Revisions of openssl
- Don't use the legacy /etc/ssl/certs directory anymore but rather the p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991, openssl-1.0.1e-truststore.diff)
- Build enable-ec_nistp_64_gcc_128, ecdh is many times faster but only works in x86_64. According to the openSSL team "it is superior to the default in multiple regards (speed, and also security as the new implementations are secure against timing attacks)" It is not enabled by default due to the build system being unable to detect if the compiler supports __uint128_t. (forwarded request 181467 from elvigia)
- pick openssl-fix-pod-syntax.diff out of the upstream RT to fix build with perl 5.18 (forwarded request 180092 from coolo)
add %if tag for BuildArch. someone may need to fork it to SLE (forwarded request 176549 from MargueriteSu)
- disable fstack-protector on aarch64 (forwarded request 156130 from dirkmueller)
- Update to 1.0.1e o Bugfix release (bnc#803004) - Drop openssl-1.0.1d-s3-packet.patch, included upstream
Fix nasty 1.0.1d regression (forwarded request 155056 from sumski)
- update to version 1.0.1d, fixing security issues o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 bnc#802184 o Fix for TLS AESNI record handling flaw CVE-2012-2686
Automatic submission by obs-autosubmit
- Open Internal file descriptors with O_CLOEXEC, leaving those open across fork()..execve() makes a perfect vector for a side-channel attack... (forwarded request 131190 from elvigia)
- fix build on armv5 (bnc#774710) (forwarded request 130344 from dirkmueller)
- Update to version 1.0.1c for the complete list of changes see NEWS, this only list packaging changes. - Drop aes-ni patch, no longer needed as it is builtin in openssl now. - Define GNU_SOURCE and use -std=gnu99 to build the package. - Use LFS_CFLAGS in platforms where it matters. (forwarded request 120643 from elvigia)
- don't install any demo or expired certs at all
update to 1.0.0i
Automatic submission by obs-autosubmit
license update: OpenSSL (forwarded request 110174 from babelworx)
Automatic submission by obs-autosubmit
update to 1.0.0g
Displaying revisions 81 - 100 of 171