libopenssl-1_0_0-devel-1.0.2p-lp151.5.20.1<>,_ӏڸ/=„kˮ: GxBQ֨n nm*7(;|GRZ{[q-~fإeȋ ,cbC_  ՘8|IQs&Eb/ӓwFб5TJN4c8qvQ&: cV,({Jb5Ur*8%[D.bЌ> 5V9Z m/B0EdR8'ĻTjSF(~w M=rFyis(l^n8y/>:gqNkN>A?d  - K  -FLTSS FS S 8S KS SSSR|S D  l !8 !h!t!(!8!X9#(X:+XFGSHPSISXY\HS]S^4bvc4defluSv4wpSxSy z,<@FClibopenssl-1_0_0-devel1.0.2plp151.5.20.1Development files for OpenSSLThis subpackage contains header files for developing applications that want to make use of the OpenSSL C API._ӏcloud103openSUSE Leap 15.1openSUSEOpenSSLhttp://bugs.opensuse.orgDevelopment/Libraries/C and C++https://www.openssl.org/linuxi586_sV23 o G,63mr-SC;bN#V*h&G9>A#[5p%Mf Dj eeS .:Q*Y v%I /lH ;Cr6KHA큤_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ_ӏ%_ӏ_ӏ_ӏ_ӏ_ӏ6ec0ec06504b49f669f395a28c922077c6f0ceb8ec381458380450eafe70d29a561ef6d03da905ed1ef83b976d5e9d1d9000a0e80df57f43ec7b7977f5abdb82149760269cfd04e0ab08aa0b767b1eb8e25451bc7bdca668e1ec5505479932c8159ac3e637b5f0fa5a11c5d0bee17a6b35b6a3152f7a52c0e62d6094a715bf7e13fefa342953ac742dcb7f019cf69ae3077ab9e619030f82ee8e5775f13816e5b7b98fd01b32491aff0e1164b4e7c0d3c1796dec9760faf57e62dd7a2c00abae73705fe8e585ef52dc3eb6ff7cd3f5396c59d38b5bd216959efb82e1a370600c4883669d6d62c7bbb6a7cd830e24115892083e2b6ee32a1f6d4b4d6251c03f0e90a87a04d47745a9be3bd6d8c14a660bf88838ce12292a6e3a20c73b75f21d0c382e60da70f130eb43ee86972e03a4e02137a78553a0442a795fc908f2f9842cbadc66b1f92686c2d369a4d2b2942ea23d38bc91aa1a5faac3e184cbf4932c9cd90e4dfd69fa81006ec91391bf7795a94d5148062f5409dcd51f83bf646afb524e0f5ea37d20a9ce4b8eae7134c9f2bc1dabdb5c3402cf084c2d55cd7e0c9e31a61e745ffc08374b68d6c8dd614bfef3bd9d2ff474b577947ae02a39c9c408668821ee7471953447cc2804cd8dfcc7cc444cdb92a26fe8ea94c858ee5a4ccdcdd81303432685bc6dce5298845820a3baf584efad93f8e268915752c6e8479932e4413557e56f54f3cefca8e593607b99cc865eeb4b292833c635104d8db7cf3d3853f9d3521136a378c62c940952bcfcd00622ef3fd958fc457480d4944dfb032dbb6a49ce9cebbe8a9044ef8b569db87f594ae9cbeb1494e3c8e1ccb8e6c2cf941ddfdc0d71a3310ca468446997abce5214e8fa50892bd0f286c59107e5d908056e121abc8c69bba176c60ddd43f20c97ed3ddae81acc4bb3dd02c0d735b051f0c17bdeba91c21783bb2e2b882a047f1ce5c37a30b56d816fba694838a9857e28fdd6e9b2c16e8b5011206f3c0ee7b879ae9dfd8ee8053cb2b781491c6f734a44d0e8e3053d20d3ef60702497fac6fbc733250cd5f6b0c19775ac0865a8548466ae62cc1cfadd3ae2ca23e5a72fb5068339858f13d8bd8aaedba9d703c7451b6d033e890cf2f2c7bcb38f88c642e2bddaf46235442144c8a603d781ba7419def346d93c67496b8a4b3c197ce9ca8fed0997b5e186d54523ee8a12b265f37410932e07c02a1925a74369f2561d1dbbd4e3ebef381130ab2769fb965f22e995ba2e00ea44d7a77daec9599188c2741ff947b824c388227e91eae45455f41428dae62cf16874ed0574972fab3e92828a741101625aa669154e68cefcc354f75d9f011fc9da384a908af3937c24bc9b64c120e226a4fd71b168985f5facfcbebdc9d12fb810059ebf7504fb3fcdeb80290c0f17e43416809c050bc6df5d2d691ed0490ba94544cdeb1966ebf9924e1f935b7ba8de0bfda662a6d3845b0b2b9ac2aeeb5250aaa62ab43c90865860a82561b715f8a2e94de73dd8d84fe9d93a5d3b728b416ebd7180eec58d7247a7783d1b007bb183159e4367303ddc68899d78a26939b7ae38df906e38c5f18b03cedaedafe8311de6be712765f9746cdad99a10c640d1acfca4cffd42fbc5b0507e1d16009bdbccd5bde0d670de2ed629c85554f991df381595850e728b082a8275031a16617974b18c2583f50e89e83df881b97dabccfbbda4d56465aa152e585699058e6d98354bb2cc90f64af3fd123ddc2c2e21e93498517d3be686e6b5ce1c3aa9a0aae6a57eb5d7077118f125f9fb8672760584636017f846ff5d55228318f832a2b22e2d66ab573061ba551d0b7362679224ebbb3d8981dde0a0b4ed04e091aa751826826176e45956af309d6b6c8a8e0e70a4f42a9f42b66d3c498403870d2b63343c31ec5047fdd97b64d225b36a549e13d9c0193bd060b6827fb188091ba89430f244beeeaa4ee6b3b450dd26acc23a3c922f8b424ceaf6205c98b86737429a137985cc505d4c32ed9b3b626845