Revisions of openssl-1_1
buildservice-autocommit
accepted
request 1172432
from
Otto Hollmann (ohollmann)
(revision 161)
Otto Hollmann (ohollmann)
(revision 161)
auto commit by copy to link target
Otto Hollmann (ohollmann)
accepted
request 1172426
from
Otto Hollmann (ohollmann)
(revision 160)
- Security fix: [bsc#1222548, CVE-2024-2511] * Fix unconstrained session cache growth in TLSv1.3 * Add openssl-CVE-2024-2511.patch
buildservice-autocommit
accepted
request 1146592
from
Factory Maintainer (factory-maintainer)
(revision 159)
Factory Maintainer (factory-maintainer)
(revision 159)
auto commit by copy to link target
Otto Hollmann (ohollmann)
committed
(revision 158)
Otto Hollmann (ohollmann)
accepted
request 1144956
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 157)
- Enable running the regression tests in FIPS mode.
Otto Hollmann (ohollmann)
accepted
request 1144565
from
Otto Hollmann (ohollmann)
(revision 156)
- Rename engines directories to the same name like in SLE:
/etc/ssl/engines1_1.d -> /etc/ssl/engines1.1.d
/etc/ssl/engdef1_1.d -> /etc/ssl/engdef1.1.d
* Add migration script to move files (bsc#1219562)
/etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d
/etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d
- Security fix: [bsc#1219243, CVE-2024-0727]
* Add NULL checks where ContentInfo data can be NULL
* Add openssl-CVE-2024-0727.patch
buildservice-autocommit
accepted
request 1141238
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 155)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 155)
auto commit by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1141235
from
Otto Hollmann (ohollmann)
(revision 154)
- Because OpenSSL 1.1.1 is no longer default, let's rename engine
directories to contain version of OpenSSL and let unversioned for
the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933]
* /etc/ssl/engines.d -> /etc/ssl/engines1_1.d
* /etc/ssl/engdef.d -> /etc/ssl/engdef1_1.d
* Update patches:
- openssl-1_1-ossl-sli-002-ran-make-update.patch
- openssl-1_1-use-include-directive.patch
buildservice-autocommit
accepted
request 1130033
from
Factory Maintainer (factory-maintainer)
(revision 153)
Factory Maintainer (factory-maintainer)
(revision 153)
auto commit by copy to link target
Otto Hollmann (ohollmann)
accepted
request 1128352
from
Otto Hollmann (ohollmann)
(revision 152)
- Skip SHA1 test in 20-test_dgst.t when in FIPS mode
* Add openssl-Skip_SHA1-test-in-FIPS-mode.patch
- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch
* bsc#1190652 - Provide a service to output module name/identifier
and version
- Sync patches with SLE:
* Merge openssl-keep_EVP_KDF_functions_version.patch into
openssl-1.1.1-evp-kdf.patch
* Refresh openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
* Remove openssl-no-date.patch
buildservice-autocommit
accepted
request 1126787
from
Otto Hollmann (ohollmann)
(revision 151)
Otto Hollmann (ohollmann)
(revision 151)
auto commit by copy to link target
Otto Hollmann (ohollmann)
accepted
request 1126087
from
Otto Hollmann (ohollmann)
(revision 150)
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- Remove trailing spaces from changelog
- Remove a hack for bsc#936563
bsc936563_hack.patch (bsc#936563)
- Build with no-ssl3, for details on why this is needed read
require us to patch dependant packages as the relevant
functions are still available (SSLv3_(client|server)_method)
- openssl.keyring: use Matt Caswells current key.
- openSSL 1.0.1j
- openssl.keyring: the 1.0.1i release was done by
- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should
- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
it is already in RPM_OPT_FLAGS and is replaced by
- Remove the "gmp" and "capi" shared engines, nobody noticed
but they are just dummies that do nothing.
- Use enable-rfc3779 to allow projects such as rpki.net
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
- openssl-gcc-attributes.patch
buildservice-autocommit
accepted
request 1120190
from
Otto Hollmann (ohollmann)
(revision 149)
Otto Hollmann (ohollmann)
(revision 149)
auto commit by copy to link target
Otto Hollmann (ohollmann)
accepted
request 1119558
from
Otto Hollmann (ohollmann)
(revision 148)
- Performance enhancements for cryptography from OpenSSL 3.x
[jsc#PED-5086, jsc#PED-3514]
* Add patches:
- openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
- openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
- openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
- openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
- openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
- openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
buildservice-autocommit
accepted
request 1116068
from
Otto Hollmann (ohollmann)
(revision 147)
Otto Hollmann (ohollmann)
(revision 147)
auto commit by copy to link target
Otto Hollmann (ohollmann)
accepted
request 1116067
from
Otto Hollmann (ohollmann)
(revision 146)
- Displays "fips" in the version string (bsc#1215215) * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
buildservice-autocommit
accepted
request 1111406
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 145)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 145)
auto commit by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1111331
from
Otto Hollmann (ohollmann)
(revision 144)
- Update to 1.1.1w:
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
(CVE-2023-4807)
- Add missing FIPS patches from SLE:
* Add patches:
- bsc1185319-FIPS-KAT-for-ECDSA.patch
- bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
- openssl-1.1.1-fips-fix-memory-leaks.patch
- openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
- openssl-1_1-FIPS_drbg-rewire.patch
- openssl-1_1-Zeroization.patch
- openssl-1_1-fips-drbg-selftest.patch
- openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
- openssl-1_1-jitterentropy-3.4.0.patch
- openssl-1_1-ossl-sli-000-fix-build-error.patch
Otto Hollmann (ohollmann)
committed
(revision 143)
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1101936
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 142)
* Update openssl.keyring with the OTC members that sign releases
Displaying revisions 1 - 20 of 161
