| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: openssl-1_0_0 | Distribution: openSUSE:Factory:zSystems |
| Version: 1.0.2u | Vendor: openSUSE |
| Release: 25.2 | Build date: Mon Feb 26 13:37:22 2024 |
| Group: Productivity/Networking/Security | Build host: reproducible |
| Size: 1525370 | Source RPM: openssl-1_0_0-1.0.2u-25.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.openssl.org/ | |
| Summary: Secure Sockets and Transport Layer Security | |
OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols.
OpenSSL
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Tue Jan 30 2024 Otto Hollmann <otto.hollmann@suse.com>
- Security fix: [bsc#1219243, CVE-2024-0727]
* Add NULL checks where ContentInfo data can be NULL
* Add openssl-CVE-2024-0727.patch
* Mon Nov 13 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
* Mon Aug 07 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security fix: (bsc#1213853, CVE-2023-3817)
* Fix excessive time spent checking DH q parameter value
(bsc#1213853, CVE-2023-3817). The function DH_check() performs
various checks on DH parameters. After fixing CVE-2023-3446 it
was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A
correct q value, if present, cannot be larger than the modulus
p parameter, thus it is unnecessary to perform these checks if
q is larger than p. If DH_check() is called with such q parameter
value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
computationally intensive checks are skipped.
* Add openssl-1_0-CVE-2023-3817.patch
* Thu Jul 20 2023 Pedro Monreal <pmonreal@suse.com>
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch
* Tue Jun 20 2023 Otto Hollmann <otto.hollmann@suse.com>
- Improve cross-package provides/conflicts [boo#1210313]
* Remove Conflicts: ssl
* Add Conflicts: openssl(cli)
* Wed Jun 14 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Reworked openssl-CVE-2022-4304.patch
* Refreshed patches:
- openssl-CVE-2023-0286.patch
- openssl-CVE-2023-0464.patch
- openssl-CVE-2023-0465.patch
* Mon Jun 05 2023 Pedro Monreal <pmonreal@suse.com>
- FIPS: Merge libopenssl1_0_0-hmac package into the library [bsc#1185116]
* Mon May 22 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
* Mon Apr 03 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
* Mon Mar 27 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
* Wed Mar 15 2023 Otto Hollmann <otto.hollmann@suse.com>
- Pass over with spec-cleaner
* Fri Feb 17 2023 Otto Hollmann <otto.hollmann@suse.com>
- Fix DH key generation in FIPS mode, add support for constant BN for
DH parameters [bsc#1202062]
* Add patch: openssl-fips_fix_DH_key_generation.patch
* Tue Feb 07 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add openssl-CVE-2022-4304.patch
- Security Fix: [bsc#1179491, CVE-2020-1971]
* Fix EDIPARTYNAME NULL pointer dereference
* Add openssl-CVE-2020-1971.patch
* Mon Jan 02 2023 Otto Hollmann <otto.hollmann@suse.com>
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
* Sat Sep 24 2022 Jason Sikes <jsikes@suse.com>
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
* Tue Jun 28 2022 Andreas Schwab <schwab@suse.de>
- openssl-riscv64-config.patch: backport of riscv64 config support
* Thu Jun 23 2022 Jason Sikes <jsikes@suse.com>
- Added openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
* bsc#1200550
* CVE-2022-2068
* Fixed more shell code injection issues in c_rehash
* Tue Jun 21 2022 Jan Engelhardt <jengelh@inai.de>
- Adjust rpmlintrc to apply to all arches.
* Mon May 30 2022 Jason Sikes <jsikes@suse.com>
- Security fix: [bsc#1199166, CVE-2022-1292]
* Added: openssl-CVE-2022-1292.patch
* properly sanitise shell metacharacters in c_rehash script.
* Fri May 13 2022 Jan Engelhardt <jengelh@inai.de>
- Add an rpmlintrc for shlib-policy-name-error/multibuild case.
* Thu Apr 21 2022 Dirk Müller <dmueller@suse.com>
- update openssl-fips_cavs_aes_keywrap.patch to avoid
(nonexploitable) format-string vulnerability
* Sun Aug 29 2021 Jason Sikes <jsikes@suse.com>
- Several OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.
* CVE-2021-3712 continued
* bsc#1189521
* Add CVE-2021-3712-ASN1_STRING-issues.patch
* Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
2021-08-24 00:47 PDT by Marcus Meissner and from
https://github.com/openssl/openssl/commit/d9d838ddc0ed083fb4c26dd067e71aad7c65ad16
* Mon Jul 12 2021 Jason Sikes <jsikes@suse.com>
- Add safe primes to DH parameter generation
* RFC7919 and RFC3526
* bsc#1180995
* Added openssl-add_rfc3526_rfc7919.patch
* Added openssl-DH.patch
* Genpkey: "-pkeyopt dh_param:" can now choose modp_* (rfc3526) and
ffdhe* (rfc7919) groups. Example:
$ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096
* Sat Jun 26 2021 Jason Sikes <jsikes@suse.com>
- link binaries as position independent executables
* added openssl-1.0.0-pic-pie.patch
* bsc#1186495
* Wed Mar 03 2021 Pedro Monreal <pmonreal@suse.com>
- Security fixes:
* Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
protection [bsc#1182333, CVE-2021-23840]
* Null pointer deref in X509_issuer_and_serial_hash()
[bsc#1182331, CVE-2021-23841]
- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
/etc/ssl /etc/ssl/openssl.cnf /etc/ssl/private /usr/bin/c_rehash /usr/bin/fips_standalone_hmac /usr/bin/openssl /usr/share/doc/packages/openssl-1_0_0 /usr/share/doc/packages/openssl-1_0_0/CHANGES /usr/share/doc/packages/openssl-1_0_0/CHANGES.SSLeay /usr/share/doc/packages/openssl-1_0_0/INSTALL /usr/share/doc/packages/openssl-1_0_0/INSTALL.DJGPP /usr/share/doc/packages/openssl-1_0_0/INSTALL.MacOS /usr/share/doc/packages/openssl-1_0_0/INSTALL.NW /usr/share/doc/packages/openssl-1_0_0/INSTALL.OS2 /usr/share/doc/packages/openssl-1_0_0/INSTALL.VMS /usr/share/doc/packages/openssl-1_0_0/INSTALL.W32 /usr/share/doc/packages/openssl-1_0_0/INSTALL.W64 /usr/share/doc/packages/openssl-1_0_0/INSTALL.WCE /usr/share/doc/packages/openssl-1_0_0/NEWS /usr/share/doc/packages/openssl-1_0_0/README /usr/share/doc/packages/openssl-1_0_0/README-FIPS.txt /usr/share/doc/packages/openssl-1_0_0/README.SUSE /usr/share/man/man1/CA.pl.1ssl.gz /usr/share/man/man1/asn1parse.1ssl.gz /usr/share/man/man1/c_rehash.1ssl.gz /usr/share/man/man1/ca.1ssl.gz /usr/share/man/man1/ciphers.1ssl.gz /usr/share/man/man1/cms.1ssl.gz /usr/share/man/man1/crl.1ssl.gz /usr/share/man/man1/crl2pkcs7.1ssl.gz /usr/share/man/man1/dgst.1ssl.gz /usr/share/man/man1/dhparam.1ssl.gz /usr/share/man/man1/dsa.1ssl.gz /usr/share/man/man1/dsaparam.1ssl.gz /usr/share/man/man1/dss1.1ssl.gz /usr/share/man/man1/ec.1ssl.gz /usr/share/man/man1/ecparam.1ssl.gz /usr/share/man/man1/enc.1ssl.gz /usr/share/man/man1/errstr.1ssl.gz /usr/share/man/man1/gendsa.1ssl.gz /usr/share/man/man1/genpkey.1ssl.gz /usr/share/man/man1/genrsa.1ssl.gz /usr/share/man/man1/md2.1ssl.gz /usr/share/man/man1/md4.1ssl.gz /usr/share/man/man1/md5.1ssl.gz /usr/share/man/man1/mdc2.1ssl.gz /usr/share/man/man1/nseq.1ssl.gz /usr/share/man/man1/ocsp.1ssl.gz /usr/share/man/man1/openssl-asn1parse.1ssl.gz /usr/share/man/man1/openssl-ca.1ssl.gz /usr/share/man/man1/openssl-ciphers.1ssl.gz /usr/share/man/man1/openssl-cms.1ssl.gz /usr/share/man/man1/openssl-crl.1ssl.gz /usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz /usr/share/man/man1/openssl-dgst.1ssl.gz /usr/share/man/man1/openssl-dhparam.1ssl.gz /usr/share/man/man1/openssl-dsa.1ssl.gz /usr/share/man/man1/openssl-dsaparam.1ssl.gz /usr/share/man/man1/openssl-ec.1ssl.gz /usr/share/man/man1/openssl-ecparam.1ssl.gz /usr/share/man/man1/openssl-enc.1ssl.gz /usr/share/man/man1/openssl-errstr.1ssl.gz /usr/share/man/man1/openssl-gendsa.1ssl.gz /usr/share/man/man1/openssl-genpkey.1ssl.gz /usr/share/man/man1/openssl-genrsa.1ssl.gz /usr/share/man/man1/openssl-nseq.1ssl.gz /usr/share/man/man1/openssl-ocsp.1ssl.gz /usr/share/man/man1/openssl-passwd.1ssl.gz /usr/share/man/man1/openssl-pkcs12.1ssl.gz /usr/share/man/man1/openssl-pkcs7.1ssl.gz /usr/share/man/man1/openssl-pkcs8.1ssl.gz /usr/share/man/man1/openssl-pkey.1ssl.gz /usr/share/man/man1/openssl-pkeyparam.1ssl.gz /usr/share/man/man1/openssl-pkeyutl.1ssl.gz /usr/share/man/man1/openssl-rand.1ssl.gz /usr/share/man/man1/openssl-req.1ssl.gz /usr/share/man/man1/openssl-rsa.1ssl.gz /usr/share/man/man1/openssl-rsautl.1ssl.gz /usr/share/man/man1/openssl-s_client.1ssl.gz /usr/share/man/man1/openssl-s_server.1ssl.gz /usr/share/man/man1/openssl-s_time.1ssl.gz /usr/share/man/man1/openssl-sess_id.1ssl.gz /usr/share/man/man1/openssl-smime.1ssl.gz /usr/share/man/man1/openssl-speed.1ssl.gz /usr/share/man/man1/openssl-spkac.1ssl.gz /usr/share/man/man1/openssl-ts.1ssl.gz /usr/share/man/man1/openssl-tsget.1ssl.gz /usr/share/man/man1/openssl-verify.1ssl.gz /usr/share/man/man1/openssl-version.1ssl.gz /usr/share/man/man1/openssl-x509.1ssl.gz /usr/share/man/man1/openssl.1ssl.gz /usr/share/man/man1/passwd.1ssl.gz /usr/share/man/man1/pkcs12.1ssl.gz /usr/share/man/man1/pkcs7.1ssl.gz /usr/share/man/man1/pkcs8.1ssl.gz /usr/share/man/man1/pkey.1ssl.gz /usr/share/man/man1/pkeyparam.1ssl.gz /usr/share/man/man1/pkeyutl.1ssl.gz /usr/share/man/man1/rand.1ssl.gz /usr/share/man/man1/req.1ssl.gz /usr/share/man/man1/ripemd160.1ssl.gz /usr/share/man/man1/rsa.1ssl.gz /usr/share/man/man1/rsautl.1ssl.gz /usr/share/man/man1/s_client.1ssl.gz /usr/share/man/man1/s_server.1ssl.gz /usr/share/man/man1/s_time.1ssl.gz /usr/share/man/man1/sess_id.1ssl.gz /usr/share/man/man1/sha.1ssl.gz /usr/share/man/man1/sha1.1ssl.gz /usr/share/man/man1/sha224.1ssl.gz /usr/share/man/man1/sha256.1ssl.gz /usr/share/man/man1/sha384.1ssl.gz /usr/share/man/man1/sha512.1ssl.gz /usr/share/man/man1/smime.1ssl.gz /usr/share/man/man1/speed.1ssl.gz /usr/share/man/man1/spkac.1ssl.gz /usr/share/man/man1/ts.1ssl.gz /usr/share/man/man1/tsget.1ssl.gz /usr/share/man/man1/verify.1ssl.gz /usr/share/man/man1/version.1ssl.gz /usr/share/man/man1/x509.1ssl.gz /usr/share/ssl /usr/share/ssl/misc /usr/share/ssl/misc/CA.pl /usr/share/ssl/misc/CA.sh /usr/share/ssl/misc/c_hash /usr/share/ssl/misc/c_info /usr/share/ssl/misc/c_issuer /usr/share/ssl/misc/c_name /usr/share/ssl/misc/tsget
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 25 01:52:31 2024