Overview
Request 662509 accepted
- Start versioning the exported symbols:
At least one steam game (Company of Heroes 2) needs this symbol versioned
properly
- modify openssl-1.0.0-version.patch
- Update to 1.0.2q
* Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407, bsc#1113534, "PortSmash")
* Timing vulnerability in DSA signature generation
(CVE-2018-0734, bsc#1113652)
* Use a secure getenv wrapper inside libcrypto
- refreshed patches:
* openssl-fipslocking.patch
* openssl-1.0.2i-fips.patch
- correct the error detection in openssl-CVE-2018-0737-fips.patch
(bsc#1106197)
- Fix One&Done side-channel attack on RSA (bsc#1104789)
* add openssl-One_and_Done.patch
- Update to 1.0.2p
OpenSSL Security Advisory [12 June 2018]
* Reject excessively large primes in DH key generation
(bsc#1097158, CVE-2018-0732)
OpenSSL Security Advisory [16 Apr 2018]
* Cache timing vulnerability in RSA Key Generation
(CVE-2018-0737, bsc#1089039)
* Make EVP_PKEY_asn1_new() a bit stricter about its input
* Revert blinding in ECDSA sign and instead make problematic addition
- Created by vitezslav_cizek
- In state accepted
- Supersedes 662436
Request History
vitezslav_cizek created request
- Start versioning the exported symbols:
At least one steam game (Company of Heroes 2) needs this symbol versioned
properly
- modify openssl-1.0.0-version.patch
- Update to 1.0.2q
* Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407, bsc#1113534, "PortSmash")
* Timing vulnerability in DSA signature generation
(CVE-2018-0734, bsc#1113652)
* Use a secure getenv wrapper inside libcrypto
- refreshed patches:
* openssl-fipslocking.patch
* openssl-1.0.2i-fips.patch
- correct the error detection in openssl-CVE-2018-0737-fips.patch
(bsc#1106197)
- Fix One&Done side-channel attack on RSA (bsc#1104789)
* add openssl-One_and_Done.patch
- Update to 1.0.2p
OpenSSL Security Advisory [12 June 2018]
* Reject excessively large primes in DH key generation
(bsc#1097158, CVE-2018-0732)
OpenSSL Security Advisory [16 Apr 2018]
* Cache timing vulnerability in RSA Key Generation
(CVE-2018-0737, bsc#1089039)
* Make EVP_PKEY_asn1_new() a bit stricter about its input
* Revert blinding in ECDSA sign and instead make problematic addition
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
staging-bot set openSUSE:Factory:Staging:C as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:C"
staging-bot accepted review
Picked openSUSE:Factory:Staging:C
namtrac accepted review
dimstar_suse set openSUSE:Factory:Staging:M as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:M"
dimstar_suse accepted review
Moved to openSUSE:Factory:Staging:M
repo-checker accepted review
cycle and install check passed
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory