Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openssl-3

Otto Hollmann's avatar Otto Hollmann (ohollmann) committed (revision 18) 
- Security fix: [bsc#1224388, CVE-2024-4603]
  * Check DSA parameters for excessive sizes before validating
  * Add openssl-CVE-2024-4603.patch
Otto Hollmann's avatar Otto Hollmann (ohollmann) committed (revision 14) 
- Add ktls capability [bsc#1216950]
  Already added in January, but not mentioned in this changelog.

- Security fix: [bsc#1222548, CVE-2024-2511]
  * Fix unconstrained session cache growth in TLSv1.3
  * Add openssl-CVE-2024-2511.patch
buildservice-autocommit accepted request 1143594 from Otto Hollmann's avatar Otto Hollmann (ohollmann) (revision 13) 
baserev update by copy to link target
Otto Hollmann's avatar Otto Hollmann (ohollmann) committed (revision 12) 
- Update to 3.2.1:
  * Fixed PKCS12 Decoding crashes (CVE-2024-0727)
  * Fixed excessive time spent checking invalid RSA public keys
    (CVE-2023-6237)
  * Fixed POLY1305 MAC implementation corrupting vector registers
    on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129)
  * Fixed excessive time spent in DH check / generation with large
    Q parameter value [(CVE-2023-5678)]
  * Remove patches:
    - openssl-CVE-2023-6237.patch
    - openssl-CVE-2023-6129.patch
    - openssl-CVE-2023-5678.patch
    - openssl-CVE-2023-6237.patch
    - openssl-Remove-the-source-directory-.num-targets.patch
    - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
    - openssl-Fix_test_symbol_presence.patch

- Security fix: [bsc#1218810, CVE-2023-6237]
  * Limit the execution time of RSA public key check
  * Add openssl-CVE-2023-6237.patch

- Security fix: [bsc#1218690, CVE-2023-6129]
  * POLY1305: Fix vector register clobbering on PowerPC
  * Add openssl-CVE-2023-6129.patch

- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
buildservice-autocommit accepted request 1143581 from Otto Hollmann's avatar Otto Hollmann (ohollmann) (revision 11) 
baserev update by copy to link target
Otto Hollmann's avatar Otto Hollmann (ohollmann) committed (revision 9) 
- Encapsulate the fips provider into a new package called
  libopenssl-3-fips-provider.
- Load the FIPS provider and set FIPS properties implicitly.
  * Add openssl-Force-FIPS.patch [bsc#1217934]
- Disable the fipsinstall command-line utility.
  * Add openssl-disable-fipsinstall.patch
- Add instructions to load legacy provider in openssl.cnf.
  * openssl-load-legacy-provider.patch
- Disable the default provider for the test suite.
  * openssl-Disable-default-provider-for-test-suite.patch
Otto Hollmann's avatar Otto Hollmann (ohollmann) committed (revision 7) 
- Added openssl-3-use-include-directive.patch so that the default
  /etc/ssl/openssl.cnf file will include any configuration files that
  other packages might place into /etc/ssl/engines3.d/ and
  /etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/
  and /etc/ssl/engdef.d/ to above versioned directories.
- Updated spec file to create the two new necessary directores for
  the above patch and two symbolic links to above directories.
  [bsc#1194187, bsc#1207472, bsc#1218933]

- Replace our reverted commit with an upstream version
  * rename openssl-Revert-Makefile-Call-mknum.pl-on-make-ordinals-only-if.patch
  to openssl-Remove-the-source-directory-.num-targets.patch
Otto Hollmann's avatar Otto Hollmann (ohollmann) committed (revision 1)
Displaying all 19 revisions
openSUSE Build Service is sponsored by
Places