Otto Hollmann
933d4f991f
Accepting request 1094354 from security:tls:unstable
...
- Improve cross-package provides/conflicts [boo#1210313]
* Add Conflicts: openssl(cli) for mutual exclusion between
openssl, openssl-1_0_0 and libressl.
OBS-URL: https://build.opensuse.org/request/show/1094354
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=50
2023-06-21 13:12:38 +00:00
Otto Hollmann
33e78aed93
Accepting request 1089849 from home:ohollmann:branches:security:tls
...
- Update to 3.1.1
OBS-URL: https://build.opensuse.org/request/show/1089849
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=48
2023-05-30 16:00:41 +00:00
Otto Hollmann
0d4475652c
Accepting request 1071823 from home:ohollmann:branches:security:tls
...
- Update to 3.1.0
OBS-URL: https://build.opensuse.org/request/show/1071823
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=47
2023-03-14 16:01:53 +00:00
Martin Pluskal
dda6eff298
Accepting request 1063661 from home:ohollmann:branches:security:tls
...
- Update to 3.0.8
OBS-URL: https://build.opensuse.org/request/show/1063661
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=46
2023-02-08 08:07:35 +00:00
42b4266fec
Accepting request 1062221 from security:tls:unstable
...
- Update to 3.0.7
- Update to 3.0.6
- Update to 3.0.5
- Update to 3.0.4
- Update to 3.0.3
- Update to 3.0.2
- Update to 3.0.1
- Update to 3.0.0
- Update to 3.0.0 Beta 2
- Update to 3.0.0 Beta 1
- Update to 3.0.0 Alpha 17
- Update to 3.0.0 Alpha 16
- Update to 3.0.0 Alpha 15
- Update to 3.0.0 Alpha 14
- Update to 3.0.0 Alpha 13
- Update to 3.0.0 Alpha 12
- Update to 3.0.0 Alpha 11
- Update to 3.0.0 Alpha 10
- Update to 3.0.0 Alpha 9
OBS-URL: https://build.opensuse.org/request/show/1062221
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=45
2023-01-31 12:14:59 +00:00
941923fd38
Accepting request 1032888 from home:ohollmann:branches:security:tls
...
- updated to 1.1.s release
OBS-URL: https://build.opensuse.org/request/show/1032888
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=44
2022-11-02 13:56:42 +00:00
98ac383496
Accepting request 987342 from home:msmeissn:branches:security:tls
...
- updated to 1.1.q release
OBS-URL: https://build.opensuse.org/request/show/987342
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=43
2022-07-07 07:35:38 +00:00
59b58b2546
Accepting request 985241 from home:msmeissn:branches:security:tls
...
- Update to 1.1.1p release
OBS-URL: https://build.opensuse.org/request/show/985241
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=42
2022-06-27 07:48:29 +00:00
21dec5ccdf
Accepting request 981125 from home:msmeissn:branches:security:tls
...
- Update to 1.1.1o release
OBS-URL: https://build.opensuse.org/request/show/981125
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=41
2022-06-07 12:01:44 +00:00
c70cc7d040
Accepting request 975096 from home:jengelh:branches:security:tls
...
- Use same %description as openssl-3 (describe the software, not the project).
OBS-URL: https://build.opensuse.org/request/show/975096
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=40
2022-05-09 10:35:25 +00:00
0313fcccb9
Accepting request 961991 from home:pmonrealgonzalez:branches:security:tls
...
- Update to 1.1.1n release
OBS-URL: https://build.opensuse.org/request/show/961991
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=39
2022-03-15 18:24:42 +00:00
700aeb30e6
Accepting request 942953 from home:pmonrealgonzalez:branches:security:tls
...
- Update to 1.1.1m release
OBS-URL: https://build.opensuse.org/request/show/942953
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=38
2022-01-03 08:42:05 +00:00
ae4363981e
Accepting request 914576 from home:pmonrealgonzalez:branches:security:tls
...
- Update to 1.1.1l release
OBS-URL: https://build.opensuse.org/request/show/914576
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=37
2021-08-27 11:05:13 +00:00
61375c96e5
Accepting request 897175 from home:dimstar:Factory
...
