Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libressl-3.5.3-1.1 RPM for armv6hl

From OpenSuSE Ports Tumbleweed for armv6hl

Name: libressl Distribution: openSUSE Tumbleweed
Version: 3.5.3 Vendor: openSUSE
Release: 1.1 Build date: Thu May 19 23:07:19 2022
Group: Development/Libraries/C and C++ Build host: obs-arm-10
Size: 591291 Source RPM: libressl-3.5.3-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.libressl.org/
Summary: An SSL/TLS protocol implementation
LibreSSL is an open-source implementation of the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols. It derives from
OpenSSL, with the aim of refactoring the OpenSSL code so as to
provide a more secure implementation.

Provides

Requires

License

OpenSSL

Changelog

* Thu May 19 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.5.3
    * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in
      advancing the passed *der_in pointer incorrectly.
* Thu Apr 28 2022 Paolo Stivanin <info@paolostivanin.com>
  - Update to release 3.5.2:
    * New Features:
    * The RFC 3779 API was ported from OpenSSL. Many bugs were
      fixed, regression tests were added and the code was cleaned
      up.
    * Certificate Transparency was ported from OpenSSL. Many
      internal improvements were made, resulting in cleaner and
      safer code. Regress coverage was added. libssl does not yet
      make use of it.
    * Portable Improvements:
    * Fixed various POSIX compliance and other portability issues
      found by the port to the Sortix operating system.
    * Compatibility Changes:
    * Most structs that were previously defined in the following
      headers are now opaque as they are in OpenSSL 1.1: bio.h,
      bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
      x509.h, x509v3.h, x509_vfy.h
    * Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
      OpenSSL added the TLSv1.3 ciphersuites with "RFC names"
      instead of using something consistent with the previous
      naming. Various test suites expect these names (instead of
      checking for the much more sensible cipher numbers). The old
      names are still accepted as aliases.
    * Subject alternative names and name constraints are now
      validated when they are added to certificates. Various
      interoperability problems with stacks that validate
      certificates more strictly than OpenSSL can be avoided this
      way.
    * Attempt to opportunistically use the host name for SNI in
      s_client
  - Rebase des-fcrypt.diff
  - Rebase extra-symver.diff
* Wed Mar 16 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.4.3
    * A malicious certificate could cause an infinite loop in
      previous releases. [CVE-2022-0778]
* Thu Dec 30 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.4.2 [boo#1190853]
    * Add support for OpenSSL 1.1.1 TLSv1.3 APIs.
    * Enable the new x509 validator.
* Thu Dec 09 2021 Ferdinand Thiessen <rpm@fthiessen.de>
  - Update to release 3.3.5
    * Fixed: A stack overread could occur when checking X.509 name
      constraints.
    * Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
      This compensates for the expiry of the DST Root X3 certificate.
* Thu Aug 26 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.3.4
    * In LibreSSL, printing a certificate could result in a crash in
      X509_CERT_AUX_print(). This was fixed.
* Wed May 05 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.3.3
    * Support for DTLSv1.2.
    * Continued rewrite of the record layer for the legacy stack.
    * Numerous bugs and interoperability issues were fixed in the
      new verifier. A few bugs and incompatibilities remain, so
      this release uses the old verifier by default.
    * The OpenSSL 1.1 TLSv1.3 API is not yet available.
* Sun Mar 21 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.5
    * A TLS client using session resumption may have caused a
      use-after-free.
* Sat Feb 13 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.4
    * Switch back to certificate verification code from LibreSSL
      3.1.x. The new verifier is not bug compatible with the old
      verifier causing issues with applications expecting behavior
      of the old verifier.
    * Unbreak DTLS retransmissions for flights that include a CCS.
    * Implement autochain for the TLSv1.3 server.
    * Use the legacy verifier for autochain.
    * Implement exporter for TLSv1.3.
    * Plug leak in x509_verify_chain_dup().
* Thu Dec 10 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.3
    * Fixed: Malformed ASN.1 in a certificate revocation list or a
      timestamp response token could lead to a NULL pointer
      dereference.
* Wed Oct 21 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.2
    * New X509 certificate chain validator that correctly handles
      multiple paths through intermediate certificates.
