Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openssl-1_0_0-1.0.2u-6.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: openssl-1_0_0 Distribution: openSUSE Tumbleweed
Version: 1.0.2u Vendor: openSUSE
Release: 6.1 Build date: Wed Sep 8 21:42:25 2021
Group: Productivity/Networking/Security Build host: obs-arm-10
Size: 1501937 Source RPM: openssl-1_0_0-1.0.2u-6.1.src.rpm
Summary: Secure Sockets and Transport Layer Security
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.






* Sun Aug 29 2021 Jason Sikes <>
  - Several OpenSSL functions that print ASN.1 data have been found to assume that
    the ASN1_STRING byte array will be NUL terminated, even though this is not
    guaranteed for strings that have been directly constructed. Where an application
    requests an ASN.1 structure to be printed, and where that ASN.1 structure
    contains ASN1_STRINGs that have been directly constructed by the application
    without NUL terminating the "data" field, then a read buffer overrun can occur.
    * CVE-2021-3712 continued
    * bsc#1189521
    * Add CVE-2021-3712-ASN1_STRING-issues.patch
    * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
      2021-08-24 00:47 PDT by Marcus Meissner and from
* Mon Jul 12 2021 Jason Sikes <>
  - Add safe primes to DH parameter generation
    * RFC7919 and RFC3526
    * bsc#1180995
    * Added openssl-add_rfc3526_rfc7919.patch
    * Added openssl-DH.patch
    * Genpkey: "-pkeyopt dh_param:" can now choose modp_* (rfc3526) and
      ffdhe* (rfc7919) groups. Example:
      $ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096
* Sat Jun 26 2021 Jason Sikes <>
  - link binaries as position independent executables
    * added openssl-1.0.0-pic-pie.patch
    * bsc#1186495
* Wed Mar 03 2021 Pedro Monreal <>
  - Security fixes:
    * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
      protection [bsc#1182333, CVE-2021-23840]
    * Null pointer deref in X509_issuer_and_serial_hash()
      [bsc#1182331, CVE-2021-23841]
  - Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
* Mon Oct 12 2020 Dominique Leuenberger <>
  - Escape rpm command %%expand when used in comment.
* Tue Aug 18 2020 Antonio Larrosa <>
  - Add libopenssl10 package with and
    libraries built with --default-symver and the following patch
    so we can provide the same symbols as other distros in a
    compatible package (bsc#1175429):
    * openssl-1.0.2e-rpmbuild.patch
  - Update patch to add OPENSSL_1.0.1_EC symbol (bsc#1175429):
    * openssl-1.0.0-version.patch
* Fri Dec 20 2019 Pedro Monreal Gonzalez <>
  - Update to 1.0.2u [bsc#1158809, CVE-2019-1551]
    * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
      used in exponentiation with 512-bit moduli. No EC algorithms are
      affected. Analysis suggests that attacks against 2-prime RSA1024,
      3-prime RSA1536, and DSA1024 as a result of this defect would be very
      difficult to perform and are not believed likely. Attacks against DH512
      are considered just feasible. However, for an attack the target would
      have to re-use the DH512 private key, which is not recommended anyway.
      Also applications directly using the low level API BN_mod_exp may be
      affected if they use BN_FLG_CONSTTIME.
  - Drop patch openssl-1_1-CVE-2019-1551.patch
* Tue Dec 10 2019 Pedro Monreal Gonzalez <>
  - Security fix: [bsc#1158809, CVE-2019-1551]
    * Overflow bug in the x64_64 Montgomery squaring procedure used
      in exponentiation with 512-bit moduli
  - Add openssl-1_1-CVE-2019-1551.patch
* Thu Oct 03 2019 Vítězslav Čížek <>
  - Update to 1.0.2t
    * For built-in EC curves, ensure an EC_GROUP built from the curve name is
      used even when parsing explicit parameters, when loading a serialized key
      or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters().
    * Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
  - drop upstreamed patches:
    * openssl-CVE-2019-1547.patch
    * openssl-CVE-2019-1563.patch
* Thu Sep 12 2019 Pedro Monreal Gonzalez <>
  - OpenSSL Security Advisory [10 September 2019]
    * EC_GROUP_set_generator side channel attack avoidance. [bsc#1150003, CVE-2019-1547]
    * Bleichenbacher attack against cms/pkcs7 encryption transported key [bsc#1150250, CVE-2019-1563]
  - Added patches:
    * openssl-CVE-2019-1547.patch
    * openssl-CVE-2019-1563.patch
* Thu Feb 28 2019 Pedro Monreal Gonzalez <>
  - Update to 1.0.2r
    * 0-byte record padding oracle
      (CVE-2019-1559, bsc#1127080)
    * Move strictness check from EVP_PKEY_asn1_new() to
  - Refreshed patches:
    * openssl-1.0.2i-fips.patch
* Sun Dec 16 2018 Tobias Klausmann <>
  - Start versioning the exported symbols:
    At least one steam game (Company of Heroes 2) needs this symbol versioned
  - modify openssl-1.0.0-version.patch
* Tue Nov 20 2018 Vítězslav Čížek <>
  - Update to 1.0.2q
    * Microarchitecture timing vulnerability in ECC scalar multiplication
      (CVE-2018-5407, bsc#1113534, "PortSmash")
    * Timing vulnerability in DSA signature generation
      (CVE-2018-0734, bsc#1113652)
    * Use a secure getenv wrapper inside libcrypto
  - refreshed patches:
    * openssl-fipslocking.patch
    * openssl-1.0.2i-fips.patch
* Tue Sep 04 2018
  - correct the error detection in openssl-CVE-2018-0737-fips.patch
* Thu Aug 16 2018
  - Fix One&Done side-channel attack on RSA (bsc#1104789)
    * add openssl-One_and_Done.patch
* Wed Aug 15 2018
  - Update to 1.0.2p
    OpenSSL Security Advisory [12 June 2018]
    * Reject excessively large primes in DH key generation
      (bsc#1097158, CVE-2018-0732)
    OpenSSL Security Advisory [16 Apr 2018]
    * Cache timing vulnerability in RSA Key Generation
      (CVE-2018-0737, bsc#1089039)
    * Make EVP_PKEY_asn1_new() a bit stricter about its input
    * Revert blinding in ECDSA sign and instead make problematic addition
      length-invariant. Switch even to fixed-length Montgomery multiplication.
    * Change generating and checking of primes so that the error rate of not
      being prime depends on the intended use based on the size of the input.
    * Increase the number of Miller-Rabin rounds for DSA key generating to 64.
    * Add blinding to ECDSA and DSA signatures to protect against side channel
    * When unlocking a pass phrase protected PEM file or PKCS#8 container, we
      now allow empty (zero character) pass phrases.
    * Certificate time validation (X509_cmp_time) enforces stricter
      compliance with RFC 5280. Fractional seconds and timezone offsets
      are no longer allowed.
  - add openssl-CVE-2018-0737-fips.patch
  - refreshed patches:
    * openssl-1.0.2a-fips-ec.patch
    * openssl-1.0.2a-ipv6-apps.patch
    * openssl-1.0.2i-fips.patch
    * openssl-1.0.2i-new-fips-reqs.patch
* Thu Aug 02 2018
  - Add openssl(cli) Provide so the packages that require the openssl
    binary can require this instead of the new openssl meta package
  - Suggest libopenssl1_0_0-hmac from libopenssl1_0_0 package to avoid
    dependency issues during updates (bsc#1090765)
  - Don't Require openssl-1_0_0 from the devel package, just Recommend it
* Wed Aug 01 2018
  - update to 1.0.2o
    OpenSSL Security Advisory [27 Mar 2018]
    * Constructed ASN.1 types with a recursive definition could have
      exceeded the stack (bsc#1087102, CVE-2018-0739)
  - patches refreshed because of upstream 'sizeof' operator re-format
    * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
    * openssl-1.0.2a-fips-ctor.patch
    * openssl-1.0.2a-ipv6-apps.patch
    * openssl-1.0.2i-fips.patch
    * openssl-fips-dont-fall-back-to-default-digest.patch
    * openssl-rsakeygen-minimum-distance.patch
* Thu Feb 15 2018
  - Remove bit obsolete syntax
  - Use %license macro



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Dec 3 23:48:33 2021