Overview
Request 231108 accepted
- Build everything with full RELRO (-Wl,-z,relro,-z,now)
- Remove -fstack-protector from the hardcoded build options
it is already in RPM_OPT_FLAGS and is replaced by
-fstack-protector-strong with gcc 4.9
- Remove the "gmp" and "capi" shared engines, nobody noticed
but they are just dummies that do nothing.
- Use enable-rfc3779 to allow projects such as rpki.net
to work in openSUSE and match the functionality
available in Debian/Fedora/etc
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
CVE-2010-5298 and disable the internal BUF_FREELISTS
functionality. it hides bugs like heartbleed and is
there only for systems on which malloc() free() are slow.
- ensure we export MALLOC_CHECK and PERTURB during the test
suite, now that the freelist functionality is disabled it
will help to catch bugs before they hit users.
- openssl-libssl-noweakciphers.patch do not offer "export"
or "low" quality ciphers by default. using such ciphers
is not forbidden but requires an explicit request
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
not return memory of "num * old_num" but only "num" size
fortunately this function is currently unused. (forwarded request 230868 from elvigia)
Request History
shawn2012 created request
- Build everything with full RELRO (-Wl,-z,relro,-z,now)
- Remove -fstack-protector from the hardcoded build options
it is already in RPM_OPT_FLAGS and is replaced by
-fstack-protector-strong with gcc 4.9
- Remove the "gmp" and "capi" shared engines, nobody noticed
but they are just dummies that do nothing.
- Use enable-rfc3779 to allow projects such as rpki.net
to work in openSUSE and match the functionality
available in Debian/Fedora/etc
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
CVE-2010-5298 and disable the internal BUF_FREELISTS
functionality. it hides bugs like heartbleed and is
there only for systems on which malloc() free() are slow.
- ensure we export MALLOC_CHECK and PERTURB during the test
suite, now that the freelist functionality is disabled it
will help to catch bugs before they hit users.
- openssl-libssl-noweakciphers.patch do not offer "export"
or "low" quality ciphers by default. using such ciphers
is not forbidden but requires an explicit request
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
not return memory of "num * old_num" but only "num" size
fortunately this function is currently unused. (forwarded request 230868 from elvigia)
factory-auto accepted review
Check script succeeded
factory-auto added a reviewer
Please review sources
factory-auto added a reviewer
Please review build success
factory-auto added a reviewer
Pick Staging Project
licensedigger accepted review
{"approve": "license and version number unchanged: 1.0.1g"}
factory-repo-checker accepted review
Builds for repo openSUSE_Factory
tittiatcoke accepted review
Ok
coolo added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:D"
coolo accepted review
Picked openSUSE:Factory:Staging:D
coolo approved review
ready to accept
coolo accepted review
ready to accept
coolo accepted request
Accept to factory