c597da95e7574c8d10e13ca75f0b17ec0487d977c2a1551ac04f72c3fa473ab05549ef9f84f41e190e6e7da61c06f7154e9f666289b65ac108363ad74fba8c55c0a4d569e9f7c8eb72054ea52956d0b2d77059fdb8f61e5a47b7b2be912e9fbda9fca2535a175266c80b46d57bb930f937efd3e2f3e81a65b5064ca2d0030d98796a859b0d536f0e3002925c47cfe923c78b5ff146e98637931de423f37db00ae4b34dc61f64aee274bd8678bcc2b93867d1139704098fc68e415ce3e088f62e41bd975a8c360f6b84ee626824d51ca76b8e729fad2cf4ff8403828611f1ab71c5a137e4b7ba550f3e4f85f614065c65cca5dbf891b8163c4ec7d537043f678382c0efdf25e016759e998845d8d1295e75eabce70205ce42e2787407a07e58767f7f171bd33e41e054b1271c72405ade4d8460a67452d6c6dae3bd3f7b0616fccfac9d5c8bdfa118aa7082e95bad4a616306a2ed0becdb00568570ce642b17143b0e84377a9c55fd07a9715a9647340b4db7e03e3187284a8190b3a748bc8990117e0845773d9b8329da9fd42bcee81f36338bf5124a97ae569a3daff99a22bd062f15c0da5130195294a9fa4e10b14c84a63f600923aa6bd95f57ffab4e22e8213c4d3f7f2f8d33db7de3bf8305206025e967ee87d1cedcfdf6e016d91ee8b6276f9112094de44d74c34c7a516eedb2fd2f52e237b28b7b2a67cca1a604af284aa177621ab2380e61c086162b94a8780e5a0c61df9977934ad62e15b24ab8ce588224545defcf34747785260dbd8c4e60ee411a74b56239c7c4fe6924bba7c2aa0510f75bb2be37057003382f7e47c0118c8094ee2cb2ee990928f6a122eeb494abc308262241dedee802511b35abb3aa1085952f5323c54d1988b5914a43092e395b7428aecd836573ae808f753b5abac3f87f332af70b995ef2da2f0dd20204f9f7bc958fc70a596faaff9f98a2116d8bbc617ca3833fe9514b4a3ada851328fb0f950bcbde92dcde6eddefe9d31b3f338e8c5e4991c6eacf0aa9b56361fc928c0cfb217ac88071bb7092a43716dda3eccda95939ba0037a767c2066b9316a514c16248b917cdb619bc4f4e6d80663674abd3d58e723f3bd22f5a1a5ad81bb29eeda379b586416dfc237ba042a64abffea301c88a598f40056e26aef725617c51cb3e15d00199ae4fd627c165b382fb1819279d8bb17b47a965d3d2822bc42e98e98174020f530c8c9fb9c88cfcd737c3b297b55d1b484c3bc07dbfd97adc21f35d27db327e7fe66a09d7df8ff4b05ed5c86f7c26949f54b5d847253b302ff78d539b222d4353ef5ba28c6b6a1fca762660bfb4b58e7bc134c2845592db1e0ddc4b46e75281014e80c711b787638210cf15b49e26e7c3b264140b9b977b3ed219b3c17a0fe885006b7f45ed11d51476160e592694c329e7d478a80bfd06aa7fd58c53bac42527e0725fb90dd1f984b5f7a1852e118acb929fabc614e2f14c0bff0224fa7d85b5eab3dfcf28c4357825ba840788de3f40406cd23ac11bbb8ae601openssllibcrypto.so.1.0.0libssl.so.1.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssl-1_0_0-1.0.2p-lp151.5.20.1.src.rpmlibopenssl-1_0_0-devellibopenssl-1_0_0-devel(x86-32)pkgconfig(libcrypto)pkgconfig(libssl)pkgconfig(openssl)ssl-devel@@@    /usr/bin/pkg-configlibopenssl1_0_0openssl-1_0_0pkgconfig(libcrypto)pkgconfig(libssl)pkgconfig(zlib)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1.0.2p1.0.2p3.0.4-14.6.0-14.0-15.2-1libopenssl-devellibopenssl-develotherproviders(ssl-devel)1.0.2p1.0.2p4.14.1_j_@_E@_~@_|\@_Wr@_G@_;_@_{_ @^r]]m]z3@\|\~d\~d\~d[@[0[0[u[s[ug@[ug@[t[2*Z*~ZOYY@Y@YV@Ym@Ycl@Ycl@Y[@Y[@Y[@YMY, @Y@YYY i@YtYtYYXXh@Xh@Xh@Xh@Xh@XXXXX@X6@WSWSW_@W@WW(WWV޾VՄ@VVa@Ub@U'U@U>UzUyx@Ua@U @T TTk4Ti@T\@TFJVítězslav Čížek Pedro Monreal Vítězslav Čížek Jason Sikes Vítězslav Čížek Vítězslav Čížek Pedro Monreal Gonzalez Antonio Larrosa Antonio Larrosa Antonio Larrosa Jason Sikes Vítězslav Čížek Pedro Monreal Gonzalez Vítězslav Čížek Pedro Monreal Gonzalez Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek vcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comsflees@suse.devcizek@suse.comdimstar@opensuse.orgvcizek@suse.comvcizek@suse.commeissner@suse.comjengelh@inai.dejimmy@boombatower.comjengelh@inai.devcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comtchvatal@suse.comvcizek@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.commeissner@suse.comvcizek@suse.comvcizek@suse.commichael@stroeder.