pool/openssl
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1129507 from home:ohollmann:branches:security:tls

Browse Source 
- Update to 3.2.0

- Remove a hack for bsc#936563
  bsc936563_hack.patch (bsc#936563)
- Build with no-ssl3, for details on why this is needed read
  require us to patch dependant packages as the relevant
  functions are still available (SSLv3_(client|server)_method)
- openssl.keyring: use Matt Caswells current key.
- openSSL 1.0.1j
- openssl.keyring: the 1.0.1i release was done by
- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should
- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
  it is already in RPM_OPT_FLAGS and is replaced by
- Remove the "gmp" and "capi" shared engines, nobody noticed
  but they are just dummies that do nothing.
- Use enable-rfc3779 to allow projects such as rpki.net
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
- openssl-gcc-attributes.patch
- additional changes required for FIPS validation( from Fedora repo)
- Remove GCC option "-O3" for compiliation issue of ARM version
  Modify files: README-FIPS.txt openssl.spec
  Add file: CVE-2013-6450.patch
- Fixed bnc#856687, openssl: crash when using TLS 1.2
  Add file: CVE-2013-6449.patch
- 0001-libcrypto-Hide-library-private-symbols.patch
  This patch is however not 100% complete, as some private library
  symbols are declared in public headers that shall not be touched
- openssl-1.0.1c-ipv6-apps.patch:
- Fix armv6l arch (armv7 was previously used to build armv6 which

OBS-URL: https://build.opensuse.org/request/show/1129507
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=58
This commit is contained in:
Otto Hollmann 2023-11-28 11:04:46 +00:00 committed by Git OBS Bridge
parent fd17b786f6
commit 156e7a1569
2 changed files with 100 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
openssl.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Nov 23 16:07:51 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to 3.2.0
-------------------------------------------------------------------
Tue Oct 24 14:55:05 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
@ -484,7 +489,7 @@ Tue May 3 14:43:47 UTC 2016 - vcizek@suse.com
-------------------------------------------------------------------
Fri Apr 15 16:55:05 UTC 2016 - dvaleev@suse.com
- Remove a hack for bsc#936563
- Remove a hack for bsc#936563
- Drop bsc936563_hack.patch
-------------------------------------------------------------------
@ -603,7 +608,7 @@ Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com
Thu Jul 2 14:46:36 UTC 2015 - dvaleev@suse.com
- Workaround debugit crash on ppc64le with gcc5
bsc936563_hack.patch (bsc#936563)
bsc936563_hack.patch (bsc#936563)
-------------------------------------------------------------------
Wed Jul 1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com
@ -615,10 +620,10 @@ Wed Jul 1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com
-------------------------------------------------------------------
Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org
- Build with no-ssl3, for details on why this is needed read
- Build with no-ssl3, for details on why this is needed read
rfc7568. Contrary to the "no-ssl2" option, this does not
require us to patch dependant packages as the relevant
functions are still available (SSLv3_(client|server)_method)
require us to patch dependant packages as the relevant
functions are still available (SSLv3_(client|server)_method)
but will fail to negotiate. if removing SSL3 methods is desired
at a later time, option "no-ssl3-method" needs to be used.
@ -738,7 +743,7 @@ Fri Jan 9 10:03:37 UTC 2015 - meissner@suse.com
bsc#912018 CVE-2014-8275: Fix various certificate fingerprint issues.
bsc#912296 CVE-2014-3570: Correct Bignum squaring.
and other bugfixes.
- openssl.keyring: use Matt Caswells current key.
