Revisions of openssl-1_1
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 960455
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 107)
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 954339
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 106)
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 954189
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 105)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. [bsc#1195792] - FIPS: Fix function and reason error codes [bsc#1182959] * Add openssl-1_1-FIPS-fix-error-reason-codes.patch
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 951360
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 104)
- Enable zlib compression support [bsc#1195149]
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 950464
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 103)
- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742] - POWER10 performance enhancements for cryptography [jsc#SLE-18136]
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 949750
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 102)
- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19766]
* Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch
* Optimize AES-XTS mode for aarch64:
openssl-1_1-Optimize-AES-XTS-aarch64.patch
* Optimize AES-GCM for uarchs with unroll and new instructions:
openssl-1_1-Optimize-AES-GCM-uarchs.patch
- POWER10 performance enhancements for cryptography [jsc#SLE-19409]
* openssl-1_1-Optimize-ppc64.patch
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 942952
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 101)
- Update to 1.1.1m: * Avoid loading of a dynamic engine twice. * Prioritise DANE TLSA issuer certs over peer certs - Rebased patches: * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-system-cipherlist.patch - Enforce crypto-policies for the upcoming Leap 15.4 and SLE 15-SP4
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 936137
from
Mark Post (markkp)
(revision 100)
- Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch.
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 930969
from
Giuliano Belinassi (gbelinassi)
(revision 99)
- Add support for livepatches (jsc#SLE-20049). - Generate ipa-clones tarball artifact when livepatching is enabled. Userspace Livepatching allows your application to be updated without restarting. For a library to be livepatchable, it has to be compiled with special flags (-fpatchable-functions-entry=X,Y). To aid the development of livepatches, ipa-clones are also generated in the build process and packed into a livepatch tarball. This tarball is meant to be used by developers during their workflow: these files contains log of changes that gcc did in the compiled code that may change code layout, which must be accounted when developing a livepatch. For instance, livepatching a function which is inlined requires livepatching every function that calls it. Tools that use such files already exists in kernel-livepatching and we aim porting them to userspace livepatching as well.
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 928526
from
Dan Čermák (dancermak)
(revision 98)
Drop openssl-no-date.patch
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 928745
from
Andreas Schneider (gladiac)
(revision 97)
- Add missing libopenssl1_1-hmac 32bit package
Jason Sikes (jsikes)
accepted
request 914079
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 96)
- Update to 1.1.1l:
* [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow.
* [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns
processing ASN.1 strings
- Require the crypto-policies package from libopenssl-1_1
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 906749
from
Jason Sikes (jsikes)
(revision 95)
New candidate fix for bsc1180995. Enjoy!
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 895194
from
Jason Sikes (jsikes)
(revision 94)
Fixed error in spec file. Enjoy!
buildservice-autocommit
accepted
request 886506
from
Jason Sikes (jsikes)
(revision 93)
Jason Sikes (jsikes)
(revision 93)
baserev update by copy to link target
Jason Sikes (jsikes)
accepted
request 886496
from
Jason Sikes (jsikes)
(revision 92)
Added bsc numbers to changelog.
buildservice-autocommit
accepted
request 882115
from
Jason Sikes (jsikes)
(revision 91)
Jason Sikes (jsikes)
(revision 91)
baserev update by copy to link target
Jason Sikes (jsikes)
accepted
request 882114
from
Jason Sikes (jsikes)
(revision 90)
Update to 1.1.1k with CVE fixes. Enjoy!
Jason Sikes (jsikes)
accepted
request 881422
from
Jason Sikes (jsikes)
(revision 89)
Updated to 1.1.1k. Enjoy!
buildservice-autocommit
accepted
request 878152
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 88)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 88)
baserev update by copy to link target
Displaying revisions 61 - 80 of 167
