Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libopenssl10-1.0.2u-25.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libopenssl10 Distribution: openSUSE Tumbleweed
Version: 1.0.2u Vendor: openSUSE
Release: 25.2 Build date: Mon Feb 26 13:37:22 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 3054689 Source RPM: openssl-1_0_0-1.0.2u-25.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.openssl.org/
Summary: Secure Sockets and Transport Layer Security
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.

This package contains libcrypto.so.10 and libssl.so.10 symlinks and
provided capabilities usually provided by other distributions for
compatibility with third party packages.

Provides

Requires

License

OpenSSL

Changelog

* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Tue Jan 30 2024 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1219243, CVE-2024-0727]
    * Add NULL checks where ContentInfo data can be NULL
    * Add openssl-CVE-2024-0727.patch
* Mon Nov 13 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: [bsc#1216922, CVE-2023-5678]
    * Fix excessive time spent in DH check / generation with large Q
      parameter value.
    * Applications that use the functions DH_generate_key() to generate
      an X9.42 DH key may experience long delays. Likewise,
      applications that use DH_check_pub_key(), DH_check_pub_key_ex
      () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
      DH parameters may experience long delays. Where the key or
      parameters that are being checked have been obtained from an
      untrusted source this may lead to a Denial of Service.
    * Add openssl-CVE-2023-5678.patch
* Mon Aug 07 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security fix: (bsc#1213853, CVE-2023-3817)
    * Fix excessive time spent checking DH q parameter value
      (bsc#1213853, CVE-2023-3817). The function DH_check() performs
      various checks on DH parameters. After fixing CVE-2023-3446 it
      was discovered that a large q parameter value can also trigger
      an overly long computation during some of these checks. A
      correct q value, if present, cannot be larger than the modulus
      p parameter, thus it is unnecessary to perform these checks if
      q is larger than p. If DH_check() is called with such q parameter
      value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
      computationally intensive checks are skipped.
    * Add openssl-1_0-CVE-2023-3817.patch
* Thu Jul 20 2023 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1213487, CVE-2023-3446]
    * Fix DH_check() excessive time with over sized modulus.
    * The function DH_check() performs various checks on DH parameters.
      One of those checks confirms that the modulus ("p" parameter) is
      not too large. Trying to use a very large modulus is slow and
      OpenSSL will not normally use a modulus which is over 10,000 bits
      in length.
      However the DH_check() function checks numerous aspects of the
      key or parameters that have been supplied. Some of those checks
      use the supplied modulus value even if it has already been found
      to be too large.
      A new limit has been added to DH_check of 32,768 bits. Supplying
      a key/parameters with a modulus over this size will simply cause
      DH_check() to fail.
    * Add openssl-CVE-2023-3446.patch
* Tue Jun 20 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Improve cross-package provides/conflicts [boo#1210313]
    * Remove Conflicts: ssl
    * Add Conflicts: openssl(cli)
* Wed Jun 14 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [bsc#1207534, CVE-2022-4304]
    * Reworked the Fix for the Timing Oracle in RSA Decryption
      The previous fix for this timing side channel turned out to cause
      a severe 2-3x performance regression in the typical use case
      compared to 1.1.1s.
    * Reworked openssl-CVE-2022-4304.patch
    * Refreshed patches:
    - openssl-CVE-2023-0286.patch
    - openssl-CVE-2023-0464.patch
    - openssl-CVE-2023-0465.patch
* Mon Jun 05 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Merge libopenssl1_0_0-hmac package into the library [bsc#1185116]
* Mon May 22 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-2650, bsc#1211430]
    * Possible DoS translating ASN.1 object identifiers
    * Add openssl-CVE-2023-2650.patch
* Mon Apr 03 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-0465, bsc#1209878]
    * Invalid certificate policies in leaf certificates are silently ignored
    * Add openssl-CVE-2023-0465.patch
