| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libopenssl10 | Distribution: openSUSE Tumbleweed |
| Version: 1.0.2u | Vendor: openSUSE |
| Release: 13.1 | Build date: Tue Feb 21 19:45:50 2023 |
| Group: Productivity/Networking/Security | Build host: sheep82 |
| Size: 2244153 | Source RPM: openssl-1_0_0-1.0.2u-13.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.openssl.org/ | |
| Summary: Secure Sockets and Transport Layer Security | |
OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols. This package contains libcrypto.so.10 and libssl.so.10 symlinks and provided capabilities usually provided by other distributions for compatibility with third party packages.
OpenSSL
* Fri Feb 17 2023 Otto Hollmann <otto.hollmann@suse.com>
- Fix DH key generation in FIPS mode, add support for constant BN for
DH parameters [bsc#1202062]
* Add patch: openssl-fips_fix_DH_key_generation.patch
* Tue Feb 07 2023 Otto Hollmann <otto.hollmann@suse.com>
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add openssl-CVE-2022-4304.patch
- Security Fix: [bsc#1179491, CVE-2020-1971]
* Fix EDIPARTYNAME NULL pointer dereference
* Add openssl-CVE-2020-1971.patch
* Mon Jan 02 2023 Otto Hollmann <otto.hollmann@suse.com>
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
* Sat Sep 24 2022 Jason Sikes <jsikes@suse.com>
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
* Tue Jun 28 2022 Andreas Schwab <schwab@suse.de>
- openssl-riscv64-config.patch: backport of riscv64 config support
* Thu Jun 23 2022 Jason Sikes <jsikes@suse.com>
- Added openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
* bsc#1200550
* CVE-2022-2068
* Fixed more shell code injection issues in c_rehash
* Tue Jun 21 2022 Jan Engelhardt <jengelh@inai.de>
- Adjust rpmlintrc to apply to all arches.
* Mon May 30 2022 Jason Sikes <jsikes@suse.com>
- Security fix: [bsc#1199166, CVE-2022-1292]
* Added: openssl-CVE-2022-1292.patch
* properly sanitise shell metacharacters in c_rehash script.
* Fri May 13 2022 Jan Engelhardt <jengelh@inai.de>
- Add an rpmlintrc for shlib-policy-name-error/multibuild case.
* Thu Apr 21 2022 Dirk Müller <dmueller@suse.com>
- update openssl-fips_cavs_aes_keywrap.patch to avoid
(nonexploitable) format-string vulnerability
* Sun Aug 29 2021 Jason Sikes <jsikes@suse.com>
- Several OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.
* CVE-2021-3712 continued
* bsc#1189521
* Add CVE-2021-3712-ASN1_STRING-issues.patch
* Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
2021-08-24 00:47 PDT by Marcus Meissner and from
https://github.com/openssl/openssl/commit/d9d838ddc0ed083fb4c26dd067e71aad7c65ad16
* Mon Jul 12 2021 Jason Sikes <jsikes@suse.com>
- Add safe primes to DH parameter generation
* RFC7919 and RFC3526
* bsc#1180995
* Added openssl-add_rfc3526_rfc7919.patch
* Added openssl-DH.patch
* Genpkey: "-pkeyopt dh_param:" can now choose modp_* (rfc3526) and
ffdhe* (rfc7919) groups. Example:
$ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096
* Sat Jun 26 2021 Jason Sikes <jsikes@suse.com>
- link binaries as position independent executables
* added openssl-1.0.0-pic-pie.patch
* bsc#1186495
* Wed Mar 03 2021 Pedro Monreal <pmonreal@suse.com>
- Security fixes:
* Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
protection [bsc#1182333, CVE-2021-23840]
* Null pointer deref in X509_issuer_and_serial_hash()
[bsc#1182331, CVE-2021-23841]
- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
* Mon Oct 12 2020 Dominique Leuenberger <dimstar@opensuse.org>
- Escape rpm command %%expand when used in comment.
* Tue Aug 18 2020 Antonio Larrosa <alarrosa@suse.com>
- Add libopenssl10 package with libcrypto.so.10 and libssl.so.10
libraries built with --default-symver and the following patch
so we can provide the same symbols as other distros in a
compatible package (bsc#1175429):
* openssl-1.0.2e-rpmbuild.patch
- Update patch to add OPENSSL_1.0.1_EC symbol (bsc#1175429):
* openssl-1.0.0-version.patch
* Fri Dec 20 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 1.0.2u [bsc#1158809, CVE-2019-1551]
* Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. No EC algorithms are
affected. Analysis suggests that attacks against 2-prime RSA1024,
3-prime RSA1536, and DSA1024 as a result of this defect would be very
difficult to perform and are not believed likely. Attacks against DH512
are considered just feasible. However, for an attack the target would
have to re-use the DH512 private key, which is not recommended anyway.
Also applications directly using the low level API BN_mod_exp may be
affected if they use BN_FLG_CONSTTIME.
- Drop patch openssl-1_1-CVE-2019-1551.patch
* Tue Dec 10 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1158809, CVE-2019-1551]
* Overflow bug in the x64_64 Montgomery squaring procedure used
in exponentiation with 512-bit moduli
- Add openssl-1_1-CVE-2019-1551.patch
* Thu Oct 03 2019 Vítězslav Čížek <vcizek@suse.com>
- Update to 1.0.2t
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters().
* Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
- drop upstreamed patches:
* openssl-CVE-2019-1547.patch
* openssl-CVE-2019-1563.patch
* Thu Sep 12 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- OpenSSL Security Advisory [10 September 2019]
* EC_GROUP_set_generator side channel attack avoidance. [bsc#1150003, CVE-2019-1547]
* Bleichenbacher attack against cms/pkcs7 encryption transported key [bsc#1150250, CVE-2019-1563]
- Added patches:
* openssl-CVE-2019-1547.patch
* openssl-CVE-2019-1563.patch
* Thu Feb 28 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 1.0.2r
* 0-byte record padding oracle
(CVE-2019-1559, bsc#1127080)
* Move strictness check from EVP_PKEY_asn1_new() to
EVP_PKEY_asn1_add0()
- Refreshed patches:
* openssl-1.0.2i-fips.patch
/usr/lib64/libcrypto.so.10 /usr/lib64/libssl.so.10 /usr/share/licenses/libopenssl10 /usr/share/licenses/libopenssl10/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue May 9 11:15:49 2023