]>
git.pld-linux.org Git - packages/openssl.git/log
Mike Frysinger [Thu, 17 Mar 2016 17:41:49 +0000 (13:41 -0400)]
openssl-ssl-certificate.sh: fix test POSIX compatibility
The == operator is not in POSIX and will fail with some shells.
Arkadiusz Miśkiewicz [Tue, 21 Apr 2020 18:59:36 +0000 (20:59 +0200)]
- up to 1.1.1g; fixes CVE-2020-1967
Jan Palus [Sat, 4 Apr 2020 23:29:38 +0000 (01:29 +0200)]
up to 1.1.1f
Jakub Bogusz [Sun, 29 Mar 2020 14:32:42 +0000 (16:32 +0200)]
- removed leftover
Arkadiusz Miśkiewicz [Sun, 29 Mar 2020 13:20:09 +0000 (15:20 +0200)]
- up to 1.1.1e; fixes CVE-2019-1551
Jan Rękorajski [Sat, 25 Jan 2020 15:08:27 +0000 (16:08 +0100)]
- drop obsolete and outdated manual inclusion of rpm macros
Jakub Bogusz [Fri, 27 Sep 2019 16:25:09 +0000 (18:25 +0200)]
- updated to 1.1.1d (fixes CVE-2019-1547 CVE-2019-1549 CVE-2019-1563)
- added no-win32 patch (don't require Win32-specific perl module for unix installs)
- added zlib-fix patch (bugfix from git)
Adam Gołębiowski [Wed, 29 May 2019 12:08:57 +0000 (14:08 +0200)]
- updated to 1.1.1c (solves CVE-2019-1543)
Adam Gołębiowski [Wed, 27 Feb 2019 07:02:51 +0000 (08:02 +0100)]
- updated to 1.1.1b
Adam Gołębiowski [Tue, 20 Nov 2018 16:23:18 +0000 (17:23 +0100)]
- updated to 1.1.1a, solves CVE-2018-0734, CVE-2017-0735
- BR: libsctp-devel
Jakub Bogusz [Thu, 27 Sep 2018 19:43:13 +0000 (21:43 +0200)]
- fix rehash manual issue, disable failing test
Jakub Bogusz [Sat, 15 Sep 2018 20:02:46 +0000 (22:02 +0200)]
- merge fix
Jakub Bogusz [Sat, 15 Sep 2018 19:18:22 +0000 (21:18 +0200)]
Merge branch 'dev-1.1'
Jakub Bogusz [Sat, 15 Sep 2018 18:59:33 +0000 (20:59 +0200)]
- updated support end date
Arkadiusz Miśkiewicz [Fri, 14 Sep 2018 08:47:42 +0000 (10:47 +0200)]
- enable sctp
Arkadiusz Miśkiewicz [Thu, 13 Sep 2018 18:01:00 +0000 (20:01 +0200)]
- seems obsolete
Arkadiusz Miśkiewicz [Thu, 13 Sep 2018 17:55:47 +0000 (19:55 +0200)]
- up to final 1.1.1
Jakub Bogusz [Mon, 20 Aug 2018 20:22:03 +0000 (22:22 +0200)]
- up to 1.1.0i
Elan Ruusamäe [Fri, 17 Aug 2018 20:28:57 +0000 (23:28 +0300)]
up to 1.0.2p
Jakub Bogusz [Sun, 1 Apr 2018 08:29:32 +0000 (10:29 +0200)]
- up to 1.1.0h
- dropped asflag patch, updated way of --noexecstack flag passing (taken from config script)
Elan Ruusamäe [Wed, 28 Mar 2018 20:24:11 +0000 (23:24 +0300)]
up to 1.0.2o
Bartek Szady [Thu, 18 Jan 2018 19:13:52 +0000 (20:13 +0100)]
- tools manuals restored
Elan Ruusamäe [Sat, 9 Dec 2017 11:40:29 +0000 (13:40 +0200)]
up to 1.0.2n [7 Dec 2017]; CVE-2017-3737; CVE-2017-3738
- Read/write after SSL object in error state (CVE-2017-3737)
- rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
https://www.openssl.org/news/openssl-1.0.2-notes.html
Tomasz Pala [Sun, 3 Dec 2017 08:15:35 +0000 (09:15 +0100)]
use the generic ca-bundle path instead of PLD-specific ca-certificates one
Jakub Bogusz [Sun, 19 Nov 2017 20:27:55 +0000 (21:27 +0100)]
- adjusted man prefix to match upstream (openssl- instead of openssl_)
Jakub Bogusz [Sun, 19 Nov 2017 19:43:29 +0000 (20:43 +0100)]
- up to 1.1.0g
- updated optflags,man-namespace,asflag,ca-certificates patches
- removed outdated alpha-ccc,include,ldflags patches
Jakub Bogusz [Sat, 18 Nov 2017 10:28:55 +0000 (11:28 +0100)]
- package more man1 links
Arkadiusz Miśkiewicz [Mon, 6 Nov 2017 08:33:45 +0000 (09:33 +0100)]
- up to 1.0.2m; fixes CVE-2017-3736
Elan Ruusamäe [Tue, 6 Jun 2017 18:06:33 +0000 (21:06 +0300)]
Merge branch 'dev-1.0.2l'
Elan Ruusamäe [Mon, 22 May 2017 16:46:46 +0000 (19:46 +0300)]
build 1.0.2l snapshot
actual release will be made available on 25th May 2017 between
approximately 1200-1600 UTC.