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdvaleev@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdvaleev@suse.comnormand@linux.vnet.ibm.comcrrodriguez@opensuse.orgvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.commeissner@suse.commeissner@suse.combrian@aljex.commeissner@suse.combrian@aljex.comcrrodriguez@opensuse.org- OpenSSL Security Advisory [08 December 2020] - Fix EDIPARTYNAME NULL pointer dereference (CVE-2020-1971, bsc#1179491) * add openssl-CVE-2020-1971.patch- Initialize dh->nid to NID_undef in DH_new_method() [bsc#1177673] - Fix openQA test failure in apache_ssl in fips mode [bsc#1177793] - update openssl-DH.patch- Rename BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_* (bsc#1177575) - update openssl-DH.patch- Restore private key check in EC_KEY_check_key [bsc#1177479] * Update openssl-DH.patch- Drop obsolete CAVS subpackage and related patches: - openssl-fips_add_cavs_tests.patch - openssl-fips_cavs_aes_keywrap.patch - openssl-fips_cavs_helpers_run_in_fips_mode.patch - openssl-fips_cavs_pad_with_zeroes.patch - Use %autosetup instead of applying hundred patches by name * reverse 0001-Set-FIPS-thread-id-callback.patch- Add shared secret KAT to FIPS DH selftest [bsc#1176029] * add openssl-fips-DH_selftest_shared_secret_KAT.patch- Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1176029] - Add patches: * openssl-DH.patch * openssl-kdf-tls-selftest.patch- Add libopenssl10 package with libcrypto.so.10 and libssl.so.10 libraries built with --default-symver and the following patch so we can provide the same symbols as other distros in a compatible package (bsc#1175429): * openssl-1.0.2e-rpmbuild.patch - Update patch to add OPENSSL_1.0.1_EC symbol (bsc#1175429): * openssl-1.0.0-version.patch- Use %license also in steam subpackage- Change originally from "Sun Dec 16 20:01:28 UTC 2018 - Tobias Klausmann " (boo#1174459) - Start versioning the exported symbols: At least one steam game (Company of Heroes 2) needs this symbol versioned properly - modify openssl-1.0.0-version.patch- Preparation for fips certification (jsc#SLE-10541) * Added openssl-fips-drbg_derfunc.patch * Added openssl-fips_fix_selftests_return_value.patch- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346) * add openssl-fips_SHA2_in_RSA_pairwise_test.patch- Security fix: [bsc#1158809, CVE-2019-1551] * Overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli - Add openssl-1_1-CVE-2019-1551.patch- Prevent invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291) * add 0001-RT-4242-reject-invalid-EC-point-coordinates.patch- OpenSSL Security Advisory [10 September 2019] * EC_GROUP_set_generator side channel attack avoidance. [bsc#1150003, CVE-2019-1547] * Bleichenbacher attack against cms/pkcs7 encryption transported key [bsc#1150250, CVE-2019-1563] - Added patches: * openssl-CVE-2019-1547.patch * openssl-CVE-2019-1563.patch- Add back the steam subpackage because it's needed on Leap 15 whose openssl-1_0_0 package is inherited from SLE-15 (bsc#1130041) * add openssl-fix-cpuid_setup.patch- Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080, CVE-2019-1559) * add openssl-CVE-2019-1559.patch- The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) * https://github.com/openssl/openssl/issues/7739 - add patches * 0001-crypto-bn-add-more-fixed-top-routines.patch * 0002-rsa-rsa_eay.c-implement-variant-of-Smooth-CRT-RSA.patch * 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch * 0004-bn-bn_lib.c-conceal-even-memmory-access-pattern-in-b.patch * 0005-err-err.c-add-err_clear_last_constant_time.patch * 