packages/openssl.git
3 months agoup to 1.0.2p v1.0.2
Elan Ruusamäe [Fri, 17 Aug 2018 20:28:57 +0000 (23:28 +0300)]
up to 1.0.2p

8 months agoup to 1.0.2o auto/th/openssl-1.0.2o-1
Elan Ruusamäe [Wed, 28 Mar 2018 20:24:11 +0000 (23:24 +0300)]
up to 1.0.2o

10 months ago- tools manuals restored
Bartek Szady [Thu, 18 Jan 2018 19:13:52 +0000 (20:13 +0100)]
- tools manuals restored

12 months agoup to 1.0.2n [7 Dec 2017]; CVE-2017-3737; CVE-2017-3738 auto/th/openssl-1.0.2n-1
Elan Ruusamäe [Sat, 9 Dec 2017 11:40:29 +0000 (13:40 +0200)]
up to 1.0.2n [7 Dec 2017]; CVE-2017-3737; CVE-2017-3738

- Read/write after SSL object in error state (CVE-2017-3737)
- rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

https://www.openssl.org/news/openssl-1.0.2-notes.html

12 months agouse the generic ca-bundle path instead of PLD-specific ca-certificates one
Tomasz Pala [Sun, 3 Dec 2017 08:15:35 +0000 (09:15 +0100)]
use the generic ca-bundle path instead of PLD-specific ca-certificates one

12 months ago- adjusted man prefix to match upstream (openssl- instead of openssl_)
Jakub Bogusz [Sun, 19 Nov 2017 20:27:55 +0000 (21:27 +0100)]
- adjusted man prefix to match upstream (openssl- instead of openssl_)

12 months ago- package more man1 links
Jakub Bogusz [Sat, 18 Nov 2017 10:28:55 +0000 (11:28 +0100)]
- package more man1 links

13 months ago- up to 1.0.2m; fixes CVE-2017-3736 auto/th/openssl-1.0.2m-1
Arkadiusz Miśkiewicz [Mon, 6 Nov 2017 08:33:45 +0000 (09:33 +0100)]
- up to 1.0.2m; fixes CVE-2017-3736

18 months agoMerge branch 'dev-1.0.2l' auto/th/openssl-1.0.2l-1
Elan Ruusamäe [Tue, 6 Jun 2017 18:06:33 +0000 (21:06 +0300)]
Merge branch 'dev-1.0.2l'

18 months agobuild 1.0.2l snapshot
Elan Ruusamäe [Mon, 22 May 2017 16:46:46 +0000 (19:46 +0300)]
build 1.0.2l snapshot

actual release will be made available on 25th May 2017 between
approximately 1200-1600 UTC.

Note: this is bug-fix only release.
No security defects are addressed in this release.

22 months ago- up to 1.0.2k; fixes CVE-2017-3731, CVE-2017-3732, CVE-2016-7055 AC-branch auto/ac/openssl-1.0.2k-1 auto/th/openssl-1.0.2k-1
Arkadiusz Miśkiewicz [Thu, 26 Jan 2017 16:35:09 +0000 (17:35 +0100)]
- up to 1.0.2k; fixes CVE-2017-3731, CVE-2017-3732, CVE-2016-7055

2 years ago- up to 1.0.2j; fixes CVE-2016-7052 auto/ac/openssl-1.0.2j-1 auto/th/openssl-1.0.2j-1
Arkadiusz Miśkiewicz [Mon, 26 Sep 2016 14:01:33 +0000 (16:01 +0200)]
- up to 1.0.2j; fixes CVE-2016-7052

2 years agoBR: pkgconfig, zlib-devel
Elan Ruusamäe [Sun, 25 Sep 2016 22:55:45 +0000 (01:55 +0300)]
BR: pkgconfig, zlib-devel

which: no pkg-config in (/bin:/usr/bin:/usr/sbin:/sbin:/usr/X11R6/bin)
zlib-devel -- c_zlib.c:25:19: fatal error: zlib.h: No such file or directory

2 years agoOpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes auto/ac/openssl-1.0.2i-1 auto/th/openssl-1.0.2i-1
Elan Ruusamäe [Thu, 22 Sep 2016 17:58:56 +0000 (20:58 +0300)]
OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes

- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SWEET32 Mitigation (CVE-2016-2183)
- OOB write in MDC2_Update() (CVE-2016-6303)
- Malformed SHA512 ticket DoS (CVE-2016-6302)
- OOB write in BN_bn2dec() (CVE-2016-2182)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
- Pointer arithmetic undefined behaviour (CVE-2016-2177)
- Constant time flag not preserved in DSA signing (CVE-2016-2178)
- DTLS buffered message DoS (CVE-2016-2179)
- DTLS replay protection DoS (CVE-2016-2181)
- Certificate message OOB reads (CVE-2016-6306)

https://www.openssl.org/news/openssl-1.0.2-notes.html

2 years agoup to 1.0.2i-snap
Elan Ruusamäe [Mon, 19 Sep 2016 15:26:28 +0000 (18:26 +0300)]
up to 1.0.2i-snap

The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.1.0a, 1.0.2i, 1.0.1u.

These releases will be made available on 22nd September 2016 at
approximately 0800 UTC.  They will fix several security defects: one
classfied as severity "high", one as "moderate", and the rest "low".

https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html

2 years agouse https url
Elan Ruusamäe [Thu, 15 Sep 2016 18:17:30 +0000 (21:17 +0300)]
use https url

the ftp interface will be taken down
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000075.html

2 years agoup to OpenSSL 1.0.2h [3 May 2016] auto/ac/openssl-1.0.2h-1 auto/th/openssl-1.0.2h-1
Elan Ruusamäe [Tue, 3 May 2016 17:11:33 +0000 (20:11 +0300)]
up to OpenSSL 1.0.2h [3 May 2016]

- Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
- Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
- Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- EBCDIC overread (CVE-2016-2176)
- Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
- Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
- Only remove the SSLv2 methods with the no-ssl2-method option.

Merge branch 'dev-1.0.2h'

2 years agoup to 1.0.2h snap
Elan Ruusamäe [Thu, 28 Apr 2016 15:48:25 +0000 (18:48 +0300)]
up to 1.0.2h snap

The release will be made available on 3rd May 2016 between approximately
1200-1500 UTC. It will fix several security defects with maximum
severity "high".

2 years agodrop conflicts auto/th/openssl-1.0.2g-8
Elan Ruusamäe [Sat, 5 Mar 2016 22:21:23 +0000 (00:21 +0200)]
drop conflicts

sslv2 restored

2 years ago- rebuild with sslv2 support auto/ac/openssl-1.0.2g-7 auto/th/openssl-1.0.2g-7
Elan Ruusamäe [Sat, 5 Mar 2016 19:42:01 +0000 (21:42 +0200)]
- rebuild with sslv2 support
- release 7 (by relup.sh)

2 years agobconds were fixed in 2a82d45
Elan Ruusamäe [Sat, 5 Mar 2016 13:14:27 +0000 (15:14 +0200)]
bconds were fixed in 2a82d45

2 years ago- fixed bcond ssl2/ssl3 to force build with SSLv2/SSLv3 support
Adam Osuchowski [Sat, 5 Mar 2016 13:02:23 +0000 (14:02 +0100)]
- fixed bcond ssl2/ssl3 to force build with SSLv2/SSLv3 support

2 years agosslv2 bcond likely doesn't work after 1.0.2g
Elan Ruusamäe [Fri, 4 Mar 2016 22:33:35 +0000 (00:33 +0200)]
sslv2 bcond likely doesn't work after 1.0.2g

2 years agoqt4 QtNetwork rebuild
Elan Ruusamäe [Fri, 4 Mar 2016 22:33:13 +0000 (00:33 +0200)]
qt4 QtNetwork rebuild

2 years agopython3 rebuild auto/th/openssl-1.0.2g-6
Elan Ruusamäe [Fri, 4 Mar 2016 08:15:45 +0000 (10:15 +0200)]
python3 rebuild

2 years agopython2 rebuild
Elan Ruusamäe [Fri, 4 Mar 2016 08:12:19 +0000 (10:12 +0200)]
python2 rebuild

2 years ago- release 5 (by relup.sh) auto/th/openssl-1.0.2g-5
Elan Ruusamäe [Thu, 3 Mar 2016 15:54:20 +0000 (17:54 +0200)]
- release 5 (by relup.sh)

