Overview Repositories Revisions Requests Users Attributes Meta

openssl

Edit Package openssl

NOTE: Automatically created during Factory devel project migration by admin.

  • Download package
  • osc -A https://api.opensuse.org checkout home:Ledest:misc/openssl && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
0001-Axe-builtin-printf-implementation-use-glibc-instead.patch 0000024068 23.5 KB
0001-libcrypto-Hide-library-private-symbols.patch 0000034264 33.5 KB
0005-libssl-Hide-library-private-symbols.patch 0000005860 5.72 KB
README-FIPS.txt 0000009637 9.41 KB
README.SUSE 0000000370 370 Bytes
_link 0000000119 119 Bytes
baselibs.conf 0000000295 295 Bytes
bug610223.patch 0000000503 503 Bytes
compression_methods_switch.patch 0000002277 2.22 KB
cryptodev.h 0000009109 8.9 KB
merge_from_0.9.8k.patch 0000002910 2.84 KB
openssl-1.0.0-c_rehash-compat.diff 0000001364 1.33 KB
openssl-1.0.1e-add-suse-default-cipher.patch 0000002151 2.1 KB
openssl-1.0.1e-add-test-suse-default-cipher-suite.patch 0000000995 995 Bytes
openssl-1.0.2a-cryptodev-Fix-issue-with-signature-generation.patch 0000012909 12.6 KB
openssl-1.0.2a-cryptodev-allow-copying-EVP-contexts.patch 0000003731 3.64 KB
openssl-1.0.2a-default-paths.patch 0000002956 2.89 KB
openssl-1.0.2a-fips-ctor.patch 0000004928 4.81 KB
openssl-1.0.2a-fips-ec.patch 0000064031 62.5 KB
openssl-1.0.2a-ipv6-apps.patch 0000016872 16.5 KB
openssl-1.0.2a-padlock64.patch 0000006684 6.53 KB
openssl-1.0.2i-fips.patch 0000510004 498 KB
openssl-1.0.2i-new-fips-reqs.patch 0000067677 66.1 KB
openssl-1.0.2k.tar.gz 0005309236 5.06 MB
openssl-1.0.2k.tar.gz.asc 0000000455 455 Bytes
openssl-fips-clearerror.patch 0000000545 545 Bytes
openssl-fips-dont-fall-back-to-default-digest.patch 0000004326 4.22 KB
openssl-fips-dont_run_FIPS_module_installed.patch 0000000547 547 Bytes
openssl-fips-fix-odd-rsakeybits.patch 0000000584 584 Bytes
openssl-fips-hidden.patch 0000001314 1.28 KB
openssl-fips-rsagen-d-bits.patch 0000001268 1.24 KB
openssl-fips-selftests_in_nonfips_mode.patch 0000002935 2.87 KB
openssl-fips_disallow_ENGINE_loading.patch 0000000674 674 Bytes
openssl-fips_disallow_x931_rand_method.patch 0000000644 644 Bytes
openssl-fipslocking.patch 0000010393 10.1 KB
openssl-fix-pod-syntax.diff 0000006981 6.82 KB
openssl-gcc-attributes.patch 0000002047 2 KB
openssl-missing_FIPS_ec_group_new_by_curve_name.patch 0000000524 524 Bytes
openssl-no-egd.patch 0000000909 909 Bytes
openssl-ocloexec.patch 0000007489 7.31 KB
openssl-pkgconfig.patch 0000001008 1008 Bytes
openssl-print_notice-NULL_crash.patch 0000000578 578 Bytes
openssl-randfile_fread_interrupt.patch 0000000585 585 Bytes
openssl-rsakeygen-minimum-distance.patch 0000002576 2.52 KB
openssl-truststore.patch 0000000880 880 Bytes
openssl-urandom-reseeding.patch 0000003985 3.89 KB
openssl.changes 0000093726 91.5 KB
openssl.keyring 0000009998 9.76 KB
openssl.spec 0000017504 17.1 KB
openssl.test 0000000063 63 Bytes
Latest Revision
Oleksandr Chumachenko's avatar Oleksandr Chumachenko (Ledest) committed (revision 5) 
- Remove O3 from optflags, no need to not rely on distro wide settings
- Remove conditions for sle10 and sle11, we care only about sle12+
- USE SUSE instead of SuSE in readme
- Pass over with spec-cleaner

