openssl

testing/openssl

SHA256

Fork 0

forked from pool/openssl

Commit Graph

Author	SHA256	Message	Date
Dominique Leuenberger	2ebd052507	Accepting request 363602 from Base:System - update to 1.0.2g (bsc#968044) * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); (CVE-2016-0800) * Fix a double-free in DSA code (CVE-2016-0705) * Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. (CVE-2016-0798) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) ) Side channel attack on modular exponentiation http://cachebleed.info. (CVE-2016-0702) ) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default. (forwarded request 363599 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/363602 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=130	2016-03-05 10:21:18 +00:00
Stephan Kulow	ed81eb44e1	Accepting request 347504 from Base:System - update to 1.0.2e * fixes five security vulnerabilities * Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) (bsc#957984) * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) (bsc#957814) * Certificate verify crash with missing PSS parameter (CVE-2015-3194) (bsc#957815) * X509_ATTRIBUTE memory leak (CVE-2015-3195) (bsc#957812) * Race condition handling PSK identify hint (CVE-2015-3196) (bsc#957813) - pulled a refreshed fips patch from Fedora * openssl-1.0.2a-fips.patch was replaced by openssl-1.0.2e-fips.patch - refresh openssl-ocloexec.patch OBS-URL: https://build.opensuse.org/request/show/347504 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=129	2015-12-13 08:36:18 +00:00

Author

SHA256

Message

Date

Dominique Leuenberger

2ebd052507

Accepting request 363602 from Base:System

- update to 1.0.2g (bsc#968044)
  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
    Builds that are not configured with "enable-weak-ssl-ciphers" will not
    provide any "EXPORT" or "LOW" strength ciphers.
  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
    is by default disabled at build-time.  Builds that are not configured with
    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
    will need to explicitly call either of:
        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
    or
        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
    (CVE-2016-0800)
  * Fix a double-free in DSA code
     (CVE-2016-0705)
  * Disable SRP fake user seed to address a server memory leak.
     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
     (CVE-2016-0798)
  * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
     (CVE-2016-0797)
  *) Side channel attack on modular exponentiation
     http://cachebleed.info.
     (CVE-2016-0702)
  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
     if no keysize is specified with default_bits. This fixes an
     omission in an earlier change that changed all RSA/DSA key generation
     apps to use 2048 bits by default. (forwarded request 363599 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/363602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=130

2016-03-05 10:21:18 +00:00

Stephan Kulow

ed81eb44e1

Accepting request 347504 from Base:System

- update to 1.0.2e
  * fixes five security vulnerabilities
  * Anon DH ServerKeyExchange with 0 p parameter
    (CVE-2015-1794) (bsc#957984)
  * BN_mod_exp may produce incorrect results on x86_64
    (CVE-2015-3193) (bsc#957814)
  * Certificate verify crash with missing PSS parameter
    (CVE-2015-3194) (bsc#957815)
  * X509_ATTRIBUTE memory leak
    (CVE-2015-3195) (bsc#957812)
  * Race condition handling PSK identify hint
    (CVE-2015-3196) (bsc#957813)
- pulled a refreshed fips patch from Fedora
  * openssl-1.0.2a-fips.patch was replaced by
    openssl-1.0.2e-fips.patch
- refresh openssl-ocloexec.patch

OBS-URL: https://build.opensuse.org/request/show/347504
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=129

2015-12-13 08:36:18 +00:00

2 Commits