File libressl.changes of Package libressl

Overview Repositories Revisions Requests Users Attributes Meta

File libressl.changes of Package libressl

-------------------------------------------------------------------
Wed May  4 16:08:33 UTC 2016 - jengelh@inai.de

- Update to new upstream release 2.3.4 [boo#978492, boo#977584]
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and
  encoding.

-------------------------------------------------------------------
Wed Mar 23 20:50:00 UTC 2016 - jengelh@inai.de

- Update to new upstream release 2.3.3
* cert.pem has been reorganized and synced with Mozilla's
  certificate store

-------------------------------------------------------------------
Tue Feb  2 11:24:16 UTC 2016 - jengelh@inai.de

- Update to new upstream release 2.3.2
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
  construction introduced in RFC 7539, which is different than
  that already used in TLS with EVP_aead_chacha20_poly1305().
* Avoid a potential undefined C99+ behavior due to shift overflow
  in AES_decrypt.
- Remove 0001-Fix-for-OpenSSL-CVE-2015-3194.patch,
  0001-Fix-for-OpenSSL-CVE-2015-3195.patch (included)

-------------------------------------------------------------------
Fri Dec 11 18:21:25 UTC 2015 - jengelh@inai.de

- Add 0001-Fix-for-OpenSSL-CVE-2015-3194.patch,
  0001-Fix-for-OpenSSL-CVE-2015-3195.patch [boo#958768]

-------------------------------------------------------------------
Wed Nov  4 11:23:50 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.3.1
* ASN.1 cleanups and RFC5280 compliance fixes.
* Time representations switched from "unsigned long" to "time_t".
  LibreSSL now checks if the host OS supports 64-bit time_t.
* Changed tls_connect_servername to use the first address that
  resolves with getaddrinfo().
* Fixed a memory leak and out-of-bounds access in OBJ_obj2txt,
* Fixed an up-to 7 byte overflow in RC4 when len is not a multiple
  of sizeof(RC4_CHUNK).
- Drop CVE-2015-5333_CVE-2015-5334.patch (merged)

-------------------------------------------------------------------
Fri Oct 16 15:25:21 UTC 2015 - astieger@suse.com

- Security update for libressl:
  * CVE-2015-5333: Memory Leak [boo#950707]
  * CVE-2015-5334: Buffer Overflow [boo#950708]
- adding CVE-2015-5333_CVE-2015-5334.patch

-------------------------------------------------------------------
Thu Sep 24 11:36:44 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.3.0
* SSLv3 is now permanently removed from the tree.
* libtls API: The read/write functions work correctly with external
  event libraries. See the tls_init man page for examples of using
  libtls correctly in asynchronous mode.
* When using tls_connect_fds, tls_connect_socket or tls_accept_fds,
  libtls no longer implicitly closes the passed in sockets. The
  caller is responsible for closing them in this case.
* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are
  no longer supported.
* SHA-0 is removed, which was withdrawn shortly after publication
  20 years ago.

-------------------------------------------------------------------
Sun Aug 30 22:31:01 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.2.3
* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do
  not include TLS extensions, resulting in such handshakes being
  aborted. This release corrects the handling of such messages.

-------------------------------------------------------------------
Mon Aug 17 13:50:42 UTC 2015 - jengelh@inai.de

- drop /etc/ssl/cert.pem

-------------------------------------------------------------------
Mon Aug 17 08:14:11 UTC 2015 - jengelh@inai.de

- Avoid file conflict with ca-certificates by dropping
  /etc/ssl/certs

-------------------------------------------------------------------
Sun Aug  9 10:51:46 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.2.2
* Incorporated fix for OpenSSL issue #3683
  [malformed private key via command line segfaults openssl]
* Removed workarounds for TLS client padding bugs, removed
  SSLv3 support from openssl(1), removed IE 6 SSLv3 workarounds,
  removed RSAX engine.
* Modified tls_write in libtls to allow partial writes, clarified with
  examples in the documentation.
* Building a program that intentionally uses SSLv3 will result in
  a linker warning.
* Added TLS_method, TLS_client_method and TLS_server_method as a
  replacement for the SSLv23_*method calls.
* Switched `openssl dhparam` default from 512 to 2048 bits
* Fixed `openssl pkeyutl -verify` to exit with a 0 on success
* Fixed dozens of Coverity issues including dead code, memory leaks,
  logic errors and more.

-------------------------------------------------------------------
Mon Jul 13 17:39:10 UTC 2015 - astieger@suse.com

- Update to new upstream release 2.2.1 [bnc#937891]
* Protocol parsing conversions to BoringSSL's CRYPTO ByteString
  (CBS) API
* Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL
* Removed Dynamic Engine support
* Removed unused and obsolete MDC-2DES cipher
* Removed workarounds for obsolete SSL implementations
* Fixes and changes for plaforms other than GNU/Linux

-------------------------------------------------------------------
Fri Jun 12 22:33:52 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.2.0
* Removal of OPENSSL_issetugid and all library getenv calls.
  Applications can and should no longer rely on environment
  variables for changing library behavior.
  OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1)
  command.
* libtls API and documentation additions
* fixed:
* CVE-2015-1788: Malformed ECParameters causes infinite loop
* CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time
* CVE-2015-1792: CMS verify infinite loop with unknown hash
  function (this code is not enabled by default)
* already fixed earlier, or not found in LibreSSL:
* CVE-2015-4000: DHE man-in-the-middle protection (Logjam)
* CVE-2015-1790: PKCS7 crash with missing EnvelopedContent
* CVE-2014-8176: Invalid free in DTLS

-------------------------------------------------------------------
Wed Mar 25 20:49:43 UTC 2015 - jengelh@inai.de

