Revisions of openssl
Dominique Leuenberger (dimstar_suse)
accepted
request 836221
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 151)
Dominique Leuenberger (dimstar_suse)
accepted
request 796089
from
Martin Pluskal (pluskalm)
(revision 150)
Dominique Leuenberger (dimstar_suse)
accepted
request 790185
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 149)
Dominique Leuenberger (dimstar_suse)
accepted
request 753239
from
Tomáš Chvátal (scarabeus_iv)
(revision 148)
Dominique Leuenberger (dimstar_suse)
accepted
request 730207
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 147)
Dominique Leuenberger (dimstar_suse)
accepted
request 706515
from
Tomáš Chvátal (scarabeus_iv)
(revision 146)
Dominique Leuenberger (dimstar_suse)
accepted
request 681715
from
Stephan Kulow (coolo)
(revision 145)
- Update to 1.1.1b release
Dominique Leuenberger (dimstar_suse)
accepted
request 591688
from
Tomáš Chvátal (scarabeus_iv)
(revision 144)
Dominique Leuenberger (dimstar_suse)
accepted
request 578326
from
Vítězslav Čížek (vitezslav_cizek)
(revision 143)
Dominique Leuenberger (dimstar_suse)
accepted
request 541546
from
Factory Maintainer (factory-maintainer)
(revision 142)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 538750
from
Tomáš Chvátal (scarabeus_iv)
(revision 141)
Dominique Leuenberger (dimstar_suse)
accepted
request 509431
from
Tomáš Chvátal (scarabeus_iv)
(revision 140)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 506205
from
Tomáš Chvátal (scarabeus_iv)
(revision 139)
- Revert back to 1.0.2l for now so we get new fixes of 1.0 openssl to tumbleweed - Update to 1.1.0f release - Switch default to openssl-1.1.0
Dominique Leuenberger (dimstar_suse)
accepted
request 492985
from
Tomáš Chvátal (scarabeus_iv)
(revision 138)
- Provide pkgconfig(openssl) - Provide basic baselibs.conf for 32bit subpackages - Specify this package as noarch (as we just provide README files) - Fix typo in openssl requires - Add dependency on the branched devel package - Provide all pkgconfig symbols to hide them in versioned subpkgs - This allows us to propagate only the preffered version of openssl while allowing us to add extra openssl only as additional dependency - Remove the ssl provides as it is applicable for only those that really provide it - Prepare to split to various subpackages converting main one to dummy package - Reduce to only provide main pkg and devel and depend on proper soversioned package - Version in this package needs to be synced with the one provided by the split package - Remove all the patches, now in the proper versioned namespace: * merge_from_0.9.8k.patch * openssl-1.0.0-c_rehash-compat.diff * bug610223.patch * openssl-ocloexec.patch * openssl-1.0.2a-padlock64.patch * openssl-fix-pod-syntax.diff * openssl-truststore.patch * compression_methods_switch.patch * 0005-libssl-Hide-library-private-symbols.patch
Yuchen Lin (maxlin_factory)
accepted
request 485219
from
Vítězslav Čížek (vitezslav_cizek)
(revision 137)
- Remove O3 from optflags, no need to not rely on distro wide settings - Remove conditions for sle10 and sle11, we care only about sle12+ - USE SUSE instead of SuSE in readme - Pass over with spec-cleaner (forwarded request 485192 from scarabeus_iv)
Dominique Leuenberger (dimstar_suse)
accepted
request 454260
from
Marcus Meissner (msmeissn)
(revision 136)
- fix X509_CERT_FILE path (bsc#1022271) and rename updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch (forwarded request 454258 from vitezslav_cizek)
Dominique Leuenberger (dimstar_suse)
accepted
request 452919
from
Marcus Meissner (msmeissn)
(revision 135)
- Updated to openssl 1.0.2k - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64
Dominique Leuenberger (dimstar_suse)
accepted
request 433063
from
Marcus Meissner (msmeissn)
(revision 134)
- resume reading from /dev/urandom when interrupted by a signal (bsc#995075) * add openssl-randfile_fread_interrupt.patch - add FIPS changes from SP2: - fix problems with locking in FIPS mode (bsc#992120) * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 and bsc#990207 * bring back openssl-fipslocking.patch - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (bsc#984323) - don't check for /etc/system-fips (bsc#982268) * add openssl-fips-dont_run_FIPS_module_installed.patch - refresh openssl-fips-rsagen-d-bits.patch (forwarded request 431508 from vitezslav_cizek)
Dominique Leuenberger (dimstar_suse)
accepted
request 430498
from
Marcus Meissner (msmeissn)
(revision 133)
- update to openssl-1.0.2j * Missing CRL sanity check (CVE-2016-7052 bsc#1001148) - OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) - update to openssl-1.0.2i * remove patches: openssl-1.0.2a-new-fips-reqs.patch openssl-1.0.2e-fips.patch * add patches: openssl-1.0.2i-fips.patch openssl-1.0.2i-new-fips-reqs.patch - fix crash in print_notice (bsc#998190) * add openssl-print_notice-NULL_crash.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 393456
from
Marcus Meissner (msmeissn)
(revision 132)
- OpenSSL Security Advisory [3rd May 2016] - update to 1.0.2h (boo#977584, boo#977663) * Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. (CVE-2016-2107, boo#977616) * Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. (CVE-2016-2105, boo#977614) * Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. (CVE-2016-2106, boo#977615) * Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. (CVE-2016-2109, boo#976942) * EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. (CVE-2016-2176, boo#978224) * Modify behavior of ALPN to invoke callback after SNI/servername (forwarded request 393446 from vitezslav_cizek)
Displaying revisions 21 - 40 of 171