rpm/openssl-1_1
SHA256
1
0
Fork 0
forked from pool/openssl-1_1
Code Pull Requests Activity
174 Commits 2 Branches 0 Tags
Commit Graph

4 Commits

Author SHA256 Message Date
Otto Hollmann
d7adac4e7f Accepting request 1144565 from home:ohollmann:branches:security:tls 
- Rename engines directories to the same name like in SLE:
    /etc/ssl/engines1_1.d -> /etc/ssl/engines1.1.d
    /etc/ssl/engdef1_1.d -> /etc/ssl/engdef1.1.d
  * Add migration script to move files (bsc#1219562)
    /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d
    /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch

OBS-URL: https://build.opensuse.org/request/show/1144565
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=156
 2024-02-06 12:52:41 +00:00
Pedro Monreal Gonzalez
11b0eddfc3 Accepting request 1141235 from home:ohollmann:branches:security:tls 
- Because OpenSSL 1.1.1 is no longer default, let's rename engine
  directories to contain version of OpenSSL and let unversioned for
  the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933]
  * /etc/ssl/engines.d ->  /etc/ssl/engines1_1.d
  * /etc/ssl/engdef.d -> /etc/ssl/engdef1_1.d
  * Update patches:
    - openssl-1_1-ossl-sli-002-ran-make-update.patch
    - openssl-1_1-use-include-directive.patch

OBS-URL: https://build.opensuse.org/request/show/1141235
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=154
 2024-01-24 12:36:49 +00:00
Pedro Monreal Gonzalez
8cce2e6a14 Accepting request 960455 from home:pmonrealgonzalez:branches:security:tls 
- Security fix: [bsc#1192820, CVE-2002-20001]
  * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
    remote attackers (from the client side) to send arbitrary
    numbers that are actually not public keys, and trigger
    expensive server-side DHE calculation.
  * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
  * Rebase openssl-DEFAULT_SUSE_cipher.patch

- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
  * In an INI-type file, the sections begin with a [section_name]
    and they run until the next section begins.
  * Rebase openssl-1_1-use-include-directive.patch

OBS-URL: https://build.opensuse.org/request/show/960455
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=107
 2022-03-09 11:25:28 +00:00
Pedro Monreal Gonzalez
c13b2fd4bf Accepting request 936137 from home:markkp:branches:security:tls 
- Added openssl-1_1-use-include-directive.patch so that the default
  /etc/ssl/openssl.cnf file will include any configuration files that
  other packages might place into /etc/ssl/engines.d/ and
  /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was
  being used to modify the openssl.cnf file. The scripting would fail
  if either the default openssl.cnf file, or the sample openssl-ibmca
  configuration file would be changed by upstream.
- Updated spec file to create the two new necessary directores for
  the above patch.

OBS-URL: https://build.opensuse.org/request/show/936137
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=100
 2021-12-14 12:43:58 +00:00