Do not provide ssl - it's the symbol used to conflict the various ssl implementations; fixup history, as this package could never exist like this
OBS-URL: https://build.opensuse.org/request/show/897175
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=36
2021-06-03 11:06:47 +00:00
03ad9b5de8
Accepting request 896339 from home:dimstar:Factory
...
- Provide openssl(cli) and ssl by the meta package: Together with
the suggests openssl in the base patterns, any consumer of these
symbols should get the openssl meta package as candidate, which
allows us to easier change the recommended default version.
OBS-URL: https://build.opensuse.org/request/show/896339
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=35
2021-05-31 11:13:16 +00:00
8c69be8980
Accepting request 881425 from home:jsikes:branches:security:tls
...
Version update
OBS-URL: https://build.opensuse.org/request/show/881425
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=34
2021-03-30 08:17:53 +00:00
afb8eed7f6
Accepting request 873680 from home:pmonrealgonzalez:branches:security:tls
...
- Update to 1.1.1j release
OBS-URL: https://build.opensuse.org/request/show/873680
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=33
2021-02-22 12:20:11 +00:00
de3e0f894d
Accepting request 854069 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1i release
OBS-URL: https://build.opensuse.org/request/show/854069
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=32
2020-12-14 11:22:10 +00:00
ced74d8631
Accepting request 836173 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1h release
OBS-URL: https://build.opensuse.org/request/show/836173
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=31
2020-09-23 06:41:04 +00:00
Martin Pluskal
76a7de0b98
Accepting request 796076 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1g release
OBS-URL: https://build.opensuse.org/request/show/796076
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=30
2020-04-21 15:13:11 +00:00
90ef91ed19
Accepting request 790181 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1f release
OBS-URL: https://build.opensuse.org/request/show/790181
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=29
2020-03-31 14:27:25 +00:00
Vítězslav Čížek
9956f6eae8
Accepting request 787238 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1e release
OBS-URL: https://build.opensuse.org/request/show/787238
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=28
2020-03-22 11:19:18 +00:00
Tomáš Chvátal
5605777932
Accepting request 753234 from home:dimstar:Factory
...
Fix build in Staging:N with RPM 4.15
OBS-URL: https://build.opensuse.org/request/show/753234
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=27
2019-12-03 13:04:43 +00:00
101b1f684e
Accepting request 730186 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1d release
OBS-URL: https://build.opensuse.org/request/show/730186
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=26
2019-09-11 15:32:19 +00:00
Tomáš Chvátal
a4b427864c
Accepting request 706514 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1c release
OBS-URL: https://build.opensuse.org/request/show/706514
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=25
2019-05-30 13:21:00 +00:00
Tomáš Chvátal
010eeaff31
Accepting request 680155 from home:pmonrealgonzalez:branches:security:tls
...
- Update to 1.1.1b release
OBS-URL: https://build.opensuse.org/request/show/680155
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=24
2019-02-28 15:36:08 +00:00
Tomáš Chvátal
f89f52bf78
Accepting request 650514 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1a release
OBS-URL: https://build.opensuse.org/request/show/650514
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=23
2018-11-20 14:58:06 +00:00
Vítězslav Čížek
ed50f7c230
Accepting request 635008 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1 release
OBS-URL: https://build.opensuse.org/request/show/635008
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=22
2018-09-11 15:12:30 +00:00
Vítězslav Čížek
4455ff4fb3
Accepting request 631305 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.1~pre9 (Beta 7)
OBS-URL: https://build.opensuse.org/request/show/631305
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=21
2018-08-24 10:39:43 +00:00
Tomáš Chvátal
dcffbd897d
Accepting request 629238 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.0i release
OBS-URL: https://build.opensuse.org/request/show/629238
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=20
2018-08-14 16:24:37 +00:00
Tomáš Chvátal
1ab3b9a360
Accepting request 591685 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.0h release
OBS-URL: https://build.opensuse.org/request/show/591685
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=19
2018-03-27 15:19:47 +00:00
Vítězslav Čížek
357c68ceaa
Accepting request 578317 from home:vitezslav_cizek:branches:security:tls
...
- update baselibs.conf
OBS-URL: https://build.opensuse.org/request/show/578317
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=18
2018-02-20 11:18:04 +00:00
Vítězslav Čížek
450bc8968e
Accepting request 577235 from home:vitezslav_cizek:branches:security:tls
...