Note: this is bug-fix only release.
No security defects are addressed in this release.
Arkadiusz Miśkiewicz [Thu, 26 Jan 2017 16:35:09 +0000 (17:35 +0100)]
- up to 1.0.2k; fixes CVE-2017-3731, CVE-2017-3732, CVE-2016-7055
Arkadiusz Miśkiewicz [Mon, 26 Sep 2016 14:01:33 +0000 (16:01 +0200)]
- up to 1.0.2j; fixes CVE-2016-7052
Elan Ruusamäe [Sun, 25 Sep 2016 22:55:45 +0000 (01:55 +0300)]
BR: pkgconfig, zlib-devel
which: no pkg-config in (/bin:/usr/bin:/usr/sbin:/sbin:/usr/X11R6/bin)
zlib-devel -- c_zlib.c:25:19: fatal error: zlib.h: No such file or directory
Elan Ruusamäe [Thu, 15 Sep 2016 18:17:30 +0000 (21:17 +0300)]
use https url
the ftp interface will be taken down
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000075.html
Elan Ruusamäe [Thu, 22 Sep 2016 17:55:42 +0000 (20:55 +0300)]
OpenSSL 1.1.0a [22 Sep 2016]
- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SSL_peek() hang on empty record (CVE-2016-6305)
- Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
- Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
https://www.openssl.org/news/openssl-1.1.0-notes.html
Elan Ruusamäe [Thu, 22 Sep 2016 17:58:56 +0000 (20:58 +0300)]
OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes
- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SWEET32 Mitigation (CVE-2016-2183)
- OOB write in MDC2_Update() (CVE-2016-6303)
- Malformed SHA512 ticket DoS (CVE-2016-6302)
- OOB write in BN_bn2dec() (CVE-2016-2182)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
- Pointer arithmetic undefined behaviour (CVE-2016-2177)
- Constant time flag not preserved in DSA signing (CVE-2016-2178)
- DTLS buffered message DoS (CVE-2016-2179)
- DTLS replay protection DoS (CVE-2016-2181)
- Certificate message OOB reads (CVE-2016-6306)
https://www.openssl.org/news/openssl-1.0.2-notes.html
Elan Ruusamäe [Mon, 19 Sep 2016 15:39:34 +0000 (18:39 +0300)]
up to 1.1.0a-snap
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.1.0a, 1.0.2i, 1.0.1u.
These releases will be made available on 22nd September 2016 at
approximately 0800 UTC. They will fix several security defects: one
classfied as severity "high", one as "moderate", and the rest "low".
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
Elan Ruusamäe [Mon, 19 Sep 2016 15:26:28 +0000 (18:26 +0300)]
up to 1.0.2i-snap
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.1.0a, 1.0.2i, 1.0.1u.
These releases will be made available on 22nd September 2016 at
approximately 0800 UTC. They will fix several security defects: one
classfied as severity "high", one as "moderate", and the rest "low".