- openssl.keyring: use Matt Caswells current key.
pub 2048R/0E604491 2013-04-30
uid Matt Caswell <frodo@baggins.org>
uid Matt Caswell <matt@openssl.org>
@ -767,7 +772,7 @@ Fri Nov 7 22:09:27 UTC 2014 - brian@aljex.com
-------------------------------------------------------------------
Tue Oct 21 19:58:31 UTC 2014 - crrodriguez@opensuse.org
- openSSL 1.0.1j
- openSSL 1.0.1j
* Fix SRTP Memory Leak (CVE-2014-3513)
* Session Ticket Memory Leak (CVE-2014-3567)
* Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV)
@ -776,7 +781,7 @@ Tue Oct 21 19:58:31 UTC 2014 - crrodriguez@opensuse.org
-------------------------------------------------------------------
Thu Aug 21 15:05:43 UTC 2014 - meissner@suse.com
- openssl.keyring: the 1.0.1i release was done by
- openssl.keyring: the 1.0.1i release was done by
Matt Caswell <matt@openssl.org> UK 0E604491
-------------------------------------------------------------------
@ -930,17 +935,17 @@ Mon May 5 16:25:17 UTC 2014 - crrodriguez@opensuse.org
- 0009-Fix-double-frees.patch, 0017-Double-free-in-i2o_ECPublicKey.patch
fix various double frees (from upstream)
- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should
- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should
return an error inmediately on failure of i2d_ECPrivateKey (from upstream)
- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
From libressl, modified to work on linux systems that do not have
funopen() but fopencookie() instead.
Once upon a time, OS didn't have snprintf, which caused openssl to
bundle a *printf implementation. We know better nowadays, the glibc
implementation has buffer overflow checking, has sane failure modes
deal properly with threads, signals..etc..
- build with -fno-common as well.
-------------------------------------------------------------------
@ -954,26 +959,26 @@ Sun Apr 20 00:53:34 UTC 2014 - crrodriguez@opensuse.org
- Build everything with full RELRO (-Wl,-z,relro,-z,now)
- Remove -fstack-protector from the hardcoded build options
it is already in RPM_OPT_FLAGS and is replaced by
it is already in RPM_OPT_FLAGS and is replaced by
-fstack-protector-strong with gcc 4.9
-------------------------------------------------------------------
Sun Apr 20 00:49:25 UTC 2014 - crrodriguez@opensuse.org
- Remove the "gmp" and "capi" shared engines, nobody noticed
but they are just dummies that do nothing.
- Remove the "gmp" and "capi" shared engines, nobody noticed
but they are just dummies that do nothing.
-------------------------------------------------------------------
Sat Apr 19 22:29:10 UTC 2014 - crrodriguez@opensuse.org
- Use enable-rfc3779 to allow projects such as rpki.net
- Use enable-rfc3779 to allow projects such as rpki.net
to work in openSUSE and match the functionality
available in Debian/Fedora/etc
-------------------------------------------------------------------
Sat Apr 19 22:22:01 UTC 2014 - crrodriguez@opensuse.org
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
CVE-2010-5298 and disable the internal BUF_FREELISTS
functionality. it hides bugs like heartbleed and is
there only for systems on which malloc() free() are slow.
@ -992,14 +997,14 @@ Sat Apr 19 03:45:20 UTC 2014 - crrodriguez@opensuse.org
-------------------------------------------------------------------
Fri Apr 18 14:07:47 UTC 2014 - crrodriguez@opensuse.org
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
not return memory of "num * old_num" but only "num" size
fortunately this function is currently unused.