2 years agocurl rebuild
Elan Ruusamäe [Thu, 3 Mar 2016 12:09:30 +0000 (14:09 +0200)]
curl rebuild

configure:29155: checking for curl_easy_perform in -lcurl
configure:29180: ccache gcc -o conftest -O2 -fwrapv -pipe -Wformat -Werror=format-security -gdwarf-4 -fno-debug-types-section -fvar-tracking-assignments -g2 -Wp,-D_FORTIFY_SOURCE=2
/usr/lib/gcc/i686-pld-linux/5.3.0/../../../libcurl.so: undefined reference to `SSLv2_client_method'
collect2: error: ld returned 1 exit status

altho this dependency is compile time, it's easier to mark it here than
all rebuilt programs that link with curl (php55-openssl, php56-openssl, ...)

2 years agophp 5.4 rebuild needed
Elan Ruusamäe [Thu, 3 Mar 2016 12:01:42 +0000 (14:01 +0200)]
php 5.4 rebuild needed

2 years agofix php versions
Elan Ruusamäe [Thu, 3 Mar 2016 11:59:26 +0000 (13:59 +0200)]
fix php versions

2 years agophp 5.2 rebuild needed
Elan Ruusamäe [Thu, 3 Mar 2016 11:57:12 +0000 (13:57 +0200)]
php 5.2 rebuild needed

$ php52 -m
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php52/openssl.so' - /usr/lib/php52/openssl.so: undefined symbol: SSLv2_server_method in Unknown on line 0

2 years agophp 5.6 rebuild needed
Elan Ruusamäe [Thu, 3 Mar 2016 11:54:15 +0000 (13:54 +0200)]
php 5.6 rebuild needed

oot@jenkins httpd/modules#
$ php56 -m
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php56/openssl.so' - /usr/lib/php56/openssl.so: undefined symbol: SSLv2_client_method in Unknown on line 0

2 years agophp rebuild
Elan Ruusamäe [Thu, 3 Mar 2016 11:51:19 +0000 (13:51 +0200)]
php rebuild

$ php55 -m
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php55/openssl.so' - /usr/lib/php55/openssl.so: undefined symbol: SSLv2_server_method in Unknown on line 0

2 years agophp 5.3 rebuild needed
Elan Ruusamäe [Thu, 3 Mar 2016 11:47:52 +0000 (13:47 +0200)]
php 5.3 rebuild needed

$ php -m
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php53/openssl.so' - /usr/lib/php53/openssl.so: undefined symbol: SSLv2_server_method in Unknown on line 0

2 years agomod_ssl epoch auto/th/openssl-1.0.2g-4
Elan Ruusamäe [Wed, 2 Mar 2016 14:25:38 +0000 (16:25 +0200)]
mod_ssl epoch

2 years agoapache 2.2 bump auto/th/openssl-1.0.2g-3
Elan Ruusamäe [Wed, 2 Mar 2016 14:22:51 +0000 (16:22 +0200)]
apache 2.2 bump

https://github.com/pld-linux/apache/commit/0bc39fbc11debf1f75be420bf6886097f802bf32

2 years agorequire rebuilt ruby auto/th/openssl-1.0.2g-2
Elan Ruusamäe [Wed, 2 Mar 2016 13:21:10 +0000 (15:21 +0200)]
require rebuilt ruby

/usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require': /usr/lib64/ruby/2.0/openssl.so: undefined symbol: SSLv2_method - /usr/lib64/ruby/2.0/openssl.so (LoadError)
        from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from /usr/share/ruby/2.0/openssl.rb:17:in `<top (required)>'
        from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from /usr/share/ruby/2.0/net/https.rb:22:in `<top (required)>'
        from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'

2 years agoup to 1.0.2g, "DROWN" CVE-2016-0800 and "Cachebleed" auto/ac/openssl-1.0.2g-1 auto/th/openssl-1.0.2g-1
Elan Ruusamäe [Wed, 2 Mar 2016 10:46:00 +0000 (12:46 +0200)]
up to 1.0.2g, "DROWN" CVE-2016-0800 and "Cachebleed"

Merge branch '1.0.2g'

