Revisions of openssl
- openssl-gcc-attributes.patch * annotate memory allocation wrappers with attribute(alloc_size) so the compiler can tell us if it knows they are being misused * OPENSSL_showfatal is annotated with attribute printf to detect format string problems. - It is time to try to disable SSLv2 again, it was tried a while ago but broke too many things, nowadays Debian, Ubuntu, the BSDs all have disabled it, most components are already fixed. I will fix the remaining fallout if any. (email me) (forwarded request 229674 from elvigia)
- update to 1.0.1g: * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299) * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945) * Workaround for the "TLS hang bug" (see FAQ and PR#2771) - remove CVE-2014-0076.patch - openssl.keyring: upstream changed to: pub 4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org> uid Dr Stephen Henson <shenson@drh-consultancy.co.uk> uid Dr Stephen Henson <shenson@opensslfoundation.com>
Fix bug[ bnc#869945] CVE-2014-0076: openssl: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack; Add file: CVE-2014-0076.patch (forwarded request 227417 from shawn2012)
additional changes required for FIPS validation( from Fedora repo); Add patch file: openssl-1.0.1e-new-fips-reqs.patch (forwarded request 224375 from shawn2012)
Remove GCC option -O3 for compiliation issue of ARM version; Modify: openssl.spec (forwarded request 213627 from shawn2012)
Fixed bnc#857850, openssl doesn't load engine; Modify file: openssl.spec (forwarded request 213131 from shawn2012)
Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss; Add file: CVE-2013-6450.patch (forwarded request 212653 from shawn2012)
Fixed bnc#856687, openssl: crash when using TLS 1.2; Add file: CVE-2013-6449.patch (forwarded request 212077 from shawn2012)
- compression_methods_switch.patch: setenv might not be successful if a surrounding library or application filters it, like e.g. sudo. As setenv() does not seem to be useful anyway, remove it. bnc#849377 (forwarded request 211400 from msmeissn)
Adjust the installation path; Modify files: README-FIPS.txt openssl.spec (forwarded request 210984 from shawn2012)
osc copypac from project:openSUSE:Factory package:openssl revision:99
Patches for OpenSSL FIPS-140-2/3 certification; Add patch files: openssl-1.0.1e-fips.patch, openssl-1.0.1e-fips-ec.patch,openssl-1.0.1e-fips-ctor.patch (forwarded request 208378 from shawn2012)
(forwarded request 204370 from elvigia)
- openssl-1.0.1c-ipv6-apps.patch: Support ipv6 in the openssl s_client / s_server commandline app. (forwarded request 203361 from msmeissn)
- VPN openconnect problem (DTLS handshake failed) (git 9fe4603b8, bnc#822642, openssl ticket#2984) (forwarded request 201079 from dmacvicar)
Fix armv6l arch (armv7 was previously used to build armv6 which lead to illegal instruction when used) (forwarded request 197443 from Guillaume_G)
Fix bug[ bnc#832833] openssl ssl_set_cert_masks() is broken; Add patch file: SSL_get_certificate-broken.patch (forwarded request 186693 from shawn2012)
- 0005-libssl-Hide-library-private-symbols.patch: hide private symbols, this *only* applies to libssl where it is straightforward to do so as applications should not be using any of the symbols declared/defined in headers that the library does not install. A separate patch MAY be provided in the future for libcrypto where things are much more complicated and threfore requires careful testing. (forwarded request 185819 from elvigia)
- compression_methods_switch.patch: Disable compression by default to avoid the CRIME attack (CVE-2012-4929 bnc#793420) Can be override by setting environment variable OPENSSL_NO_DEFAULT_ZLIB=no
Displaying revisions 61 - 80 of 171