-------------------------------------------------------------------
Fri Apr 11 02:40:34 UTC 2014 - crrodriguez@opensuse.org
- openssl-gcc-attributes.patch
- openssl-gcc-attributes.patch
* annotate memory allocation wrappers with attribute(alloc_size)
so the compiler can tell us if it knows they are being misused
* OPENSSL_showfatal is annotated with attribute printf to detect
@ -1033,20 +1038,20 @@ Tue Mar 25 08:11:11 UTC 2014 - shchang@suse.com
-------------------------------------------------------------------
Mon Mar 3 06:44:52 UTC 2014 - shchang@suse.com
- additional changes required for FIPS validation( from Fedora repo)
- additional changes required for FIPS validation( from Fedora repo)
Add patch file: openssl-1.0.1e-new-fips-reqs.patch
-------------------------------------------------------------------
Sat Jan 11 08:42:54 UTC 2014 - shchang@suse.com
- Remove GCC option "-O3" for compiliation issue of ARM version
- Remove GCC option "-O3" for compiliation issue of ARM version
Modify: openssl.spec
-------------------------------------------------------------------
Fri Jan 10 14:43:20 UTC 2014 - shchang@suse.com
- Adjust the installation path( libopenssl/hmac into /lib or /lib64)
Modify files: README-FIPS.txt openssl.spec
Modify files: README-FIPS.txt openssl.spec
-------------------------------------------------------------------
Thu Jan 9 23:08:29 UTC 2014 - andreas.stieger@gmx.de
@ -1080,13 +1085,13 @@ Wed Jan 8 10:57:24 UTC 2014 - shchang@suse.com
Thu Jan 2 17:28:41 UTC 2014 - shchang@suse.com
- Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss
Add file: CVE-2013-6450.patch
Add file: CVE-2013-6450.patch
-------------------------------------------------------------------
Sun Dec 22 08:10:55 UTC 2013 - shchang@suse.com
- Fixed bnc#856687, openssl: crash when using TLS 1.2
Add file: CVE-2013-6449.patch
- Fixed bnc#856687, openssl: crash when using TLS 1.2
Add file: CVE-2013-6449.patch
-------------------------------------------------------------------
Tue Dec 17 13:57:40 UTC 2013 - meissner@suse.com
@ -1130,11 +1135,11 @@ Sat Nov 23 08:23:59 UTC 2013 - shchang@suse.com
-------------------------------------------------------------------
Wed Oct 23 02:59:05 UTC 2013 - crrodriguez@opensuse.org
- 0001-libcrypto-Hide-library-private-symbols.patch
- 0001-libcrypto-Hide-library-private-symbols.patch
This patch implements the libcrpto part complimentary to
0005-libssl-Hide-library-private-symbols.patch.
This patch is however not 100% complete, as some private library
symbols are declared in public headers that shall not be touched
This patch is however not 100% complete, as some private library
symbols are declared in public headers that shall not be touched
or are defined/declared in "perlasm". (tested in 13.1, 12.3, factory)
- openSSL defaults to -O3 optimization level but we override
@ -1143,7 +1148,7 @@ Wed Oct 23 02:59:05 UTC 2013 - crrodriguez@opensuse.org
-------------------------------------------------------------------
Fri Oct 11 12:24:14 UTC 2013 - meissner@suse.com
- openssl-1.0.1c-ipv6-apps.patch:
- openssl-1.0.1c-ipv6-apps.patch:
Support ipv6 in the openssl s_client / s_server commandline app.
-------------------------------------------------------------------
@ -1155,7 +1160,7 @@ Fri Sep 27 10:26:43 UTC 2013 - dmacvicar@suse.de
-------------------------------------------------------------------
Wed Sep 4 18:56:38 UTC 2013 - guillaume@opensuse.org
- Fix armv6l arch (armv7 was previously used to build armv6 which
- Fix armv6l arch (armv7 was previously used to build armv6 which
lead to illegal instruction when used)
-------------------------------------------------------------------
@ -1167,7 +1172,7 @@ Mon Aug 12 06:05:03 UTC 2013 - shchang@suse.com
-------------------------------------------------------------------
Fri Aug 9 23:24:14 UTC 2013 - crrodriguez@opensuse.org
- Via padlock is only found in x86 and x86_64 CPUs, remove
- Via padlock is only found in x86 and x86_64 CPUs, remove
the shared module for other archs.
-------------------------------------------------------------------
@ -1179,15 +1184,15 @@ Wed Aug 7 18:30:45 UTC 2013 - crrodriguez@opensuse.org
* libgmp.so --> may help to doing some maths using GMP
* libgost.so --> implements the GOST block cipher
* libpadlock.so --> VIA padlock support
- Al other are removed because they require third party propietary
- Al other are removed because they require third party propietary
shared libraries nowhere to be found or that we can test.