2 years agoup to 1.0.2g snapshot
Elan Ruusamäe [Thu, 25 Feb 2016 19:43:13 +0000 (21:43 +0200)]
up to 1.0.2g snapshot

x32 patch is probably outdated

2 years agoMerge branch 'mrcage-patch-1' auto/th/openssl-1.0.2f-2
Elan Ruusamäe [Thu, 4 Feb 2016 21:26:18 +0000 (23:26 +0200)]
Merge branch 'mrcage-patch-1'

2 years agoAdded support for *.cer *.crt *.crl to c_rehash
Nicolas Perrenoud [Thu, 4 Feb 2016 18:18:24 +0000 (19:18 +0100)]
Added support for *.cer *.crt *.crl to c_rehash

This is aimed to keep the functionality in sync with OpenSSL 1.0.2

See https://www.openssl.org/docs/man1.0.2/apps/c_rehash.html

2 years agoMerge branch 'private-perms' auto/ac/openssl-1.0.2f-1 auto/th/openssl-1.0.2f-1
Elan Ruusamäe [Thu, 28 Jan 2016 18:10:50 +0000 (20:10 +0200)]
Merge branch 'private-perms'

2 years agoMerge branch 'dev-1.0.2f'
Elan Ruusamäe [Thu, 28 Jan 2016 18:09:26 +0000 (20:09 +0200)]
Merge branch 'dev-1.0.2f'

2 years ago1.0.2f release. CVE-2016-0701, CVE-2015-3197 fixes
Elan Ruusamäe [Thu, 28 Jan 2016 18:04:08 +0000 (20:04 +0200)]
1.0.2f release. CVE-2016-0701, CVE-2015-3197 fixes

- DH small subgroups (CVE-2016-0701)
- SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

https://www.openssl.org/news/openssl-1.0.2-notes.html

2 years agotest build upcoming 1.0.2f
Elan Ruusamäe [Mon, 25 Jan 2016 22:08:52 +0000 (00:08 +0200)]
test build upcoming 1.0.2f

the release is to be made somewhere in:
php -r 'echo strftime("%x %X%z\n", strtotime("28 jan 2016 1:00 pm utc"));'

2 years agoupdate ca-certificates dep, recovered from 9afa51db
Elan Ruusamäe [Thu, 21 Jan 2016 11:11:56 +0000 (13:11 +0200)]
update ca-certificates dep, recovered from 9afa51db

3 years agodoc files were removed on purpose auto/ac/openssl-1.0.2e-1
Elan Ruusamäe [Thu, 3 Dec 2015 20:10:13 +0000 (22:10 +0200)]
doc files were removed on purpose

https://github.com/openssl/openssl/issues/491#issuecomment-161755535

3 years agothird error was from pld specific man-namespace patch
Elan Ruusamäe [Thu, 3 Dec 2015 20:07:39 +0000 (22:07 +0200)]
third error was from pld specific man-namespace patch

https://github.com/openssl/openssl/issues/491#issuecomment-161766747

dropping that chunk, as rpm build macros convert symlinks to man links
in post process anyway

3 years agorepackaged tarball fixed two issues, but not the third one
Elan Ruusamäe [Thu, 3 Dec 2015 19:38:10 +0000 (21:38 +0200)]
repackaged tarball fixed two issues, but not the third one

https://github.com/openssl/openssl/issues/491

3 years agofix for missing bctest auto/th/openssl-1.0.2e-1
Elan Ruusamäe [Thu, 3 Dec 2015 18:36:17 +0000 (20:36 +0200)]
fix for missing bctest

https://github.com/openssl/openssl/issues/493

3 years agodoc/openssl_button.gif doc/openssl_button.html are missing as well
Elan Ruusamäe [Thu, 3 Dec 2015 18:21:04 +0000 (20:21 +0200)]
doc/openssl_button.gif doc/openssl_button.html are missing as well

damn buggy release it is

but not sure if intentional, so commenting them out for now.

