openssl-1_1/openssl-1.1.0-no-html.patch

Index: openssl-1.1.1f/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.1f.orig/Configurations/unix-Makefile.tmpl	2020-03-31 16:07:11.764502217 +0200
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl	2020-03-31 16:07:45.036664229 +0200
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
 
 uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
 
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
 
 uninstall_docs: uninstall_man_docs uninstall_html_docs
 	$(RM) -r "$(DESTDIR)$(DOCDIR)"
Accepting request 790182 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - refresh openssl-1.1.0-no-html.patch OBS-URL: https://build.opensuse.org/request/show/790182 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=66 2020-03-31 16:27:13 +02:00			`Index: openssl-1.1.1f/Configurations/unix-Makefile.tmpl`
Accepting request 730187 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch OBS-URL: https://build.opensuse.org/request/show/730187 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=43 2019-09-11 17:31:50 +02:00			`===================================================================`
Accepting request 790182 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - refresh openssl-1.1.0-no-html.patch OBS-URL: https://build.opensuse.org/request/show/790182 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=66 2020-03-31 16:27:13 +02:00			`--- openssl-1.1.1f.orig/Configurations/unix-Makefile.tmpl 2020-03-31 16:07:11.764502217 +0200`
			`+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-03-31 16:07:45.036664229 +0200`
Accepting request 730187 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch OBS-URL: https://build.opensuse.org/request/show/730187 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=43 2019-09-11 17:31:50 +02:00			`@@ -544,7 +544,7 @@ install_sw: install_dev install_engines`
- Renamed from openssl-1_1_0 (bsc#1081335) * All the minor versions of the 1.1.x openssl branch have the same sonum and keep ABI compatibility - Remove bit obsolete syntax - Use %license macro - Don't disable afalgeng on aarch64 - Add support for s390x CPACF enhancements (fate#321518) patches taken from https://github.com/openssl/openssl/pull/2859: * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch - Do not filter pkgconfig() provides/requires. - Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a clean upgrade path as an aid to zypp (boo#1070003). - Update to 1.1.0g OpenSSL Security Advisory [02 Nov 2017] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2 2018-02-16 13:13:08 +01:00
			`uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev`

			`-install_docs: install_man_docs install_html_docs`
			`+install_docs: install_man_docs`

			`uninstall_docs: uninstall_man_docs uninstall_html_docs`
Accepting request 790182 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - refresh openssl-1.1.0-no-html.patch OBS-URL: https://build.opensuse.org/request/show/790182 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=66 2020-03-31 16:27:13 +02:00			`$(RM) -r "$(DESTDIR)$(DOCDIR)"`