-------------------------------------------------------------------
Wed Aug 7 18:30:23 UTC 2013 - crrodriguez@opensuse.org
- openssl-pkgconfig.patch: Here we go.. For applications
to benefit fully of features provided by openSSL engines
(rdrand, aes-ni..etc) either builtin or in DSO form applications
- openssl-pkgconfig.patch: Here we go.. For applications
to benefit fully of features provided by openSSL engines
(rdrand, aes-ni..etc) either builtin or in DSO form applications
have to call ENGINE_load_builtin_engines() or OPENSSL_config()
unfortunately from a total of 68 apps/libraries linked to libcrypto
in a desktop system, only 4 do so, and there is a sea of buggy
@ -1202,13 +1207,13 @@ not using pkgconfig or using it incorrectly, but it is a good start.
Wed Aug 7 09:33:55 UTC 2013 - dmueller@suse.com
- add openssl-1.0.1c-default-paths.patch:
Fix from Fedora for openssl s_client not setting
Fix from Fedora for openssl s_client not setting
CApath by default
-------------------------------------------------------------------
Sat Aug 3 21:15:07 UTC 2013 - crrodriguez@opensuse.org
- 0005-libssl-Hide-library-private-symbols.patch: hide
- 0005-libssl-Hide-library-private-symbols.patch: hide
private symbols, this *only* applies to libssl where
it is straightforward to do so as applications should
not be using any of the symbols declared/defined in headers
@ -1243,7 +1248,7 @@ Sat Jun 29 22:47:54 UTC 2013 - crrodriguez@opensuse.org
security as the new implementations are secure against timing
attacks)"
It is not enabled by default due to the build system being unable
to detect if the compiler supports __uint128_t.
to detect if the compiler supports __uint128_t.
-------------------------------------------------------------------
Thu Jun 20 07:58:33 UTC 2013 - coolo@suse.com
@ -1271,7 +1276,7 @@ Tue Feb 12 00:08:06 UTC 2013 - hrvoje.senjan@gmail.com
-------------------------------------------------------------------
Sun Feb 10 20:33:51 UTC 2013 - hrvoje.senjan@gmail.com
- Added openssl-1.0.1d-s3-packet.patch from upstream, fixes
- Added openssl-1.0.1d-s3-packet.patch from upstream, fixes
bnc#803004, openssl ticket#2975
-------------------------------------------------------------------
@ -1296,7 +1301,7 @@ Sun Aug 19 23:38:32 UTC 2012 - crrodriguez@opensuse.org
- Open Internal file descriptors with O_CLOEXEC, leaving
those open across fork()..execve() makes a perfect
vector for a side-channel attack...
vector for a side-channel attack...
-------------------------------------------------------------------
Tue Aug 7 17:17:34 UTC 2012 - dmueller@suse.com
@ -1358,7 +1363,7 @@ Tue Mar 20 14:29:24 UTC 2012 - cfarrell@suse.com
-------------------------------------------------------------------
Fri Feb 24 02:33:22 UTC 2012 - gjhe@suse.com
- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
asn1 parser.
CVE-2006-7250
@ -1376,22 +1381,22 @@ Wed Jan 11 05:35:18 UTC 2012 - gjhe@suse.com
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
-------------------------------------------------------------------
Tue Oct 18 16:43:50 UTC 2011 - crrodriguez@opensuse.org
- AES-NI: Check the return value of Engine_add()
if the ENGINE_add() call fails: it ends up adding a reference
to a freed up ENGINE which is likely to subsequently contain garbage
- AES-NI: Check the return value of Engine_add()
if the ENGINE_add() call fails: it ends up adding a reference
to a freed up ENGINE which is likely to subsequently contain garbage
This will happen if an ENGINE with the same name is added multiple
times,for example different libraries. [bnc#720601]
-------------------------------------------------------------------
Sat Oct 8 21:36:58 UTC 2011 - crrodriguez@opensuse.org
- Build with -DSSL_FORBID_ENULL so servers are not
able to use the NULL encryption ciphers (Those offering no
- Build with -DSSL_FORBID_ENULL so servers are not
able to use the NULL encryption ciphers (Those offering no
encryption whatsoever).