- change the sonum to 1.1, as all the minor versions keep ABI
compatibility (bsc#1081335)
OBS-URL: https://build.opensuse.org/request/show/577235
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=17
2018-02-16 12:13:39 +00:00
Vítězslav Čížek
3e27fb1ef2
Accepting request 539342 from home:vitezslav_cizek:branches:security:tls
...
- Update to 1.1.0g release
OBS-URL: https://build.opensuse.org/request/show/539342
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=16
2017-11-06 15:49:22 +00:00
Tomáš Chvátal
3a7d8fec85
Accepting request 538520 from home:vitezslav_cizek:branches:security:tls
...
- Revert version back to 1.0.2m to get security fixes quickly to
Tumbleweed
* OpenSSL Security Advisory [02 Nov 2017] (bsc#1066242,bsc#1056058)
OBS-URL: https://build.opensuse.org/request/show/538520
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=15
2017-11-03 12:35:59 +00:00
Tomáš Chvátal
fdaa161c0b
- Switch to 1.1.0f release as default again
...
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=14
2017-07-31 11:16:13 +00:00
Tomáš Chvátal
b52242687e
Accepting request 509430 from home:vitezslav_cizek:branches:security:tls
...
- Obsolete openssl-debuginfo
* the package doesn't exist any more, has been replaced by
openssl-{so_version}-debuginfo (bsc#1040172)
OBS-URL: https://build.opensuse.org/request/show/509430
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=13
2017-07-11 12:03:16 +00:00
Tomáš Chvátal
d6bd27301a
- Revert back to 1.0.2l for now so we get new fixes of 1.0 openssl
...
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=12
2017-06-26 09:13:37 +00:00
Tomáš Chvátal
1329b4c8df
- Revert back to 1.0.0l for now so we get new fixes of 1.0 openssl
...
to tumbleweed
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=10
2017-06-23 15:24:24 +00:00
Tomáš Chvátal
2ce6cf08f7
- Update to 1.1.0f release
...
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=9
2017-05-29 10:17:01 +00:00
Tomáš Chvátal
1c3f141485
- Switch default to openssl-1.1.0
...
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl?expand=0&rev=8
2017-05-24 08:06:09 +00:00
Dominique Leuenberger
9d1003ce7d
Accepting request 492985 from security:tls
...
- Provide pkgconfig(openssl)
- Provide basic baselibs.conf for 32bit subpackages
- Specify this package as noarch (as we just provide README files)
- Fix typo in openssl requires
- Add dependency on the branched devel package
- Provide all pkgconfig symbols to hide them in versioned subpkgs
- This allows us to propagate only the preffered version of openssl
while allowing us to add extra openssl only as additional dependency
- Remove the ssl provides as it is applicable for only those that
really provide it
- Prepare to split to various subpackages converting main one to
dummy package
- Reduce to only provide main pkg and devel and depend on proper
soversioned package
- Version in this package needs to be synced with the one provided
by the split package
- Remove all the patches, now in the proper versioned namespace:
* merge_from_0.9.8k.patch
* openssl-1.0.0-c_rehash-compat.diff
* bug610223.patch
* openssl-ocloexec.patch
* openssl-1.0.2a-padlock64.patch
* openssl-fix-pod-syntax.diff
* openssl-truststore.patch
* compression_methods_switch.patch
* 0005-libssl-Hide-library-private-symbols.patch
OBS-URL: https://build.opensuse.org/request/show/492985
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=138
2017-05-18 18:46:33 +00:00
Yuchen Lin
491c541700
Accepting request 485219 from Base:System
...
- Remove O3 from optflags, no need to not rely on distro wide settings
- Remove conditions for sle10 and sle11, we care only about sle12+
- USE SUSE instead of SuSE in readme
- Pass over with spec-cleaner (forwarded request 485192 from scarabeus_iv)
OBS-URL: https://build.opensuse.org/request/show/485219
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=137
2017-04-11 07:29:32 +00:00
Dominique Leuenberger
de4d1be4ab
Accepting request 454260 from Base:System
...
- fix X509_CERT_FILE path (bsc#1022271) and rename
updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch (forwarded request 454258 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/454260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=136
2017-02-07 10:57:29 +00:00
Dominique Leuenberger
f7574150c5
Accepting request 452919 from Base:System
...