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
Elan Ruusamäe [Thu, 15 Sep 2016 18:17:30 +0000 (21:17 +0300)]
use https url
the ftp interface will be taken down
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000075.html
Elan Ruusamäe [Thu, 25 Aug 2016 19:44:00 +0000 (22:44 +0300)]
up to 1.1.0-release
Elan Ruusamäe [Sun, 7 Aug 2016 11:45:55 +0000 (14:45 +0300)]
BR pkgconfig; drop bc
Elan Ruusamäe [Sat, 6 Aug 2016 08:52:52 +0000 (11:52 +0300)]
updated install and files
dozens of man pages unpackaged
Elan Ruusamäe [Sat, 6 Aug 2016 00:24:18 +0000 (03:24 +0300)]
BR zlib-devel
Elan Ruusamäe [Fri, 5 Aug 2016 23:22:08 +0000 (02:22 +0300)]
no more rehash make target
Elan Ruusamäe [Fri, 5 Aug 2016 23:20:28 +0000 (02:20 +0300)]
add --prefix and install engines to /lib
Elan Ruusamäe [Fri, 5 Aug 2016 22:56:50 +0000 (01:56 +0300)]
fix version check
Elan Ruusamäe [Fri, 5 Aug 2016 22:54:59 +0000 (01:54 +0300)]
drop unsupported Configure options
enable-camelia not present already in 1.0.2
Elan Ruusamäe [Fri, 5 Aug 2016 22:27:34 +0000 (01:27 +0300)]
Configure requires Perl 5.10.0;
Elan Ruusamäe [Fri, 5 Aug 2016 20:28:20 +0000 (23:28 +0300)]
up to 1.1.0-pre6
build system renewed, most of the patches do not apply and configure
args are unknown
Elan Ruusamäe [Tue, 3 May 2016 17:11:33 +0000 (20:11 +0300)]
up to OpenSSL 1.0.2h [3 May 2016]
- Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
- Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
- Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- EBCDIC overread (CVE-2016-2176)
- Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
- Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
- Only remove the SSLv2 methods with the no-ssl2-method option.
Merge branch 'dev-1.0.2h'
Elan Ruusamäe [Thu, 28 Apr 2016 15:48:25 +0000 (18:48 +0300)]
up to 1.0.2h snap
The release will be made available on 3rd May 2016 between approximately
1200-1500 UTC. It will fix several security defects with maximum
severity "high".
Elan Ruusamäe [Sat, 5 Mar 2016 22:21:23 +0000 (00:21 +0200)]
drop conflicts
sslv2 restored
Elan Ruusamäe [Sat, 5 Mar 2016 19:42:01 +0000 (21:42 +0200)]
- rebuild with sslv2 support
- release 7 (by relup.sh)
Elan Ruusamäe [Sat, 5 Mar 2016 13:14:27 +0000 (15:14 +0200)]
bconds were fixed in
2a82d45
Adam Osuchowski [Sat, 5 Mar 2016 13:02:23 +0000 (14:02 +0100)]
- fixed bcond ssl2/ssl3 to force build with SSLv2/SSLv3 support
Elan Ruusamäe [Fri, 4 Mar 2016 22:33:35 +0000 (00:33 +0200)]
sslv2 bcond likely doesn't work after 1.0.2g
Elan Ruusamäe [Fri, 4 Mar 2016 22:33:13 +0000 (00:33 +0200)]
qt4 QtNetwork rebuild
Elan Ruusamäe [Fri, 4 Mar 2016 08:15:45 +0000 (10:15 +0200)]
python3 rebuild
Elan Ruusamäe [Fri, 4 Mar 2016 08:12:19 +0000 (10:12 +0200)]
python2 rebuild
Elan Ruusamäe [Thu, 3 Mar 2016 15:54:20 +0000 (17:54 +0200)]
- release 5 (by relup.sh)
Elan Ruusamäe [Thu, 3 Mar 2016 12:09:30 +0000 (14:09 +0200)]
curl rebuild
configure:29155: checking for curl_easy_perform in -lcurl
configure:29180: ccache gcc -o conftest -O2 -fwrapv -pipe -Wformat -Werror=format-security -gdwarf-4 -fno-debug-types-section -fvar-tracking-assignments -g2 -Wp,-D_FORTIFY_SOURCE=2
/usr/lib/gcc/i686-pld-linux/5.3.0/../../../libcurl.so: undefined reference to `SSLv2_client_method'
collect2: error: ld returned 1 exit status
altho this dependency is compile time, it's easier to mark it here than
all rebuilt programs that link with curl (php55-openssl, php56-openssl, ...)