3 years agohack for pod2man test
Elan Ruusamäe [Thu, 3 Dec 2015 18:20:37 +0000 (20:20 +0200)]
hack for pod2man test

https://github.com/openssl/openssl/issues/490

3 years agopod2man tool missing
Elan Ruusamäe [Thu, 3 Dec 2015 18:09:28 +0000 (20:09 +0200)]
pod2man tool missing

https://github.com/openssl/openssl/issues/490

3 years agohack a fix for packaging error
Elan Ruusamäe [Thu, 3 Dec 2015 18:04:53 +0000 (20:04 +0200)]
hack a fix for packaging error

https://github.com/openssl/openssl/issues/491

however build still fails for :

make[1]: *** No rule to make target 'bctest', needed by 'test_bn'.  Stop.

and then:

/bin/sh: ./pod2mantest: not found

3 years agoup to 1.0.2e, fails to build on carme jpaketest.c
Elan Ruusamäe [Thu, 3 Dec 2015 17:44:15 +0000 (19:44 +0200)]
up to 1.0.2e, fails to build on carme jpaketest.c

3 years ago- release 5 (by relup.sh) auto/th/openssl-1.0.2d-5
Elan Ruusamäe [Fri, 4 Sep 2015 11:17:38 +0000 (14:17 +0300)]
- release 5 (by relup.sh)

3 years agoupdate conflict for neon on ac
Elan Ruusamäe [Fri, 4 Sep 2015 11:16:48 +0000 (14:16 +0300)]
update conflict for neon on ac

3 years agoadd ntpd conflict
Elan Ruusamäe [Fri, 28 Aug 2015 09:04:16 +0000 (12:04 +0300)]
add ntpd conflict

see
https://github.com/pld-linux/ntp/commit/6a22ef3dfdfc575e06af5df4eaef25a4c546f257

3 years agoadd missing openssh-clients dependency update auto/ac/openssl-1.0.2d-3
Elan Ruusamäe [Mon, 17 Aug 2015 12:14:16 +0000 (15:14 +0300)]
add missing openssh-clients dependency update

3 years agoupdate openssh conflict for ac auto/ac/openssl-1.0.2d-2
Elan Ruusamäe [Mon, 17 Aug 2015 08:13:10 +0000 (11:13 +0300)]
update openssh conflict for ac

3 years agoadd LTS note auto/ac/openssl-1.0.2d-1
Elan Ruusamäe [Sun, 9 Aug 2015 11:00:53 +0000 (14:00 +0300)]
add LTS note

3 years ago- up to 1.0.2d; fixes CVE-2015-1793/high auto/th/openssl-1.0.2d-1
Arkadiusz Miśkiewicz [Thu, 9 Jul 2015 13:59:00 +0000 (15:59 +0200)]
- up to 1.0.2d; fixes CVE-2015-1793/high

3 years ago- up to 1.0.2c auto/th/openssl-1.0.2c-1
Arkadiusz Miśkiewicz [Sat, 13 Jun 2015 07:28:24 +0000 (09:28 +0200)]
- up to 1.0.2c

3 years ago- updated optflags patch
Jakub Bogusz [Fri, 12 Jun 2015 17:22:26 +0000 (19:22 +0200)]
- updated optflags patch

3 years agoadd comment what optflags does
Elan Ruusamäe [Thu, 11 Jun 2015 19:38:39 +0000 (22:38 +0300)]
add comment what optflags does

from fc48a532a33e2694f46765f137c584f9fbde718f

3 years agodrop obsolete cpuid.patch
Elan Ruusamäe [Thu, 11 Jun 2015 19:34:51 +0000 (22:34 +0300)]
drop obsolete cpuid.patch

3 years agoup to 1.0.2b; fixes for CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792...
Elan Ruusamäe [Thu, 11 Jun 2015 15:24:29 +0000 (18:24 +0300)]
up to 1.0.2b; fixes for CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791

3 years ago- up to 1.0.2a auto/th/openssl-1.0.2a-1
Adam Osuchowski [Fri, 20 Mar 2015 13:58:57 +0000 (14:58 +0100)]
- up to 1.0.2a

3 years agostddef.patch applied upstream (order is irrelevant)
Elan Ruusamäe [Fri, 20 Mar 2015 12:09:46 +0000 (14:09 +0200)]
stddef.patch applied upstream (order is irrelevant)

3 years ago- elevated x32 patch to hackery auto/th/openssl-1.0.2-3
Jan Rękorajski [Fri, 27 Feb 2015 20:18:33 +0000 (21:18 +0100)]
- elevated x32 patch to hackery
- rel 3

3 years ago- x32 rebuild auto/th/openssl-1.0.2-2
Jan Rękorajski [Tue, 24 Feb 2015 21:18:37 +0000 (22:18 +0100)]
- x32 rebuild
- release 2 (by relup.sh)