    * New name constraints verification implementation.
    * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h.
    * Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash.
    * Avoid an out-of-bounds write in BN_rand().
    * Fix numerous leaks in the UI_dup_* functions.
    * Avoid an out-of-bounds write in BN_rand().
* Wed Aug 19 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.4
    * TLS 1.3 client improvements:
    * Improve client certificate selection to allow EC certificates
      instead of only RSA certificates.
    * Do not error out if a TLSv1.3 server requests an OCSP
      response as part of a certificate request.
    * Fix SSL_shutdown behavior to match the legacy stack. The
      previous behaviour could cause a hang.
    * Fix a memory leak and add a missing error check in the
      handling of the key update message.
    * Fix a memory leak in tls13_record_layer_set_traffic_key.
    * Avoid calling freezero with a negative size if a server sends
      a malformed plaintext of all zeroes.
    * Ensure that only PSS may be used with RSA in TLSv1.3 in order
      to avoid using PKCS1-based signatures.
    * Add the P-521 curve to the list of curves supported by
      default in the client.
* Wed Jun 17 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.3
    * Fixed libcrypto failing to build a valid certificate chain
      due to expired untrusted issuer certificates.
* Sat May 23 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.2
    * A TLS client with peer verification disabled may crash when
      contacting a server that sends an empty certificate list.
* Sun May 10 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.1
    * Completed initial TLS 1.3 implementation with a completely
      new state machine and record layer. TLS 1.3 is now enabled by
      default for the client side, with the server side to be
      enabled in a future release. Note that the OpenSSL TLS 1.3
      API is not yet visible/available.
    * Improved cipher suite handling to automatically include
      TLSv1.3 cipher suites when they are not explicitly referred
      to in the cipher
      string.
    * Provided TLSv1.3 cipher suite aliases to match the names used
      in RFC 8446.
    * Added cms subcommand to openssl(1).
    * Added -addext option to openssl(1) req subcommand.
    * Added -groups option to openssl(1) s_server subcommand.
    * Added TLSv1.3 extension types to openssl(1) -tlsextdebug.
* Sun Oct 20 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.0.2
    * Use a valid curve when constructing an EC_KEY that looks like
      X25519. The recent EC group cofactor change results in
      stricter validation, which causes the EC_GROUP_set_generator()
      call to fail.
    * Fixed a padding oracle in PKCS7_dataDecode and
      CMS_decrypt_set1_pkey. (Note that the CMS code is currently
      disabled).
* Wed May 22 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.9.2
    * Fixed SRTP profile advertisement for DTLS servers.
* Tue Apr 23 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.9.1
    * Added the SM4 block cipher from the Chinese standard GB/T
      32907-2016.
    * Partial port of the OpenSSL EC_KEY_METHOD API for use by
      OpenSSH.
    * Implemented further missing OpenSSL 1.1 API.
    * Added support for XChaCha20 and XChaCha20-Poly1305.
    * Added support for AES key wrap constructions via the EVP
      interface.
* Sun Mar 31 2019 Jan Engelhardt <jengelh@inai.de>
  - Add openssl(cli) provides. Replace otherproviders conflict
    by normal Conflict+Provides.
* Thu Mar 14 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.9.0
    * CRYPTO_LOCK is now automatically initialized, with the legacy
      callbacks stubbed for compatibility.
    * Added the SM3 hash function from the Chinese standard GB/T
      32905-2016.
    * Added more OPENSSL_NO_* macros for compatibility with
      OpenSSL.
    * Added the ability to use the RSA PSS algorithm for handshake
      signatures.
    * Added functionality to derive early, handshake, and
      application secrets as per RFC8446.
    * Added handshake state machine from RFC8446.
    * Added support for assembly optimizations on 32-bit ARM ELF
      targets.
    * Improved protection against timing side channels in ECDSA
      signature generation.
    * Coordinate blinding was added to some elliptic curves. This
      is the last bit of the work by Brumley et al. to protect
      against the Portsmash vulnerability.

Files

/etc/ssl
/etc/ssl/openssl.cnf
/etc/ssl/x509v3.cnf
/usr/bin/ocspcheck
/usr/bin/openssl
/usr/share/doc/packages/libressl
/usr/share/doc/packages/libressl/COPYING
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man5/openssl.cnf.5ssl.gz
/usr/share/man/man5/x509v3.cnf.5ssl.gz
/usr/share/man/man8/ocspcheck.8ssl.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 16 01:18:36 2024