Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libressl | Distribution: openSUSE Tumbleweed |
Version: 3.5.3 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu May 19 23:07:19 2022 |
Group: Development/Libraries/C and C++ | Build host: obs-arm-10 |
Size: 591291 | Source RPM: libressl-3.5.3-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.libressl.org/ | |
Summary: An SSL/TLS protocol implementation |
LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation.
OpenSSL
* Thu May 19 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 3.5.3 * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing the passed *der_in pointer incorrectly. * Thu Apr 28 2022 Paolo Stivanin <info@paolostivanin.com> - Update to release 3.5.2: * New Features: * The RFC 3779 API was ported from OpenSSL. Many bugs were fixed, regression tests were added and the code was cleaned up. * Certificate Transparency was ported from OpenSSL. Many internal improvements were made, resulting in cleaner and safer code. Regress coverage was added. libssl does not yet make use of it. * Portable Improvements: * Fixed various POSIX compliance and other portability issues found by the port to the Sortix operating system. * Compatibility Changes: * Most structs that were previously defined in the following headers are now opaque as they are in OpenSSL 1.1: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h, x509.h, x509v3.h, x509_vfy.h * Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_ OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead of using something consistent with the previous naming. Various test suites expect these names (instead of checking for the much more sensible cipher numbers). The old names are still accepted as aliases. * Subject alternative names and name constraints are now validated when they are added to certificates. Various interoperability problems with stacks that validate certificates more strictly than OpenSSL can be avoided this way. * Attempt to opportunistically use the host name for SNI in s_client - Rebase des-fcrypt.diff - Rebase extra-symver.diff * Wed Mar 16 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 3.4.3 * A malicious certificate could cause an infinite loop in previous releases. [CVE-2022-0778] * Thu Dec 30 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 3.4.2 [boo#1190853] * Add support for OpenSSL 1.1.1 TLSv1.3 APIs. * Enable the new x509 validator. * Thu Dec 09 2021 Ferdinand Thiessen <rpm@fthiessen.de> - Update to release 3.3.5 * Fixed: A stack overread could occur when checking X.509 name constraints. * Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier. This compensates for the expiry of the DST Root X3 certificate. * Thu Aug 26 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 3.3.4 * In LibreSSL, printing a certificate could result in a crash in X509_CERT_AUX_print(). This was fixed. * Wed May 05 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 3.3.3 * Support for DTLSv1.2. * Continued rewrite of the record layer for the legacy stack. * Numerous bugs and interoperability issues were fixed in the new verifier. A few bugs and incompatibilities remain, so this release uses the old verifier by default. * The OpenSSL 1.1 TLSv1.3 API is not yet available. * Sun Mar 21 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 3.2.5 * A TLS client using session resumption may have caused a use-after-free. * Sat Feb 13 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 3.2.4 * Switch back to certificate verification code from LibreSSL 3.1.x. The new verifier is not bug compatible with the old verifier causing issues with applications expecting behavior of the old verifier. * Unbreak DTLS retransmissions for flights that include a CCS. * Implement autochain for the TLSv1.3 server. * Use the legacy verifier for autochain. * Implement exporter for TLSv1.3. * Plug leak in x509_verify_chain_dup(). * Thu Dec 10 2020 Jan Engelhardt <jengelh@inai.de> - Update to release 3.2.3 * Fixed: Malformed ASN.1 in a certificate revocation list or a timestamp response token could lead to a NULL pointer dereference. * Wed Oct 21 2020 Jan Engelhardt <jengelh@inai.de> - Update to release 3.2.2 * New X509 certificate chain validator that correctly handles multiple paths through intermediate certificates. * New name constraints verification implementation. * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. * Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. * Avoid an out-of-bounds write in BN_rand(). * Fix numerous leaks in the UI_dup_* functions. * Avoid an out-of-bounds write in BN_rand(). * Wed Aug 19 2020 Jan Engelhardt <jengelh@inai.de> - Update to release 3.1.4 * TLS 1.3 client improvements: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. * Wed Jun 17 2020 Jan Engelhardt <jengelh@inai.de> - Update to release 3.1.3 * Fixed libcrypto failing to build a valid certificate chain due to expired untrusted issuer certificates. * Sat May 23 2020 Jan Engelhardt <jengelh@inai.de> - Update to release 3.1.2 * A TLS client with peer verification disabled may crash when contacting a server that sends an empty certificate list. * Sun May 10 2020 Jan Engelhardt <jengelh@inai.de> - Update to release 3.1.1 * Completed initial TLS 1.3 implementation with a completely new state machine and record layer. TLS 1.3 is now enabled by default for the client side, with the server side to be enabled in a future release. Note that the OpenSSL TLS 1.3 API is not yet visible/available. * Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string. * Provided TLSv1.3 cipher suite aliases to match the names used in RFC 8446. * Added cms subcommand to openssl(1). * Added -addext option to openssl(1) req subcommand. * Added -groups option to openssl(1) s_server subcommand. * Added TLSv1.3 extension types to openssl(1) -tlsextdebug. * Sun Oct 20 2019 Jan Engelhardt <jengelh@inai.de> - Update to release 3.0.2 * Use a valid curve when constructing an EC_KEY that looks like X25519. The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (Note that the CMS code is currently disabled). * Wed May 22 2019 Jan Engelhardt <jengelh@inai.de> - Update to new upstream release 2.9.2 * Fixed SRTP profile advertisement for DTLS servers. * Tue Apr 23 2019 Jan Engelhardt <jengelh@inai.de> - Update to new upstream release 2.9.1 * Added the SM4 block cipher from the Chinese standard GB/T 32907-2016. * Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH. * Implemented further missing OpenSSL 1.1 API. * Added support for XChaCha20 and XChaCha20-Poly1305. * Added support for AES key wrap constructions via the EVP interface. * Sun Mar 31 2019 Jan Engelhardt <jengelh@inai.de> - Add openssl(cli) provides. Replace otherproviders conflict by normal Conflict+Provides. * Thu Mar 14 2019 Jan Engelhardt <jengelh@inai.de> - Update to new upstream release 2.9.0 * CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility. * Added the SM3 hash function from the Chinese standard GB/T 32905-2016. * Added more OPENSSL_NO_* macros for compatibility with OpenSSL. * Added the ability to use the RSA PSS algorithm for handshake signatures. * Added functionality to derive early, handshake, and application secrets as per RFC8446. * Added handshake state machine from RFC8446. * Added support for assembly optimizations on 32-bit ARM ELF targets. * Improved protection against timing side channels in ECDSA signature generation. * Coordinate blinding was added to some elliptic curves. This is the last bit of the work by Brumley et al. to protect against the Portsmash vulnerability.
/etc/ssl /etc/ssl/openssl.cnf /etc/ssl/x509v3.cnf /usr/bin/ocspcheck /usr/bin/openssl /usr/share/doc/packages/libressl /usr/share/doc/packages/libressl/COPYING /usr/share/man/man1/openssl.1ssl.gz /usr/share/man/man5/openssl.cnf.5ssl.gz /usr/share/man/man5/x509v3.cnf.5ssl.gz /usr/share/man/man8/ocspcheck.8ssl.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Nov 16 01:18:36 2024