- Ship pkgconfig files again

-------------------------------------------------------------------
Thu Mar 19 18:12:17 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.1.6
* Reject server ephemeral DH keys smaller than 1024 bits
* Fixed CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
* Fixed CVE-2015-0287 - ASN.1 structure reuse memory corruption
* Fixed CVE-2015-0289 - PKCS7 NULL pointer dereferences
* Fixed CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
* Fixed CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref

-------------------------------------------------------------------
Fri Mar  6 18:19:18 UTC 2015 - sor.alexei@meowr.ru

- Update to 2.1.4:
  * Improvements to libtls:
    - a new API for loading CA chains directly from memory instead
      of a file, allowing verification with privilege separation in
      a chroot without direct access to CA certificate files.
    - Ciphers default to TLSv1.2 with AEAD and PFS.
    - Improved error handling and message generation.
    - New APIs and improved documentation.
  * Add X509_STORE_load_mem API for loading certificates from memory.
    This facilitates accessing certificates from a chrooted
    environment.
  * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
    using 'TLSv1.2+AEAD' as the cipher selection string.
  * New openssl(1) command 'certhash' replaces the c_rehash script.
  * Server-side support for TLS_FALLBACK_SCSV for compatibility
    with various auditor and vulnerability scanners.
  * Dead and disabled code removal including MD5, Netscape
    workarounds, non-POSIX IO, SCTP, RFC 3779 support,
    "#if 0" sections, and more.
  * The ASN1 macros are expanded to aid readability and
    maintainability.
  * Various NULL pointer asserts removed in favor of letting the
    OS/signal handler catch them.
  * Refactored argument handling in openssl(1) for consistency and
    maintainability.
  * Support for building with OPENSSL_NO_DEPRECATED.
  * Dozens of issues found with the Coverity scanner fixed.
  * Fix a minor information leak that was introduced in t1_lib.c
    r1.71, whereby an additional 28 bytes of .rodata (or .data) is
    provided to the network. In most cases this is a non-issue
    since the memory content is already public.
  * Fixes for the following low-severity issues were integrated
    into LibreSSL from OpenSSL 1.0.1k:
    - CVE-2015-0205 - DH client certificates accepted without
      verification.
    - CVE-2014-3570 - Bignum squaring may produce incorrect results.
    - CVE-2014-8275 - Certificate fingerprints can be modified.
    - CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client].

-------------------------------------------------------------------
Wed Jan 28 08:17:32 UTC 2015 - jengelh@inai.de

- Add package signatures

-------------------------------------------------------------------
Sat Jan 24 13:54:56 UTC 2015 - jengelh@inai.de

- Update to new upstream release 2.1.3
* Fixes for various memory leaks in DTLS, including those for
  CVE-2015-0206.
* Application-Layer Protocol Negotiation (ALPN) support.
* Simplfied and refactored SSL/DTLS handshake code.
* SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
* Ensure the stack is marked non-executable for assembly sections.

-------------------------------------------------------------------
Fri Dec 12 09:55:27 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.1.2
* The two cipher suites GOST and Camellia have been reworked or
  reenabled, providing better interoperability with systems around
  the world.
* The libtls library, a modern and simplified interface for secure
  client and server communications, is now packaged.
* Assembly acceleration of various algorithms (most importantly
  AES, MD5, SHA1, SHA256, SHA512) are enabled for AMD64.
- Remove libressl-no-punning.diff (file to patch is gone)

-------------------------------------------------------------------
Wed Dec  3 07:06:49 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.1.1
* Address POODLE attack by disabling SSLv3 by default
* Fix Eliptical Curve cipher selection bug

-------------------------------------------------------------------
Sat Aug  9 06:28:28 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.0.5
* This version forward-ports security fixes from OpenSSL 1.0.1i:
  CVE-2014-3506, CVE-2014-3507, CVE-2014-3508 (partially
  vulnerable), CVE-2014-3509, CVE-2014-3510, CVE-2014-3511.
  (LibreSSL was found not to be vulnerable to
  CVE-2014-3502, CVE-2014-3512, CVE-2014-5139)

-------------------------------------------------------------------
Wed Aug  6 03:56:45 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.0.4
* This version includes more portability changes, as well as other
  work. most noticable may be the deletion of the of the SRP code
  (which has not been enabled in any LibreSSL release).
- Remove pkg-config files so "pkgconfig(libcrypto)" remains
  unambiguous in the distro

-------------------------------------------------------------------
Tue Jul 22 09:21:00 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.0.3
* This release includes a number of portability fixes, and also
  includes some improvements to the fork detection support.
- Remove libressl-auxdal.diff, libressl-asn1test.diff
  (solved upstream)

-------------------------------------------------------------------
Wed Jul 16 12:56:59 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.0.2
* This release addresses the Linux forking and pid wrap issue
  reported recently.
- Add libressl-auxval.diff (fix compile error),
  libressl-asn1test.diff (fix testsuite failure)

-------------------------------------------------------------------
Sun Jul 13 14:45:56 UTC 2014 - jengelh@inai.de

- Update to new upstream release 2.0.1
* This release includes a number of portability fixes based on
  the initial feedback received. A few hardcoded compiler options
  that were problematic on some systems as well as -Werror have
  been removed. This release also includes pkg-config support.
- Remove libressl-rt.diff (solved differently upstream)

-------------------------------------------------------------------
Sat Jul 12 09:15:26 UTC 2014 - jengelh@inai.de

- Initial package (version 2.0.0) for build.opensuse.org
- Add libressl-no-punning.diff, libressl-rt.diff to fix build
  errors

Places

File libressl.changes of Package libressl

Places