- Updated to openssl 1.0.2k
- bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results
- bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
- bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read
- bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64
OBS-URL: https://build.opensuse.org/request/show/452919
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=135
2017-01-31 11:37:40 +00:00
Dominique Leuenberger
021091d55f
Accepting request 433063 from Base:System
...
- resume reading from /dev/urandom when interrupted by a signal
(bsc#995075)
* add openssl-randfile_fread_interrupt.patch
- add FIPS changes from SP2:
- fix problems with locking in FIPS mode (bsc#992120)
* duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428
and bsc#990207
* bring back openssl-fipslocking.patch
- drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream)
(bsc#984323)
- don't check for /etc/system-fips (bsc#982268)
* add openssl-fips-dont_run_FIPS_module_installed.patch
- refresh openssl-fips-rsagen-d-bits.patch (forwarded request 431508 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/433063
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=134
2016-10-10 14:17:30 +00:00
Dominique Leuenberger
6a01eea162
Accepting request 430498 from Base:System
...
- update to openssl-1.0.2j
* Missing CRL sanity check (CVE-2016-7052 bsc#1001148)
- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
Severity: High
* OCSP Status Request extension unbounded memory growth
(CVE-2016-6304) (bsc#999666)
Severity: Low
* Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
* Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
* DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
* DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
* OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
* Birthday attack against 64-bit block ciphers (SWEET32)
(CVE-2016-2183) (bsc#995359)
* Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
* OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
* Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
- update to openssl-1.0.2i
* remove patches:
openssl-1.0.2a-new-fips-reqs.patch
openssl-1.0.2e-fips.patch
* add patches:
openssl-1.0.2i-fips.patch
openssl-1.0.2i-new-fips-reqs.patch
- fix crash in print_notice (bsc#998190)
* add openssl-print_notice-NULL_crash.patch
OBS-URL: https://build.opensuse.org/request/show/430498
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=133
2016-09-28 13:03:33 +00:00
Dominique Leuenberger
fa61203f41
Accepting request 393456 from Base:System
...
- OpenSSL Security Advisory [3rd May 2016]
- update to 1.0.2h (boo#977584, boo#977663)
* Prevent padding oracle in AES-NI CBC MAC check
A MITM attacker can use a padding oracle attack to decrypt traffic
when the connection uses an AES CBC cipher and the server support
AES-NI.
(CVE-2016-2107, boo#977616)
* Fix EVP_EncodeUpdate overflow
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption.
(CVE-2016-2105, boo#977614)
* Fix EVP_EncryptUpdate overflow
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
is able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate() with a partial block then a length check can overflow
resulting in a heap corruption.
(CVE-2016-2106, boo#977615)
* Prevent ASN.1 BIO excessive memory allocation
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.
(CVE-2016-2109, boo#976942)
* EBCDIC overread
ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result
in arbitrary stack data being returned in the buffer.
(CVE-2016-2176, boo#978224)
* Modify behavior of ALPN to invoke callback after SNI/servername (forwarded request 393446 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/393456
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=132
2016-05-08 08:38:49 +00:00
Dominique Leuenberger
fa96b8cfdd
Accepting request 390473 from Base:System
...
1
OBS-URL: https://build.opensuse.org/request/show/390473
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=131
2016-04-22 14:17:16 +00:00
Dominique Leuenberger
2ebd052507
Accepting request 363602 from Base:System
...
- update to 1.0.2g (bsc#968044)
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
provide any "EXPORT" or "LOW" strength ciphers.
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
is by default disabled at build-time. Builds that are not configured with
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
(CVE-2016-0800)
* Fix a double-free in DSA code
(CVE-2016-0705)
* Disable SRP fake user seed to address a server memory leak.
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
(CVE-2016-0798)
* Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
(CVE-2016-0797)
*) Side channel attack on modular exponentiation
http://cachebleed.info .
(CVE-2016-0702)
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
if no keysize is specified with default_bits. This fixes an
omission in an earlier change that changed all RSA/DSA key generation
apps to use 2048 bits by default. (forwarded request 363599 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/363602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=130
2016-03-05 10:21:18 +00:00