-------------------------------------------------------------------
@ -1405,12 +1410,12 @@ Sat Aug 6 00:33:47 UTC 2011 - crrodriguez@opensuse.org
- Add upstream patch that calls ENGINE_register_all_complete()
in ENGINE_load_builtin_engines() saving us from adding dozens
of calls to such function to calling applications.
of calls to such function to calling applications.
-------------------------------------------------------------------
Fri Aug 5 19:09:42 UTC 2011 - crrodriguez@opensuse.org
- remove -fno-strict-aliasing from CFLAGS no longer needed
- remove -fno-strict-aliasing from CFLAGS no longer needed
and is likely to slow down stuff.
-------------------------------------------------------------------
@ -1439,7 +1444,7 @@ Tue May 31 07:07:49 UTC 2011 - gjhe@novell.com
-------------------------------------------------------------------
Mon May 16 14:38:26 UTC 2011 - andrea@opensuse.org
- added openssl as dependency in the devel package
- added openssl as dependency in the devel package
-------------------------------------------------------------------
Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com
@ -1451,7 +1456,7 @@ Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com
Sat Jan 15 19:58:51 UTC 2011 - cristian.rodriguez@opensuse.org
- Add patch from upstream in order to support AES-NI instruction
set present on current Intel and AMD processors
set present on current Intel and AMD processors
-------------------------------------------------------------------
Mon Jan 10 11:45:27 CET 2011 - meissner@suse.de
@ -1478,13 +1483,13 @@ Thu Nov 18 07:53:12 UTC 2010 - gjhe@novell.com
Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com
- fix bug [bnc#629905]
CVE-2010-2939
CVE-2010-2939
-------------------------------------------------------------------
Wed Jul 28 20:55:18 UTC 2010 - cristian.rodriguez@opensuse.org
- Exclude static libraries, see what breaks and fix that
instead
instead
-------------------------------------------------------------------
Wed Jun 30 08:47:39 UTC 2010 - jengelh@medozas.de
@ -1501,13 +1506,13 @@ Fri Jun 4 07:11:28 UTC 2010 - gjhe@novell.com
- fix bnc #610642
CVE-2010-0742
CVE-2010-1633
CVE-2010-1633
-------------------------------------------------------------------
Mon May 31 03:06:39 UTC 2010 - gjhe@novell.com
- fix bnc #610223,change Configure to tell openssl to load engines
from /%{_lib} instead of %{_libdir}
from /%{_lib} instead of %{_libdir}
-------------------------------------------------------------------
Mon May 10 16:11:54 UTC 2010 - aj@suse.de
@ -1518,13 +1523,13 @@ Mon May 10 16:11:54 UTC 2010 - aj@suse.de
-------------------------------------------------------------------
Tue May 4 02:55:52 UTC 2010 - gjhe@novell.com
- build libopenssl to /%{_lib} dir,and keep only one
- build libopenssl to /%{_lib} dir,and keep only one
libopenssl-devel for new developping programs.
-------------------------------------------------------------------
Tue Apr 27 05:44:32 UTC 2010 - gjhe@novell.com
- build libopenssl and libopenssl-devel to a version directory
- build libopenssl and libopenssl-devel to a version directory
-------------------------------------------------------------------
Sat Apr 24 09:46:37 UTC 2010 - coolo@novell.com
@ -1549,7 +1554,7 @@ Mon Apr 12 16:12:08 CEST 2010 - meissner@suse.de
-------------------------------------------------------------------
Mon Apr 12 04:57:17 UTC 2010 - gjhe@novell.com
- update to 1.0.0
- update to 1.0.0
Merge the following patches from 0.9.8k:
openssl-0.9.6g-alpha.diff
openssl-0.9.7f-ppc64.diff
@ -1567,19 +1572,19 @@ Fri Apr 9 11:42:51 CEST 2010 - meissner@suse.de
-------------------------------------------------------------------
Wed Apr 7 14:08:05 CEST 2010 - meissner@suse.de
- Openssl is now partially converted to libdir usage upstream,
- Openssl is now partially converted to libdir usage upstream,
merge that in to fix lib64 builds.