0006-rsa-rsa_eay.c-make-RSAerr-call-in-rsa_ossl_private_d.patch * 0007-rsa-rsa_pk1.c-remove-memcpy-calls-from-RSA_padding_c.patch * 0008-rsa-rsa_oaep.c-remove-memcpy-calls-from-RSA_padding_.patch * 0009-rsa-rsa_ssl.c-make-RSA_padding_check_SSLv23-constant.patch- remove the steam subpackage which was inheritted from openSUSE * drop openssl-fix-cpuid_setup.patch - use %license macro for license- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078) * add openssl-record_msg_callback.patch- Elliptic curve scalar multiplication timing attack defenses * fixes "PortSmash" (bsc#1113534, CVE-2018-5407) - Add openssl-CVE-2018-5407-PortSmash.patch- OpenSSL Security Advisory [30 October 2018] * Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) * And more timing fixes (bsc#1113742) - Add patches: * openssl-CVE-2018-0734.patch * 0001-Merge-to-1.0.2-DSA-mod-inverse-fix.patch * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch- Fix infinite loop in DSA generation with incorrect parameters (bsc#1112209) * add 0001-DSA-Check-for-sanity-of-input-parameters.patch- correct the error detection in openssl-CVE-2018-0737-fips.patch (bsc#1106197)- Fix One&Done side-channel attack on RSA (bsc#1104789) * add openssl-One_and_Done.patch- Don't Require openssl-1_0_0 from the devel package, just Recommend it - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470)- Update to 1.0.2p - Align with SLE-12-SP4 OpenSSL Security Advisory [12 June 2018] * Reject excessively large primes in DH key generation (bsc#1097158, CVE-2018-0732) OpenSSL Security Advisory [16 Apr 2018] * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737, bsc#1089039) * Make EVP_PKEY_asn1_new() a bit stricter about its input * Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. * Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. * Increase the number of Miller-Rabin rounds for DSA key generating to 64. * Add blinding to ECDSA and DSA signatures to protect against side channel attacks * When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. * Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - add openssl-CVE-2018-0737-fips.patch - refreshed patches: * openssl-1.0.2a-fips-ec.patch * openssl-1.0.2a-ipv6-apps.patch * openssl-1.0.2i-fips.patch * openssl-1.0.2i-new-fips-reqs.patch * openssl-1.0.2a-fips-ctor.patch - drop patches: * openssl-add-blinding-to-ECDSA.patch * openssl-add-blinding-to-DSA.patch * openssl-CVE-2018-0732.patch- Reject excessively large primes in DH key generation (bsc#1097158, CVE-2018-0732) * openssl-CVE-2018-0732.patch - blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) * openssl-add-blinding-to-ECDSA.patch * openssl-add-blinding-to-DSA.patch- update to 1.0.2n OpenSSL Security Advisory [07 Dec 2017] * Read/write after SSL object in error state (CVE-2017-3737, bsc#1071905) * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738, bsc#1071906) - refreshed patches: * openssl-rsakeygen-minimum-distance.patch * openssl-fipslocking.patch * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * openssl-1.0.2i-fips.patch- Do not filter out pkgconfig() provides/require.- Update to 1.0.2m OpenSSL Security Advisory [02 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) (bsc#1066242) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) (bsc#1056058) - refreshed openssl-1.0.2i-fips.patch - revert upstream commit 0ab24083a16c8a4dd35833031bbeaeb0437a7219 as we don't have the added function and FIPS is not interesting for openSUSE anyway * added 0001-Set-FIPS-thread-id-callback.patch- Add ECDSA ciphers to DEFAULT_SUSE cipher list (bsc#1055825) * modified openssl-1.0.1e-add-suse-default-cipher.patch * modified openssl-1.0.1e-add-test-suse-default-cipher-suite.patch- Do not require openssl-1_0_0-targettype, as it will not be generated and is not needed.