3 years ago- up to 1.0.2
Adam Osuchowski [Sat, 31 Jan 2015 02:32:36 +0000 (03:32 +0100)]
- up to 1.0.2
- removed unnecessary patches and renumbered remaining

3 years agoup to 1.0.1l
Elan Ruusamäe [Thu, 15 Jan 2015 20:26:13 +0000 (22:26 +0200)]
up to 1.0.1l

Build fixes for the Windows and OpenVMS platforms

3 years agoup to 1.0.1k, fixes for CVE-2014-3571 CVE-2015-0206 CVE-2014-3569 CVE-2014-3572 CVE... auto/ac/openssl-1.0.1k-1 auto/th/openssl-1.0.1k-1
Elan Ruusamäe [Fri, 9 Jan 2015 09:35:56 +0000 (11:35 +0200)]
up to 1.0.1k, fixes for CVE-2014-3571 CVE-2015-0206 CVE-2014-3569 CVE-2014-3572 CVE-2015-0204 CVE-2015-0205 CVE-2014-8275 CVE-2014-3570

3 years agofix gcc -E not dumping output with .s ext, works with .S auto/ac/openssl-1.0.1j-3
Elan Ruusamäe [Thu, 1 Jan 2015 21:02:56 +0000 (23:02 +0200)]
fix gcc -E not dumping output with .s ext, works with .S

3 years ago3a24c9cc conflicts don't apply for ac
Elan Ruusamäe [Wed, 31 Dec 2014 12:28:04 +0000 (14:28 +0200)]
3a24c9cc conflicts don't apply for ac

3 years ago- add x32 support
Jan Rękorajski [Mon, 22 Dec 2014 20:38:18 +0000 (20:38 +0000)]
- add x32 support

4 years ago- rel 3 then auto/th/openssl-1.0.1j-3
Arkadiusz Miśkiewicz [Tue, 21 Oct 2014 12:49:10 +0000 (14:49 +0200)]
- rel 3 then

4 years ago- zlib, sslv2 and sslv3 enabled by default
Adam Osuchowski [Tue, 21 Oct 2014 12:46:56 +0000 (14:46 +0200)]
- zlib, sslv2 and sslv3 enabled by default

4 years ago- fix bconds
Arkadiusz Miśkiewicz [Tue, 21 Oct 2014 12:27:08 +0000 (14:27 +0200)]
- fix bconds

4 years agosslv2/sslv3/zlib bconds; discussion about their default state in progress on devel...
Arkadiusz Miśkiewicz [Tue, 21 Oct 2014 12:19:48 +0000 (14:19 +0200)]
sslv2/sslv3/zlib bconds; discussion about their default state in progress on devel lists

4 years ago- rel 2; disable unsecure protocols auto/th/openssl-1.0.1j-2
Arkadiusz Miśkiewicz [Mon, 20 Oct 2014 17:45:36 +0000 (19:45 +0200)]
- rel 2; disable unsecure protocols
(zlib: CRIME attack; SSLv2: uses md5; SSLv3: POODLE)
- enable enable-ec_nistp_64_gcc_128 on x86_64

4 years ago- handle unpackaged man files
Jakub Bogusz [Fri, 17 Oct 2014 16:11:22 +0000 (18:11 +0200)]
- handle unpackaged man files

4 years agoreport unpackaged files
Elan Ruusamäe [Wed, 15 Oct 2014 19:56:21 +0000 (22:56 +0300)]
report unpackaged files

4 years agoup to OpenSSL 1.0.1j [15 Oct 2014]: auto/th/openssl-1.0.1j-1
Elan Ruusamäe [Wed, 15 Oct 2014 19:42:51 +0000 (22:42 +0300)]
up to OpenSSL 1.0.1j [15 Oct 2014]:
- Fix for CVE-2014-3513
- Fix for CVE-2014-3567
- Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
- Fix for CVE-2014-3568

4 years ago- rel 2; add support for TLS_FALLBACK_SCSV which should help mitigate latest SSLv3... auto/th/openssl-1.0.1i-2
Arkadiusz Miśkiewicz [Wed, 15 Oct 2014 04:49:05 +0000 (06:49 +0200)]
- rel 2; add support for TLS_FALLBACK_SCSV which should help mitigate latest SSLv3 SECURITY issue (CVE-2014-3566)