-------------------------------------------------------------------
Thu Mar 25 02:18:22 UTC 2010 - gjhe@novell.com
- fix security bug [bnc#590833]
- fix security bug [bnc#590833]
CVE-2010-0740
-------------------------------------------------------------------
Mon Mar 22 06:29:14 UTC 2010 - gjhe@novell.com
- update to version 0.9.8m
- update to version 0.9.8m
Merge the following patches from 0.9.8k:
bswap.diff
non-exec-stack.diff
@ -1609,7 +1614,7 @@ Tue Nov 3 19:09:35 UTC 2009 - coolo@novell.com
-------------------------------------------------------------------
Tue Sep 1 10:21:16 CEST 2009 - gjhe@novell.com
- fix Bug [bnc#526319]
- fix Bug [bnc#526319]
-------------------------------------------------------------------
Wed Aug 26 11:24:16 CEST 2009 - coolo@novell.com
@ -1619,14 +1624,14 @@ Wed Aug 26 11:24:16 CEST 2009 - coolo@novell.com
-------------------------------------------------------------------
Fri Jul 3 11:53:48 CEST 2009 - gjhe@novell.com
- update to version 0.9.8k
- update to version 0.9.8k
- patches merged upstream:
openssl-CVE-2008-5077.patch
openssl-CVE-2009-0590.patch
openssl-CVE-2009-0590.patch
openssl-CVE-2009-0591.patch
openssl-CVE-2009-0789.patch
openssl-CVE-2009-0789.patch
openssl-CVE-2009-1377.patch
openssl-CVE-2009-1378.patch
openssl-CVE-2009-1378.patch
openssl-CVE-2009-1379.patch
openssl-CVE-2009-1386.patch
openssl-CVE-2009-1387.patch
@ -1678,18 +1683,18 @@ Mon Dec 8 12:12:14 CET 2008 - xwhu@suse.de
-------------------------------------------------------------------
Mon Nov 10 10:22:04 CET 2008 - xwhu@suse.de
- Disable optimization of ripemd [bnc#442740]
- Disable optimization of ripemd [bnc#442740]
-------------------------------------------------------------------
Tue Oct 14 09:08:47 CEST 2008 - xwhu@suse.de
- Passing string as struct cause openssl segment-fault [bnc#430141]
- Passing string as struct cause openssl segment-fault [bnc#430141]
-------------------------------------------------------------------
Wed Jul 16 12:02:37 CEST 2008 - mkoenig@suse.de
- do not require openssl-certs, but rather recommend it
to avoid dependency cycle [bnc#408865]
to avoid dependency cycle [bnc#408865]
-------------------------------------------------------------------
Wed Jul 9 12:53:27 CEST 2008 - mkoenig@suse.de
@ -1713,8 +1718,8 @@ Tue Jun 24 09:09:04 CEST 2008 - mkoenig@suse.de
Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
[bnc#394317]
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
[bnc#394317]
-------------------------------------------------------------------
Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de
@ -1724,7 +1729,7 @@ Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de
-------------------------------------------------------------------
Tue Apr 22 14:39:35 CEST 2008 - mkoenig@suse.de
- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]
- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
@ -1735,7 +1740,7 @@ Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
-------------------------------------------------------------------
Mon Nov 5 14:27:06 CET 2007 - mkoenig@suse.de
- fix Diffie-Hellman failure with certain prime lengths
- fix Diffie-Hellman failure with certain prime lengths
-------------------------------------------------------------------
Mon Oct 22 15:00:21 CEST 2007 - mkoenig@suse.de
@ -1759,7 +1764,7 @@ Mon Oct 15 11:17:14 CEST 2007 - mkoenig@suse.de
-------------------------------------------------------------------
Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de
- fix buffer overflow CVE-2007-5135 [#329208]
- fix buffer overflow CVE-2007-5135 [#329208]
-------------------------------------------------------------------
Wed Sep 5 11:39:26 CEST 2007 - mkoenig@suse.de
@ -1774,7 +1779,7 @@ Fri Aug 3 14:17:27 CEST 2007 - coolo@suse.de
-------------------------------------------------------------------
Wed Aug 1 18:01:45 CEST 2007 - werner@suse.de