- Diversity -devel subpackage boilerplate summary.- Add Provides and Conflicts for -devel package in baselibs.conf.- The description is supposed to describe the package, not the development process or history.- Ship the -cavs subpackage with the FIPS testing helper binaries- Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392, boo#1038906) * add openssl-fips-run_selftests_only_when_module_is_complete.patch - AES XTS key parts must not be identical in FIPS mode (bsc#1019637) * add openssl-fips-xts_nonidentical_key_parts.patch - Allow runtime switching of s390x capabilities via OPENSSL_s390xcap environmental variable (bsc#1028723) * add openssl-fips-OPENSSL_s390xcap.patch- remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE (bsc#1027908) * update patches: openssl-1.0.1e-add-suse-default-cipher.patch openssl-1.0.1e-add-test-suse-default-cipher-suite.patch - s_client sent empty client certificate (bsc#1028281) Add back certificate initialization set_cert_key_stuff() which was removed by openssl-1.0.2a-default-paths.patch * modified openssl-1.0.2a-default-paths.patch- package FIPS CAVS testing tools (bsc#1027688) * add openssl-fips_add_cavs_tests.patch - FIPS CAVS: Add AES keywrap (KWVS) test tool (bsc#1044095) * add openssl-fips_cavs_aes_keywrap.patch - Fix CAVS testing padding issue with RSA d values (bsc#1044107) * add openssl-fips_cavs_pad_with_zeroes.patch from Pedro Monreal - FIPS CAVS: allow fips_* tools to run in FIPS mode (bnc#902364) * added openssl-fips_cavs_helpers_run_in_fips_mode.patch- Update engines location for the engines to match up 1.1 to ease later on migration bsc#1045803 * openssl-engines-path.patch- update to 1.0.2l * bugfix release only * fixes problem with a lower-than-before version number (bsc#1040863) - drop openssl-print_notice-NULL_crash.patch (upstream) - refresh patches openssl-fipslocking.patch and 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch- filter out provides of the steam-32bit package by adding "autoreqprov off" to baselibs.conf (bsc#1039880)- Add conflict for any libopenssl-devel that is not in our version- Avoid the requires conflict between 1.1 and 1.0 openssl- Add conflict on docu packages- Update baselibs.conf to contain all the renamed packages- Fix the provides excluder broken with last commit- Add patch to build abi compatible version for steam * openssl-fix-cpuid_setup.patch - Create new subpackage which installs the file in proper location * Make sure no provides are done in there- Filter out the pkgconfig provides to force usage of the main openssl package provides- Add initial patch for versioning taken from debian: * openssl-1.0.0-version.patch- Drop the symbol hiding patches to ease maintenance updates: * 0005-libssl-Hide-library-private-symbols.patch * 0001-libcrypto-Hide-library-private-symbols.patch- Add new patch for engines folders to allow co-installation * openssl-engines-path.patch- Drop openssl-ocloexec.patch as it causes additional maintenance burden we would like to avoid- Drop bug610223.patch as we moved to libdir- Move check to %check phase - Split showciphers to separate file- Move openssl to /usr/lib64 from /lib64- Remove some of the DSO setting code that is not needed - Fix the showcyphers binary- Rename to openssl-1_0_0 to allow instalation of multiple versions- Remove O3 from optflags, no need to not rely on distro wide settings - Remove conditions for sle10 and