Sisyphus repository
Last update: 2017-10-23 22:05:38 +0400 | SRPMs: 17948 | Sign in or Sign up
en ru uk br
ALT Linux repositories
hide window
Sisyphus: 2.5.5-alt3
p8: 2.5.5-alt2.M80P.1

Group :: Security/Networking
Source RPM: LibreSSL

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR (0/0)   Repocop 

2017-08-14 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.5.5-alt3

    - fixed cert.pem lookup location for netcat and ocspcheck
    - fixed manpages
    - removed RELNOTES
    - disabled tests

2017-07-20 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.5.5-alt2

    - fixed LibreSSL-devel provides and requires to avoid collision with openssl
    - make watchfile to watch for the stable releases

2017-07-14 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.5.5-alt1

    - 2.5.5

2017-05-03 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.5.4-alt1

    - 2.5.4
    - Fixes:
    + CVE-2017-8301

2017-04-21 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.5.3-alt1

    - 2.5.3
    - added ocspcheck package.
    - renamed -doc packages to -devel-doc.
    - added RELNOTES.
    - placed `%make check' to proper location in spec.

2017-02-04 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.4.5-alt1

    - 2.4.5
    - packaged %_sysconfdir/%oname/openssl.cnf as noreplace config file.
    - packaged ChangeLog and COPYING files.
    - fixed license: added notice about original OpenSSL code license.
    - removed conflict to openssl in openssl-LibreSSL package.

2016-11-07 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.4.4-alt1

    - 2.4.4
    - packaged ungziped source tarball
    - changed watchfile to watch stable releases
    - packaged watchfile
    - Changes and fixes:
    + Avoid continual processing of an unlimited number of TLS records,
    which can cause a denial-of-service condition.
    + In X509_cmp_time(), pass asn1_time_parse() the tag of the field
    being parsed so that a malformed GeneralizedTime field is recognized
    as an error instead of potentially being interpreted as if it was a
    valid UTCTime.
    + Improve ticket validity checking when tlsext_ticket_key_cb()
    callback chooses a different HMAC algorithm.
    + Check for packets with a truncated DTLS cookie.
    + Detect zero-length encrypted session data early, instead of when
    malloc(0) fails or the HMAC check fails.
    + Check for and handle failure of HMAC_{Update,Final} or
    EVP_DecryptUpdate()

2016-09-29 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.4.3-alt1

    - 2.4.3
    - Bug fixes and reliability improvements:
    + Reverted change that cleans up the EVP cipher context in
    EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
    previous behaviour.
    + Avoid unbounded memory growth in libssl, which can be triggered by a
    TLS client repeatedly renegotiating and sending OCSP Status Request
    TLS extensions.
    + Avoid falling back to a weak digest for (EC)DH when using SNI with
    libssl.
    - add `nc' providing
    - remove `netcat' providing

2016-08-03 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.4.2-alt1

    - 2.4.2
    - LibreSSL
    + Bug fixes and improvements:
    - Fixed loading default certificate locations with openssl s_client.
    - Ensured OSCP only uses and compares GENERALIZEDTIME values as per
    RFC6960. Also added fixes for OCSP to work with intermediate
    certificates provided in responses.
    - Improved behavior of arc4random on Windows to not appear to leak
    memory in debug tools, reduced privileges of allocated memory.
    - Fixed incorrect results from BN_mod_word() when the modulus is too
    large, thanks to Brian Smith from BoringSSL.
    - Correctly handle an EOF prior to completing the TLS handshake in
    libtls.
    - Improved libtls ceritificate loading and cipher string validation.
    - Updated libtls cipher group suites into four categories:
    - "secure" (TLSv1.2+AEAD+PFS)
    - "compat" (HIGH:!aNULL)
    - "legacy" (HIGH:MEDIUM:!aNULL)
    - "insecure" (ALL:!aNULL:!eNULL)
    This allows for flexibility and finer grained control, rather than
    having two extremes.
    - Limited support for 'backward com
    - openssl-LibreSSL:
    + rename package from LibreSSL-openssl
    + remove conflict with openssl
    + rename binary and manpages fro openssl to openssl-LibreSSL
    + move some man pages to LibreSSL-doc package
    - netcat-tls:
    + rename package from netcat-openbsd
    + adopt many of original netcat alt and owl patches

2016-06-19 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.3.6-alt1

    - 2.3.6
    - Correct a problem that prevents the DSA signing algorithm from running
    in constant time even if the flag BN_FLG_CONSTTIME is set.

2016-06-01 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.3.5-alt1

    - 2.3.5

2016-05-03 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.3.4-alt1

    - 2.3.4
    - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding
    (From OpenSSL):
    + Memory corruption in the ASN.1 encoder (CVE-2016-2108)
    + Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
    + EVP_EncodeUpdate overflow (CVE-2016-2105)
    + EVP_EncryptUpdate overflow (CVE-2016-2106)
    + ASN.1 BIO excessive memory allocation (CVE-2016-2109)
    - Minor build fixes.
    - LibreSSL-openssl
    + Added conflict to openssl-doc

2016-05-03 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.3.3-alt2

    - LibreSSL-doc
    + Add conflict: openssl-doc.
    - libtls-doc
    + Build as noarch
    - libcrypto-LibreSSL
    + "/etc/libressl" directory is owned by package now.

2016-04-21 Vladimir D. Seleznev <vseleznv at altlinux.org> 2.3.3-alt1

    - Initial build.

 
© 2009–2017 Igor Zubkov