Accepting request 231108 from Base:System

- Build everything with full RELRO (-Wl,-z,relro,-z,now) - Remove -fstack-protector from the hardcoded build options it is already in RPM_OPT_FLAGS and is replaced by -fstack-protector-strong with gcc 4.9 - Remove the "gmp" and "capi" shared engines, nobody noticed but they are just dummies that do nothing. - Use enable-rfc3779 to allow projects such as rpki.net to work in openSUSE and match the functionality available in Debian/Fedora/etc - openssl-buffreelistbug-aka-CVE-2010-5298.patch fix CVE-2010-5298 and disable the internal BUF_FREELISTS functionality. it hides bugs like heartbleed and is there only for systems on which malloc() free() are slow. - ensure we export MALLOC_CHECK and PERTURB during the test suite, now that the freelist functionality is disabled it will help to catch bugs before they hit users. - openssl-libssl-noweakciphers.patch do not offer "export" or "low" quality ciphers by default. using such ciphers is not forbidden but requires an explicit request - openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does not return memory of "num * old_num" but only "num" size fortunately this function is currently unused. (forwarded request 230868 from elvigia) OBS-URL: https://build.opensuse.org/request/show/231108 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=114
2014-04-26 15:01:45 +00:00
parent 44a951fc87
commit 0bb9b0ad33
5 changed files with 83 additions and 8 deletions
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Sun Apr 20 00:53:34 UTC 2014 - crrodriguez@opensuse.org
+
+- Build everything with full RELRO (-Wl,-z,relro,-z,now)
+- Remove -fstack-protector from the hardcoded build options
+  it is already in RPM_OPT_FLAGS and is replaced by 
+  -fstack-protector-strong with gcc 4.9
+
+-------------------------------------------------------------------
+Sun Apr 20 00:49:25 UTC 2014 - crrodriguez@opensuse.org
+
+- Remove the "gmp" and "capi" shared engines, nobody noticed 
+  but they are just dummies that do nothing. 
+
+-------------------------------------------------------------------
+Sat Apr 19 22:29:10 UTC 2014 - crrodriguez@opensuse.org
+
+- Use enable-rfc3779 to allow projects such as rpki.net 
+  to work in openSUSE and match the functionality
+  available in Debian/Fedora/etc
+
+-------------------------------------------------------------------
+Sat Apr 19 22:22:01 UTC 2014 - crrodriguez@opensuse.org
+
+- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix 
+  CVE-2010-5298 and disable the internal BUF_FREELISTS
+  functionality. it hides bugs like heartbleed and is
+  there only for systems on which malloc() free() are slow.
+
+- ensure we export MALLOC_CHECK and PERTURB during the test
+  suite, now that the freelist functionality is disabled it
+  will help to catch bugs before they hit users.
+
+-------------------------------------------------------------------
+Sat Apr 19 03:45:20 UTC 2014 - crrodriguez@opensuse.org
+
+- openssl-libssl-noweakciphers.patch do not offer "export"
+  or "low" quality ciphers by default. using such ciphers
+  is not forbidden but requires an explicit request
+
+-------------------------------------------------------------------
+Fri Apr 18 14:07:47 UTC 2014 - crrodriguez@opensuse.org
+
+- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does 
+  not return memory of "num * old_num" but only "num" size
+  fortunately this function is currently unused.
+
 -------------------------------------------------------------------
 Fri Apr 11 02:40:34 UTC 2014 - crrodriguez@opensuse.org