- Add patch from CVS for RSA key reconstruction vulnerability
- Add patch from CVS for RSA key reconstruction vulnerability
(CVE-2007-3108, VU#724968, bug #296511)
-------------------------------------------------------------------
@ -1782,7 +1787,7 @@ Thu May 24 16:18:50 CEST 2007 - mkoenig@suse.de
- fix build with gcc-4.2
openssl-gcc42.patch
- do not install example scripts with executable permissions
- do not install example scripts with executable permissions
-------------------------------------------------------------------
Mon Apr 30 01:32:44 CEST 2007 - ro@suse.de
@ -1800,12 +1805,12 @@ Fri Apr 27 15:25:13 CEST 2007 - mkoenig@suse.de
Wed Apr 25 12:32:44 CEST 2007 - mkoenig@suse.de
- Split/rename package to follow library packaging policy [#260219]
New package libopenssl0.9.8 containing shared libs
New package libopenssl0.9.8 containing shared libs
openssl-devel package renamed to libopenssl-devel
New package openssl-certs containing certificates
New package openssl-certs containing certificates
- add zlib-devel to Requires of devel package
- remove old Obsoletes and Conflicts
openssls (Last used Nov 2000)
openssls (Last used Nov 2000)
ssleay (Last used 6.2)
-------------------------------------------------------------------
@ -1853,7 +1858,7 @@ Fri Sep 29 18:37:01 CEST 2006 - poeml@suse.de
cause a denial of service. (CVE-2006-2940)
*) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937)
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738)
*) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
@ -1984,12 +1989,12 @@ Wed Jan 25 21:30:41 CET 2006 - mls@suse.de
Mon Jan 16 13:13:13 CET 2006 - mc@suse.de
- fix build problems on s390x (openssl-s390-config.diff)
- build with -fstack-protector
- build with -fstack-protector
-------------------------------------------------------------------
Mon Nov 7 16:30:49 CET 2005 - dmueller@suse.de
- build with non-executable stack
- build with non-executable stack
-------------------------------------------------------------------
Thu Oct 20 17:37:47 CEST 2005 - poeml@suse.de
@ -2129,7 +2134,7 @@ Tue Jun 15 16:18:36 CEST 2004 - poeml@suse.de
- patch from CVS: make stack API more robust (return NULL for
out-of-range indexes). Fixes another possible segfault during
engine detection (could also triggered by stunnel)
- add patch from Michal Ludvig for VIA PadLock support
- add patch from Michal Ludvig for VIA PadLock support
-------------------------------------------------------------------
Wed Jun 2 20:44:40 CEST 2004 - poeml@suse.de
@ -2152,7 +2157,7 @@ Thu Mar 18 13:47:09 CET 2004 - poeml@suse.de
- update to 0.9.7d
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
(CAN-2004-0112)
o Security: Fix null-pointer assignment in do_change_cipher_spec()
o Security: Fix null-pointer assignment in do_change_cipher_spec()
(CAN-2004-0079)
o Allow multiple active certificates with same subject in CA index
o Multiple X590 verification fixes
@ -2197,7 +2202,7 @@ Wed Feb 25 20:42:39 CET 2004 - poeml@suse.de
Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
of files as .eml work). Correctly handle very long lines in MIME
parser.
- update ICA patch
- update ICA patch
quote: This version of the engine patch has updated error handling in
the DES/SHA code, and turns RSA blinding off for hardware
accelerated RSA ops.
@ -2255,7 +2260,7 @@ Thu Jul 10 23:14:22 CEST 2003 - poeml@suse.de
-------------------------------------------------------------------
Mon May 12 23:27:07 CEST 2003 - poeml@suse.de
- package the openssl.pc file for pkgconfig
- package the openssl.pc file for pkgconfig
-------------------------------------------------------------------
Wed Apr 16 16:04:32 CEST 2003 - poeml@suse.de
@ -2353,7 +2358,7 @@ Thu Oct 24 12:57:36 CEST 2002 - poeml@suse.de
-------------------------------------------------------------------
Mon Sep 30 16:07:49 CEST 2002 - bg@suse.de
- enable hppa distribution; use only pa1.1 architecture.