sle11, we care only about sle12+ - USE SUSE instead of SuSE in readme - Pass over with spec-cleaner- fix X509_CERT_FILE path (bsc#1022271) and rename updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch- Updated to openssl 1.0.2k - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64- resume reading from /dev/urandom when interrupted by a signal (bsc#995075) * add openssl-randfile_fread_interrupt.patch- add FIPS changes from SP2: - fix problems with locking in FIPS mode (bsc#992120) * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 and bsc#990207 * bring back openssl-fipslocking.patch - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (bsc#984323) - don't check for /etc/system-fips (bsc#982268) * add openssl-fips-dont_run_FIPS_module_installed.patch - refresh openssl-fips-rsagen-d-bits.patch- update to openssl-1.0.2j * Missing CRL sanity check (CVE-2016-7052 bsc#1001148)- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) - update to openssl-1.0.2i * remove patches: openssl-1.0.2a-new-fips-reqs.patch openssl-1.0.2e-fips.patch * add patches: openssl-1.0.2i-fips.patch openssl-1.0.2i-new-fips-reqs.patch- fix crash in print_notice (bsc#998190) * add openssl-print_notice-NULL_crash.patch- OpenSSL Security Advisory [3rd May 2016] - update to 1.0.2h (boo#977584, boo#977663) * Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. (CVE-2016-2107, boo#977616) * Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. (CVE-2016-2105, boo#977614) * Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. (CVE-2016-2106, boo#977615) * Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. (CVE-2016-2109, boo#976942) * EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. (CVE-2016-2176, boo#978224) * Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. * Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. * Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL.- Remove a hack for bsc#936563 - Drop bsc936563_hack.patch- import fips patches from SLE-12 * openssl-fips-clearerror.patch * openssl-fips-dont-fall-back-to-default-digest.patch * openssl-fips-fix-odd-rsakeybits.patch * openssl-fips-rsagen-d-bits.patch * openssl-fips-selftests_in_nonfips_mode.patch * openssl-fips_RSA_compute_d_with_lcm.patch * openssl-fips_disallow_ENGINE_loading.patch * openssl-fips_disallow_x931_rand_method.patch * openssl-rsakeygen-minimum-distance.patch * openssl-urandom-reseeding.patch- add support for "ciphers" providing no encryption (bsc#937085) * don't build with -DSSL_FORBID_ENULL- update to 1.0.2g (bsc#968044) * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); (CVE-2016-0800) * Fix a double-free in DSA code (CVE-2016-0705) * Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. (CVE-2016-0798) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * ) Side channel attack on modular exponentiation http://cachebleed.info. (CVE-2016-0702) * ) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default.- update to 1.0.2f (boo#963410) * ) DH small subgroups (boo#963413) Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. (CVE-2016-0701) * ) SSLv2 doesn't block disabled ciphers (boo#963415) A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197) * ) Reject DH handshakes with parameters shorter than 1024 bits.