Dominique Leuenberger (dimstar_suse) accepted request 1089985 from

Otto Hollmann (ohollmann) 11 months ago (revision 34)

- Security Fix: [CVE-2023-2650, bsc#1211430]
  * Possible DoS translating ASN.1 object identifiers
  * Add openssl-CVE-2023-2650.patch

Dominique Leuenberger (dimstar_suse) accepted request 1077222 from

Otto Hollmann (ohollmann) about 1 year ago (revision 33)

- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch

Dominique Leuenberger (dimstar_suse) accepted request 1074723 from

Otto Hollmann (ohollmann) about 1 year ago (revision 32)

- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch

- Pass over with spec-cleaner

Dominique Leuenberger (dimstar_suse) accepted request 1066748 from

Otto Hollmann (ohollmann) about 1 year ago (revision 31)

Dominique Leuenberger (dimstar_suse) accepted request 1063738 from

Martin Pluskal (pluskalm) about 1 year ago (revision 30)

Dominique Leuenberger (dimstar_suse) accepted request 1046230 from

Otto Hollmann (ohollmann) over 1 year ago (revision 29)

- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch

Richard Brown (RBrownFactory) accepted request 1007225 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 1 year ago (revision 28)

Dominique Leuenberger (dimstar_suse) accepted request 987303 from

Jason Sikes (jsikes) almost 2 years ago (revision 27)

Dominique Leuenberger (dimstar_suse) accepted request 977471 from

Marcus Meissner (msmeissn) almost 2 years ago (revision 26)

Dominique Leuenberger (dimstar_suse) accepted request 971746 from

Jason Sikes (jsikes) about 2 years ago (revision 25)

Dominique Leuenberger (dimstar_suse) accepted request 917073 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 2 years ago (revision 24)

Places

Revisions of openssl-1_0_0

Places