buildservice-autocommit accepted request 1219500 from Factory Maintainer (factory-maintainer) 25 days ago (revision 167)

auto commit by copy to link target

• Files Changed
• Browse Source

Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1208152 from Bernhard Wiedemann (bmwiedemann) about 1 month ago (revision 166)

Add reproducibledate.patch (boo#1231667)

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1189541 from Pedro Monreal Gonzalez (pmonrealgonzalez) 4 months ago (revision 165)

auto commit by copy to link target

• Files Changed
• Browse Source

Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1189540 from Pedro Monreal Gonzalez (pmonrealgonzalez) 4 months ago (revision 164)

- Build with no-afalgeng [bsc#1226463]

- Security fix: [bsc#1227138, CVE-2024-5535]
  * SSL_select_next_proto buffer overread
  * Add openssl-CVE-2024-5535.patch

- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
  security vulnerability. Calling the function SSL_free_buffers()
  potentially caused memory to be accessed that was previously
  freed in some situations and a malicious attacker could attempt
  to engineer a stituation where this occurs to facilitate a
  denial-of-service attack. [CVE-2024-4741, bsc#1225551]

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1183229 from Factory Maintainer (factory-maintainer) 5 months ago (revision 163)

auto commit by copy to link target

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1181542 from Martin Jambor (jamborm) 5 months ago (revision 162)

- Fixed C99 violations in patches bsc1185319-FIPS-KAT-for-ECDSA.patch
  (need to for explicity typecast) and
  openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
  (missing include) to allow the package to build with GCC 14.
  [boo#1225907]

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1172432 from Otto Hollmann (ohollmann) 7 months ago (revision 161)

auto commit by copy to link target

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1172426 from Otto Hollmann (ohollmann) 7 months ago (revision 160)

- Security fix: [bsc#1222548, CVE-2024-2511]
  * Fix unconstrained session cache growth in TLSv1.3
  * Add openssl-CVE-2024-2511.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1146592 from Factory Maintainer (factory-maintainer) 9 months ago (revision 159)

auto commit by copy to link target

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) committed 10 months ago (revision 158)

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1144956 from Pedro Monreal Gonzalez (pmonrealgonzalez) 10 months ago (revision 157)

- Enable running the regression tests in FIPS mode.

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1144565 from Otto Hollmann (ohollmann) 10 months ago (revision 156)

- Rename engines directories to the same name like in SLE:
    /etc/ssl/engines1_1.d -> /etc/ssl/engines1.1.d
    /etc/ssl/engdef1_1.d -> /etc/ssl/engdef1.1.d
  * Add migration script to move files (bsc#1219562)
    /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d
    /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1141238 from Pedro Monreal Gonzalez (pmonrealgonzalez) 10 months ago (revision 155)

auto commit by copy to link target

• Files Changed
• Browse Source

Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1141235 from Otto Hollmann (ohollmann) 10 months ago (revision 154)

- Because OpenSSL 1.1.1 is no longer default, let's rename engine
  directories to contain version of OpenSSL and let unversioned for
  the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933]
  * /etc/ssl/engines.d ->  /etc/ssl/engines1_1.d
  * /etc/ssl/engdef.d -> /etc/ssl/engdef1_1.d
  * Update patches:
    - openssl-1_1-ossl-sli-002-ran-make-update.patch
    - openssl-1_1-use-include-directive.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1130033 from Factory Maintainer (factory-maintainer) 12 months ago (revision 153)

auto commit by copy to link target

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1128352 from Otto Hollmann (ohollmann) about 1 year ago (revision 152)

- Skip SHA1 test in 20-test_dgst.t when in FIPS mode
  * Add openssl-Skip_SHA1-test-in-FIPS-mode.patch
- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch
  * bsc#1190652 - Provide a service to output module name/identifier
    and version
- Sync patches with SLE:
  * Merge openssl-keep_EVP_KDF_functions_version.patch into
    openssl-1.1.1-evp-kdf.patch
  * Refresh openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
  * Remove openssl-no-date.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1126787 from Otto Hollmann (ohollmann) about 1 year ago (revision 151)

auto commit by copy to link target

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1126087 from Otto Hollmann (ohollmann) about 1 year ago (revision 150)

- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch
- Remove trailing spaces from changelog

- Remove a hack for bsc#936563
  bsc936563_hack.patch (bsc#936563)
- Build with no-ssl3, for details on why this is needed read
  require us to patch dependant packages as the relevant
  functions are still available (SSLv3_(client|server)_method)
- openssl.keyring: use Matt Caswells current key.
- openSSL 1.0.1j
- openssl.keyring: the 1.0.1i release was done by
- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should
- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
  it is already in RPM_OPT_FLAGS and is replaced by
- Remove the "gmp" and "capi" shared engines, nobody noticed
  but they are just dummies that do nothing.
- Use enable-rfc3779 to allow projects such as rpki.net
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
- openssl-gcc-attributes.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1120190 from Otto Hollmann (ohollmann) about 1 year ago (revision 149)

auto commit by copy to link target

• Files Changed
• Browse Source

Otto Hollmann (ohollmann) accepted request 1119558 from Otto Hollmann (ohollmann) about 1 year ago (revision 148)

- Performance enhancements for cryptography from OpenSSL 3.x
  [jsc#PED-5086, jsc#PED-3514]
  * Add patches:
    - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
    - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
    - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
    - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
    - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
    - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch

• Files Changed
• Browse Source