Elan Ruusamäe [Thu, 3 Mar 2016 12:01:42 +0000 (14:01 +0200)]
php 5.4 rebuild needed
Elan Ruusamäe [Thu, 3 Mar 2016 11:59:26 +0000 (13:59 +0200)]
fix php versions
Elan Ruusamäe [Thu, 3 Mar 2016 11:57:12 +0000 (13:57 +0200)]
php 5.2 rebuild needed
$ php52 -m
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php52/openssl.so' - /usr/lib/php52/openssl.so: undefined symbol: SSLv2_server_method in Unknown on line 0
Elan Ruusamäe [Thu, 3 Mar 2016 11:54:15 +0000 (13:54 +0200)]
php 5.6 rebuild needed
oot@jenkins httpd/modules#
$ php56 -m
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php56/openssl.so' - /usr/lib/php56/openssl.so: undefined symbol: SSLv2_client_method in Unknown on line 0
Elan Ruusamäe [Thu, 3 Mar 2016 11:51:19 +0000 (13:51 +0200)]
php rebuild
$ php55 -m
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php55/openssl.so' - /usr/lib/php55/openssl.so: undefined symbol: SSLv2_server_method in Unknown on line 0
Elan Ruusamäe [Thu, 3 Mar 2016 11:47:52 +0000 (13:47 +0200)]
php 5.3 rebuild needed
$ php -m
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php53/openssl.so' - /usr/lib/php53/openssl.so: undefined symbol: SSLv2_server_method in Unknown on line 0
Elan Ruusamäe [Wed, 2 Mar 2016 14:25:38 +0000 (16:25 +0200)]
mod_ssl epoch
Elan Ruusamäe [Wed, 2 Mar 2016 14:22:51 +0000 (16:22 +0200)]
apache 2.2 bump
https://github.com/pld-linux/apache/commit/
0bc39fbc11debf1f75be420bf6886097f802bf32
Elan Ruusamäe [Wed, 2 Mar 2016 13:21:10 +0000 (15:21 +0200)]
require rebuilt ruby
/usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require': /usr/lib64/ruby/2.0/openssl.so: undefined symbol: SSLv2_method - /usr/lib64/ruby/2.0/openssl.so (LoadError)
from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/ruby/2.0/openssl.rb:17:in `<top (required)>'
from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/share/ruby/2.0/net/https.rb:22:in `<top (required)>'
from /usr/share/ruby/2.0/rubygems/core_ext/kernel_require.rb:55:in `require'
Elan Ruusamäe [Wed, 2 Mar 2016 10:46:00 +0000 (12:46 +0200)]
up to 1.0.2g, "DROWN" CVE-2016-0800 and "Cachebleed"
Merge branch '1.0.2g'
Elan Ruusamäe [Thu, 25 Feb 2016 19:43:13 +0000 (21:43 +0200)]
up to 1.0.2g snapshot
x32 patch is probably outdated
Elan Ruusamäe [Thu, 4 Feb 2016 21:26:18 +0000 (23:26 +0200)]
Merge branch 'mrcage-patch-1'
Nicolas Perrenoud [Thu, 4 Feb 2016 18:18:24 +0000 (19:18 +0100)]
Added support for *.cer *.crt *.crl to c_rehash
This is aimed to keep the functionality in sync with OpenSSL 1.0.2
See https://www.openssl.org/docs/man1.0.2/apps/c_rehash.html
Elan Ruusamäe [Thu, 28 Jan 2016 18:10:50 +0000 (20:10 +0200)]
Merge branch 'private-perms'
Elan Ruusamäe [Thu, 28 Jan 2016 18:09:26 +0000 (20:09 +0200)]
Merge branch 'dev-1.0.2f'
Elan Ruusamäe [Thu, 28 Jan 2016 18:04:08 +0000 (20:04 +0200)]
1.0.2f release. CVE-2016-0701, CVE-2015-3197 fixes
- DH small subgroups (CVE-2016-0701)
- SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
https://www.openssl.org/news/openssl-1.0.2-notes.html
Elan Ruusamäe [Mon, 25 Jan 2016 22:08:52 +0000 (00:08 +0200)]
test build upcoming 1.0.2f