- fix X509_CERT_FILE path (bsc#1022271) and rename
  updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch

- Updated to openssl 1.0.2k
  - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results
  - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
  - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read
  - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64

- resume reading from /dev/urandom when interrupted by a signal
  (bsc#995075)
  * add openssl-randfile_fread_interrupt.patch

- add FIPS changes from SP2:
- fix problems with locking in FIPS mode (bsc#992120)
  * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428
    and bsc#990207
  * bring back openssl-fipslocking.patch
- drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream)
  (bsc#984323)
- don't check for /etc/system-fips (bsc#982268)
  * add openssl-fips-dont_run_FIPS_module_installed.patch
- refresh openssl-fips-rsagen-d-bits.patch

- update to openssl-1.0.2j
  * Missing CRL sanity check (CVE-2016-7052 bsc#1001148)

- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
  Severity: High
  * OCSP Status Request extension unbounded memory growth
    (CVE-2016-6304) (bsc#999666)
  Severity: Low
  * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
  * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
  * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
  * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
  * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
  * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
  * Birthday attack against 64-bit block ciphers (SWEET32)
    (CVE-2016-2183) (bsc#995359)
  * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
  * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
  * Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
- update to openssl-1.0.2i
  * remove patches:
    openssl-1.0.2a-new-fips-reqs.patch
    openssl-1.0.2e-fips.patch
  * add patches:
    openssl-1.0.2i-fips.patch
    openssl-1.0.2i-new-fips-reqs.patch

- fix crash in print_notice (bsc#998190)
  * add openssl-print_notice-NULL_crash.patch

- OpenSSL Security Advisory [3rd May 2016]
- update to 1.0.2h (boo#977584, boo#977663)
  * Prevent padding oracle in AES-NI CBC MAC check
     A MITM attacker can use a padding oracle attack to decrypt traffic
     when the connection uses an AES CBC cipher and the server support
     AES-NI.
     (CVE-2016-2107, boo#977616)
  * Fix EVP_EncodeUpdate overflow
     An overflow can occur in the EVP_EncodeUpdate() function which is used for
     Base64 encoding of binary data. If an attacker is able to supply very large
     amounts of input data then a length check can overflow resulting in a heap
     corruption.
     (CVE-2016-2105, boo#977614)
  * Fix EVP_EncryptUpdate overflow
     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
     is able to supply very large amounts of input data after a previous call to
     EVP_EncryptUpdate() with a partial block then a length check can overflow
     resulting in a heap corruption.
     (CVE-2016-2106, boo#977615)
  * Prevent ASN.1 BIO excessive memory allocation
     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
     a short invalid encoding can casuse allocation of large amounts of memory
     potentially consuming excessive resources or exhausting memory.
     (CVE-2016-2109, boo#976942)
  * EBCDIC overread
     ASN1 Strings that are over 1024 bytes can cause an overread in applications
     using the X509_NAME_oneline() function on EBCDIC systems. This could result
     in arbitrary stack data being returned in the buffer.
     (CVE-2016-2176, boo#978224)
  * Modify behavior of ALPN to invoke callback after SNI/servername
     callback, such that updates to the SSL_CTX affect ALPN.
  * Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
  * Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.

- Remove a hack for bsc#936563 
- Drop bsc936563_hack.patch

- import fips patches from SLE-12
  * openssl-fips-clearerror.patch
  * openssl-fips-dont-fall-back-to-default-digest.patch
  * openssl-fips-fix-odd-rsakeybits.patch
  * openssl-fips-rsagen-d-bits.patch
  * openssl-fips-selftests_in_nonfips_mode.patch
  * openssl-fips_RSA_compute_d_with_lcm.patch
  * openssl-fips_disallow_ENGINE_loading.patch
  * openssl-fips_disallow_x931_rand_method.patch
  * openssl-rsakeygen-minimum-distance.patch
  * openssl-urandom-reseeding.patch

- add support for "ciphers" providing no encryption (bsc#937085)
  * don't build with -DSSL_FORBID_ENULL
Comments 0
openSUSE Build Service is sponsored by
Places