- enable hppa distribution; use only pa1.1 architecture.
-------------------------------------------------------------------
Tue Sep 17 17:13:46 CEST 2002 - froh@suse.de
@ -2394,7 +2399,7 @@ Thu Aug 1 00:53:33 CEST 2002 - poeml@suse.de
- gcc 3.1 version detection is fixed, we can drop the patch
- move the most used man pages from the -doc to the main package
[#9913] and resolve man page conflicts by putting them into ssl
sections [#17239]
sections [#17239]
- spec file: use PreReq for %post script
-------------------------------------------------------------------
@ -2443,14 +2448,14 @@ Thu Apr 18 16:30:01 CEST 2002 - meissner@suse.de
Wed Apr 17 16:56:34 CEST 2002 - ro@suse.de
- fixed gcc version determination
- drop sun4c support/always use sparcv8
- drop sun4c support/always use sparcv8
- ignore return code from showciphers
-------------------------------------------------------------------
Fri Mar 15 16:54:44 CET 2002 - poeml@suse.de
- add settings for sparc to build shared objects. Note that all
sparcs (sun4[mdu]) are recognized as linux-sparcv7
sparcs (sun4[mdu]) are recognized as linux-sparcv7
-------------------------------------------------------------------
Wed Feb 6 14:23:44 CET 2002 - kukuk@suse.de
@ -2473,7 +2478,7 @@ Tue Jan 29 12:42:58 CET 2002 - poeml@suse.de
- add IBMCA patch for IBM eServer Cryptographic Accelerator Device
Driver (#12565) (forward ported from 0.9.6b)
(http://www-124.ibm.com/developerworks/projects/libica/)
- tell Configure how to build shared libs for s390 and s390x
- tell Configure how to build shared libs for s390 and s390x
- tweak Makefile.org to use %_libdir
- clean up spec file
- add README.SuSE as source file instead of in a patch
@ -2487,7 +2492,7 @@ Wed Dec 5 10:59:59 CET 2001 - uli@suse.de
-------------------------------------------------------------------
Wed Dec 5 02:39:16 CET 2001 - ro@suse.de
- removed subpackage src
- removed subpackage src
-------------------------------------------------------------------
Wed Nov 28 13:28:42 CET 2001 - uli@suse.de
@ -2509,7 +2514,7 @@ Fri Aug 31 11:19:46 CEST 2001 - rolf@suse.de
Wed Jul 18 10:27:54 CEST 2001 - rolf@suse.de
- update to 0.9.6b
- switch to engine version of openssl, which supports hardware
- switch to engine version of openssl, which supports hardware
encryption for a few popular devices
- check wether shared libraries have been generated
@ -2532,7 +2537,7 @@ Mon May 7 21:02:30 CEST 2001 - kukuk@suse.de
Mon May 7 11:36:53 MEST 2001 - rolf@suse.de
- Fix ppc and s390 shared library builds
- resolved conflict in manpage naming:
- resolved conflict in manpage naming:
rand.3 is now sslrand.3 [BUG#7643]
-------------------------------------------------------------------
@ -2565,7 +2570,7 @@ Wed Mar 21 10:12:59 MET 2001 - rolf@suse.de
-------------------------------------------------------------------
Fri Dec 15 18:09:16 CET 2000 - sf@suse.de
- changed CFLAG to -O1 to make the tests run successfully
- changed CFLAG to -O1 to make the tests run successfully
-------------------------------------------------------------------
Mon Dec 11 13:33:55 CET 2000 - rolf@suse.de

2
openssl.spec
View File

@ -18,7 +18,7 @@
%define _sonum 3
Name: openssl
Version: 3.1.4
Version: 3.2.0
Release: 0
Summary: Secure Sockets and Transport Layer Security
# Yes there is no license but to not confuse people keep it aligned to the pkg