the release is to be made somewhere in:
php -r 'echo strftime("%x %X%z\n", strtotime("28 jan 2016 1:00 pm utc"));'
Elan Ruusamäe [Thu, 21 Jan 2016 11:11:56 +0000 (13:11 +0200)]
update ca-certificates dep, recovered from
9afa51db
Elan Ruusamäe [Thu, 3 Dec 2015 20:10:13 +0000 (22:10 +0200)]
doc files were removed on purpose
https://github.com/openssl/openssl/issues/491#issuecomment-
161755535
Elan Ruusamäe [Thu, 3 Dec 2015 20:07:39 +0000 (22:07 +0200)]
third error was from pld specific man-namespace patch
https://github.com/openssl/openssl/issues/491#issuecomment-
161766747
dropping that chunk, as rpm build macros convert symlinks to man links
in post process anyway
Elan Ruusamäe [Thu, 3 Dec 2015 19:38:10 +0000 (21:38 +0200)]
repackaged tarball fixed two issues, but not the third one
https://github.com/openssl/openssl/issues/491
Elan Ruusamäe [Thu, 3 Dec 2015 18:36:17 +0000 (20:36 +0200)]
fix for missing bctest
https://github.com/openssl/openssl/issues/493
Elan Ruusamäe [Thu, 3 Dec 2015 18:21:04 +0000 (20:21 +0200)]
doc/openssl_button.gif doc/openssl_button.html are missing as well
damn buggy release it is
but not sure if intentional, so commenting them out for now.
Elan Ruusamäe [Thu, 3 Dec 2015 18:20:37 +0000 (20:20 +0200)]
hack for pod2man test
https://github.com/openssl/openssl/issues/490
Elan Ruusamäe [Thu, 3 Dec 2015 18:09:28 +0000 (20:09 +0200)]
pod2man tool missing
https://github.com/openssl/openssl/issues/490
Elan Ruusamäe [Thu, 3 Dec 2015 18:04:53 +0000 (20:04 +0200)]
hack a fix for packaging error
https://github.com/openssl/openssl/issues/491
however build still fails for :
make[1]: *** No rule to make target 'bctest', needed by 'test_bn'. Stop.
and then:
/bin/sh: ./pod2mantest: not found
Elan Ruusamäe [Thu, 3 Dec 2015 17:44:15 +0000 (19:44 +0200)]
up to 1.0.2e, fails to build on carme jpaketest.c
Elan Ruusamäe [Fri, 4 Sep 2015 11:17:38 +0000 (14:17 +0300)]
- release 5 (by relup.sh)
Elan Ruusamäe [Fri, 4 Sep 2015 11:16:48 +0000 (14:16 +0300)]
update conflict for neon on ac
Elan Ruusamäe [Fri, 28 Aug 2015 09:04:16 +0000 (12:04 +0300)]
add ntpd conflict
see
https://github.com/pld-linux/ntp/commit/
6a22ef3dfdfc575e06af5df4eaef25a4c546f257
Elan Ruusamäe [Mon, 17 Aug 2015 12:14:16 +0000 (15:14 +0300)]
add missing openssh-clients dependency update
Elan Ruusamäe [Mon, 17 Aug 2015 08:13:10 +0000 (11:13 +0300)]
update openssh conflict for ac
Elan Ruusamäe [Sun, 9 Aug 2015 11:00:53 +0000 (14:00 +0300)]
add LTS note
Arkadiusz Miśkiewicz [Thu, 9 Jul 2015 13:59:00 +0000 (15:59 +0200)]
- up to 1.0.2d; fixes CVE-2015-1793/high
Arkadiusz Miśkiewicz [Sat, 13 Jun 2015 07:28:24 +0000 (09:28 +0200)]
- up to 1.0.2c
Jakub Bogusz [Fri, 12 Jun 2015 17:22:26 +0000 (19:22 +0200)]
- updated optflags patch
Elan Ruusamäe [Thu, 11 Jun 2015 19:38:39 +0000 (22:38 +0300)]
Elan Ruusamäe [Thu, 11 Jun 2015 19:34:51 +0000 (22:34 +0300)]
drop obsolete cpuid.patch
Elan Ruusamäe [Thu, 11 Jun 2015 15:24:29 +0000 (18:24 +0300)]
up to 1.0.2b; fixes for CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791
This page took 0.149705 seconds and 4 git commands to generate.