  - Security Fix: [CVE-2023-0466, bsc#1209873]
    * Certificate policy check not enabled
    * Add openssl-CVE-2023-0466.patch
* Mon Mar 27 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [CVE-2023-0464, bsc#1209624]
    * Excessive Resource Usage Verifying X.509 Policy Constraints
    * Add openssl-CVE-2023-0464.patch
* Wed Mar 15 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Pass over with spec-cleaner
* Fri Feb 17 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Fix DH key generation in FIPS mode, add support for constant BN for
    DH parameters [bsc#1202062]
    * Add patch: openssl-fips_fix_DH_key_generation.patch
* Tue Feb 07 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Security Fix: [bsc#1207533, CVE-2023-0286]
    * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
      for x400Address
    * Add openssl-CVE-2023-0286.patch
  - Security Fix: [bsc#1207536, CVE-2023-0215]
    * Use-after-free following BIO_new_NDEF()
    * Add patches:
    - openssl-CVE-2023-0215-1of4.patch
    - openssl-CVE-2023-0215-3of4.patch
    - openssl-CVE-2023-0215-4of4.patch
  - Security Fix: [bsc#1207534, CVE-2022-4304]
    * Timing Oracle in RSA Decryption
    * Add openssl-CVE-2022-4304.patch
  - Security Fix: [bsc#1179491, CVE-2020-1971]
    * Fix EDIPARTYNAME NULL pointer dereference
    * Add openssl-CVE-2020-1971.patch
* Mon Jan 02 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Update further expiring certificates that affect tests [bsc#1201627]
    * Add openssl-Update-further-expiring-certificates.patch
* Sat Sep 24 2022 Jason Sikes <jsikes@suse.com>
  - Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
    * bsc#1180995
    * Default to RFC7919 groups when generating ECDH parameters
      using 'genpkey' or 'dhparam' in FIPS mode.
* Tue Jun 28 2022 Andreas Schwab <schwab@suse.de>
  - openssl-riscv64-config.patch: backport of riscv64 config support
* Thu Jun 23 2022 Jason Sikes <jsikes@suse.com>
  - Added	openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
    * bsc#1200550
    * CVE-2022-2068
    * Fixed more shell code injection issues in c_rehash
* Tue Jun 21 2022 Jan Engelhardt <jengelh@inai.de>
  - Adjust rpmlintrc to apply to all arches.
* Mon May 30 2022 Jason Sikes <jsikes@suse.com>
  - Security fix: [bsc#1199166, CVE-2022-1292]
    * Added: openssl-CVE-2022-1292.patch
    * properly sanitise shell metacharacters in c_rehash script.
* Fri May 13 2022 Jan Engelhardt <jengelh@inai.de>
  - Add an rpmlintrc for shlib-policy-name-error/multibuild case.
* Thu Apr 21 2022 Dirk Müller <dmueller@suse.com>
  - update openssl-fips_cavs_aes_keywrap.patch to avoid
    (nonexploitable) format-string vulnerability
* Sun Aug 29 2021 Jason Sikes <jsikes@suse.com>
  - Several OpenSSL functions that print ASN.1 data have been found to assume that
    the ASN1_STRING byte array will be NUL terminated, even though this is not
    guaranteed for strings that have been directly constructed. Where an application
    requests an ASN.1 structure to be printed, and where that ASN.1 structure
    contains ASN1_STRINGs that have been directly constructed by the application
    without NUL terminating the "data" field, then a read buffer overrun can occur.
    * CVE-2021-3712 continued
    * bsc#1189521
    * Add CVE-2021-3712-ASN1_STRING-issues.patch
    * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
      2021-08-24 00:47 PDT by Marcus Meissner and from
      https://github.com/openssl/openssl/commit/d9d838ddc0ed083fb4c26dd067e71aad7c65ad16
* Mon Jul 12 2021 Jason Sikes <jsikes@suse.com>
  - Add safe primes to DH parameter generation
    * RFC7919 and RFC3526
    * bsc#1180995
    * Added openssl-add_rfc3526_rfc7919.patch
    * Added openssl-DH.patch
    * Genpkey: "-pkeyopt dh_param:" can now choose modp_* (rfc3526) and
      ffdhe* (rfc7919) groups. Example:
      $ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096
* Sat Jun 26 2021 Jason Sikes <jsikes@suse.com>
  - link binaries as position independent executables
    * added openssl-1.0.0-pic-pie.patch
    * bsc#1186495
* Wed Mar 03 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fixes:
    * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
      protection [bsc#1182333, CVE-2021-23840]
    * Null pointer deref in X509_issuer_and_serial_hash()
      [bsc#1182331, CVE-2021-23841]
  - Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch

Files

/usr/lib64/libcrypto.so.10
/usr/lib64/libssl.so.10
/usr/share/licenses/libopenssl10
/usr/share/licenses/libopenssl10/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed May 22 00:17:41 2024