4 years ago- up to 1.0.1i auto/th/openssl-1.0.1i-1
Elan Ruusamäe [Thu, 7 Aug 2014 07:17:56 +0000 (10:17 +0300)]
- up to 1.0.1i
- fixes for CVE-2014-3512 CVE-2014-3511 CVE-2014-3510 CVE-2014-3507
  CVE-2014-3506 CVE-2014-3505 CVE-2014-3509 CVE-2014-5139 CVE-2014-3508

4 years ago- up to 1.0.1h; fixes: auto/th/openssl-1.0.1h-1
Arkadiusz Miśkiewicz [Thu, 5 Jun 2014 16:20:47 +0000 (18:20 +0200)]
- up to 1.0.1h; fixes:
 * SSL/TLS MITM vulnerability (CVE-2014-0224)
 * DTLS recursion flaw (CVE-2014-0221)
 * DTLS invalid fragment vulnerability (CVE-2014-0195)
 * SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
 * SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
 * Anonymous ECDH denial of service (CVE-2014-3470)

4 years ago- wrong patch...
Andrzej Zawadzki [Mon, 28 Apr 2014 12:07:27 +0000 (14:07 +0200)]
- wrong patch...

4 years ago- wrrr rel up...
Andrzej Zawadzki [Mon, 28 Apr 2014 11:24:52 +0000 (13:24 +0200)]
- wrrr rel up...

4 years ago- add patch from upstream
Andrzej Zawadzki [Mon, 28 Apr 2014 11:19:42 +0000 (13:19 +0200)]
- add patch from upstream
https://rt.openssl.org/Ticket/Display.html?id=3265
and fix:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d1f4b0f3d262edf1cf7023a01d5404945035d5

4 years ago- up to 1.0.1g; fixes CVE-2014-0160, CVE-2014-0076 auto/th/openssl-1.0.1g-1
Arkadiusz Miśkiewicz [Mon, 7 Apr 2014 20:33:47 +0000 (22:33 +0200)]
- up to 1.0.1g; fixes CVE-2014-0160, CVE-2014-0076

4 years ago- up to 1.0.1f; fixes CVE-2013-4353, CVE-2013-6449, CVE-2013-6450 auto/th/openssl-1.0.1f-1
Arkadiusz Miśkiewicz [Sun, 19 Jan 2014 00:20:56 +0000 (01:20 +0100)]
- up to 1.0.1f; fixes CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

5 years agokeep /etc/openssl/private dir private
Elan Ruusamäe [Wed, 25 Sep 2013 10:25:08 +0000 (13:25 +0300)]
keep /etc/openssl/private dir private

5 years agoconflict on packages not having strict openssl dependency auto/th/openssl-1.0.1e-3
Elan Ruusamäe [Thu, 30 May 2013 09:06:06 +0000 (12:06 +0300)]
conflict on packages not having strict openssl dependency

5 years ago- rel 2; add debian fixes auto/th/openssl-1.0.1e-2
Arkadiusz Miśkiewicz [Fri, 17 May 2013 07:10:45 +0000 (09:10 +0200)]
- rel 2; add debian fixes

5 years ago- cleanup (drop Titanium stuff)
Marcin Krol [Tue, 23 Apr 2013 11:01:18 +0000 (11:01 +0000)]
- cleanup (drop Titanium stuff)

5 years ago- -j1 also for make install
Jakub Bogusz [Tue, 12 Feb 2013 16:55:10 +0000 (17:55 +0100)]
- -j1 also for make install

5 years ago- updated to 1.0.0e (fixes CVE-2012-2686 CVE-2013-0166 CVE-2013-0169) auto/th/openssl-1.0.1e-1
Jakub Bogusz [Tue, 12 Feb 2013 16:30:18 +0000 (17:30 +0100)]
- updated to 1.0.0e (fixes CVE-2012-2686 CVE-2013-0166 CVE-2013-0169)

5 years ago- fixed and updated optflags patch
Jakub Bogusz [Mon, 14 Jan 2013 19:53:10 +0000 (20:53 +0100)]
- fixed and updated optflags patch
- running perlpath.pl and passing PERL to Configure is enough, no need to replace /usr/local/bin/perl manually

This page took 0.801238 seconds and 4 git commands to generate.