- update to 1.0.2e * fixes five security vulnerabilities * Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) (bsc#957984) * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) (bsc#957814) * Certificate verify crash with missing PSS parameter (CVE-2015-3194) (bsc#957815) * X509_ATTRIBUTE memory leak (CVE-2015-3195) (bsc#957812) * Race condition handling PSK identify hint (CVE-2015-3196) (bsc#957813) - pulled a refreshed fips patch from Fedora * openssl-1.0.2a-fips.patch was replaced by openssl-1.0.2e-fips.patch - refresh openssl-ocloexec.patch- update to 1.0.2d * fixes CVE-2015-1793 (bsc#936746) Alternate chains certificate forgery During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. - drop openssl-fix_invalid_manpage_name.patch (upstream)- Workaround debugit crash on ppc64le with gcc5 bsc936563_hack.patch (bsc#936563)- update merge_from_0.9.8k.patch replacing __LP64__ by __LP64 this is a change versus previous request 309611 required to avoid build error for ppc64- Build with no-ssl3, for details on why this is needed read rfc7568. Contrary to the "no-ssl2" option, this does not require us to patch dependant packages as the relevant functions are still available (SSLv3_(client|server)_method) but will fail to negotiate. if removing SSL3 methods is desired at a later time, option "no-ssl3-method" needs to be used.- update to 1.0.2c * Fix HMAC ABI incompatibility - refreshed openssl-1.0.2a-fips.patch- update to 1.0.2b * Malformed ECParameters causes infinite loop (CVE-2015-1788) * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) * CMS verify infinite loop with unknown hash function (CVE-2015-1792) * Race condition handling NewSessionTicket (CVE-2015-1791) - refreshed patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * 0001-libcrypto-Hide-library-private-symbols.patch * openssl-1.0.2a-default-paths.patch * openssl-1.0.2a-fips.patch * compression_methods_switch.patch * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch- update to 1.0.2a * Major changes since 1.0.1: - Suite B support for TLS 1.2 and DTLS 1.2 - Support for DTLS 1.2 - TLS automatic EC curve selection. - API to set TLS supported signature algorithms and curves - SSL_CONF configuration API. - TLS Brainpool support. - ALPN support. - CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. - packaging changes: * merged patches modifying CIPHER_LIST into one, dropping: - openssl-1.0.1e-add-suse-default-cipher-header.patch - openssl-libssl-noweakciphers.patch * fix a manpage with invalid name - added openssl-fix_invalid_manpage_name.patch * remove a missing fips function - openssl-missing_FIPS_ec_group_new_by_curve_name.patch * reimported patches from Fedora dropped patches: - openssl-1.0.1c-default-paths.patch - openssl-1.0.1c-ipv6-apps.patch - openssl-1.0.1e-fips-ctor.patch - openssl-1.0.1e-fips-ec.patch - openssl-1.0.1e-fips.patch - openssl-1.0.1e-new-fips-reqs.patch - VIA_padlock_support_on_64systems.patch added patches: - openssl-1.0.2a-default-paths.patch - openssl-1.0.2a-fips-ctor.patch - openssl-1.0.2a-fips-ec.patch - openssl-1.0.2a-fips.patch - openssl-1.0.2a-ipv6-apps.patch - openssl-1.0.2a-new-fips-reqs.patch - openssl-1.0.2a-padlock64.patch * dropped security fixes (upstream) - openssl-CVE-2015-0209.patch - openssl-CVE-2015-0286.patch - openssl-CVE-2015-0287.patch - openssl-CVE-2015-0288.patch - openssl-CVE-2015-0289.patch - openssl-CVE-2015-0293.patch * upstream reformatted the sources, so all the patches have to be refreshed- security update: * CVE-2015-0209 (bnc#919648) - Fix a failure to NULL a pointer freed on error * CVE-2015-0286 (bnc#922496) - Segmentation fault in ASN1_TYPE_cmp * CVE-2015-0287 (bnc#922499) - ASN.1 structure reuse memory corruption * CVE-2015-0288 x509: (bnc#920236) - added missing public key is not NULL check * CVE-2015-0289 (bnc#922500) - PKCS7 NULL pointer dereferences * CVE-2015-0293 (bnc#922488) - Fix reachable assert in SSLv2 servers * added patches: openssl-CVE-2015-0209.patch openssl-CVE-2015-0286.patch openssl-CVE-2015-0287.patch openssl-CVE-2015-0288.patch openssl-CVE-2015-0289.patch openssl-CVE-2015-0293.patch- The DATE stamp moved from crypto/Makefile to crypto/buildinf.h, replace it there (bsc#915947)- openssl 1.0.1k release bsc#912294 CVE-2014-3571: Fix DTLS segmentation fault in dtls1_get_record. bsc#912292 CVE-2015-0206: Fix DTLS memory leak in dtls1_buffer_record. bsc#911399 CVE-2014-3569: Fix issue where no-ssl3 configuration sets method to NULL. bsc#912015 CVE-2014-3572: Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. bsc#912014 CVE-2015-0204: Remove non-export ephemeral RSA code on client and server. bsc#912293 CVE-2015-0205: Fixed issue where DH client certificates are accepted without verification. bsc#912018 CVE-2014-8275: Fix various certificate fingerprint issues. bsc#912296 CVE-2014-3570: Correct Bignum squaring. and other bugfixes. - openssl.keyring: use Matt Caswells current key. pub 2048R/0E604491 2013-04-30 uid Matt Caswell uid Matt Caswell sub 2048R/E3C21B70 2013-04-30 - openssl-1.0.1e-fips.patch: rediffed - openssl-1.0.1i-noec2m-fix.patch: removed (upstream) - openssl-ocloexec.patch: rediffed- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves we actually support (not the binary ones) (bnc#905037)- openSUSE < 11.2 doesn't have accept4()- openSSL 1.0.1j * Fix SRTP Memory Leak (CVE-2014-3513) * Session Ticket Memory Leak (CVE-2014-3567) * Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) * Build option no-ssl3 is incomplete (CVE-2014-3568)cloud103 1607700442  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS1.0.2p-lp151.5.20.11.0.2p-lp151.5.20.11.0.2p1.0.2p1.0.2popensslaes.hasn1.hasn1_mac.hasn1t.hbio.hblowfish.hbn.hbuffer.hcamellia.hcast.hcmac.hcms.hcomp.hconf.hconf_api.hcrypto.hdes.hdes_old.hdh.hdsa.hdso.hdtls1.he_os2.hebcdic.hec.hecdh.hecdsa.hengine.herr.hevp.hfips.hfips_rand.hhmac.hkrb5_asn.hkssl.hlhash.hmd4.hmd5.hmdc2.hmodes.hobj_mac.hobjects.hocsp.hopensslconf.hopensslv.hossl_typ.hpem.hpem2.hpkcs12.hpkcs7.hpqueue.hrand.hrc2.hrc4.hripemd.hrsa.hsafestack.hseed.hsha.hsrp.hsrtp.hssl.hssl2.hssl23.hssl3.hstack.hsymhacks.htls1.hts.htxt_db.hui.hui_compat.hwhrlpool.hx509.hx509_vfy.hx509v3.hssllibcrypto.solibssl.solibcrypto.pclibssl.pcopenssl.pc/usr/include//usr/include/openssl//usr/lib//usr/lib/pkgconfig/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15306/openSUSE_Leap_15.1_Update/987740b5ea297299701e06b9af75edb8-openssl-1_0_0.openSUSE_Leap_15.1_Updatedrpmxz5i586-suse-linuxdirectoryC source, ASCII textASCII textpkgconfig filePRPRRPRRR=@lNutf-8469413d62c8dfaf127500a304206aa47ae6d1b43da1908e713bec6bbe8c21ad9?7zXZ !t/ ]"k%K4"c3i/N04,uT@; Ba^ :DF;iT04lh7y<(Ŭ:(8[n{XS'PEG) %6Ú))?D=iqp6fu}9ՋC(%]5rGl_m(P*hƉfBoHŵw5/ib9Tfْ:(pO/8ZvI%A>!J#dJDmFg (Je,ksS3)8"ы ]2FQ;7!I*tP\";$*#Y6~ObAHu:wQ@C/n²)ogCcs5:'NU zL/3 4[?Wj4)TY)Wr:і(Z&%`&lw-d,L) A VjBOWpKfݧP :3"Tg }ޒu|5֪BCĠFh$)/bI^)Q? 4AN5*Dy ֈIĚX΋)ewdJ'Bن3{+0eu Œt_eJ,i!Rm`I/W@`p.x_E+Y_ ʠZ,@>sD٭ay[Ъݤ~Ͽ &Yrnz}OwPorqH#{jvJpU5-!)}C:#KaQj[[z[m:}\ӭp{vyE T8Kxan9_7r[?: L 筸}Tf@k(5W5nJusP#ӕM^lU"G|6.<R(EB“]{qԬBkZF@)]tsnXludl;( 7q"oi+Hz?=uZLXOVt\d7/ԑ!-a7K$3WQ81((S-> r║@D|Ę|t%HhG}=Ioݚu&qx̌ bf恕2Uq^!GBAYи "z`r  ђ4qɋVt)S'J\nK?bU6Ck9kb9ˠHM ~c"vJKgX!61\w8 |[dHU3\kw2 ȪdJA8jR8ٗ1)լfڇp[vԯuQ&dQRR 0/GL PYF\h$wC2/u)E&/H?db6ⱋ0-*VSEGtlhw?D$t J8PWn2\kQ*ރ$_~>ICZV'y"٪n&rǐU%2[:0UuZ{]N[~Eމz_Z]MgKk[6!$b FIz<聤18`4țTT+i<^QTea}?B2 l+m,3ky t}=iIP4S /21g8Y;h˙op4_4*8U,TIJшpkFBgl}Sc'|%3Ct(,3["uvH-qQ(-vM̈T7ħ"u~VgoNNԇx=o²}D:͉htǦݩ7l*'#AC[a_aaBr5(g$`ji1ʥ9N۽iJBՆ0}*m&FZcrlj ql٤c7#2GWZO #Jz T쫑+]r1KQ$ E]6?uxԹ' zZc>}B |EF3~= ~iatzao/Of"r+LpTRpEV_A47^ YZ