| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Problems found with existing digests:
Package suse131_libSDL
1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_libdbus
de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_qt4
94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]
Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
From Rin Okuyama in PR 50082.
|
|
|
|
define PKGNAME instead of fake DISTNAME
PKGNAME is unstable variable in current pkgsrc framework, so packages must not
rely on it.
|
|
openSUSE Security Update: Security update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:0130-1
Rating: important
References: #911399 #912014 #912015 #912018 #912292 #912293
#912294 #912296
Cross-References: CVE-2014-3569 CVE-2014-3570 CVE-2014-3571
CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
CVE-2015-0205 CVE-2015-0206
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
openssl was updated to 1.0.1k to fix various security issues and bugs.
More information can be found in the openssl advisory:
http://openssl.org/news/secadv_20150108.txt
Following issues were fixed:
* CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced
incorrect results on some platforms, including x86_64.
* CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in
the listen state where you get two separate reads performed - one for
the header and one for the body of the handshake record.
* CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral
ECDH ciphersuites with the server key exchange message omitted.
* CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.
* CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export
ciphersuites
* CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client
certificates without sending certificate verify message.
* CVE-2015-0206 (bsc#912292): A memory leak was fixed in
dtls1_buffer_record.
References:
http://support.novell.com/security/cve/CVE-2014-3569.html
http://support.novell.com/security/cve/CVE-2014-3570.html
http://support.novell.com/security/cve/CVE-2014-3571.html
http://support.novell.com/security/cve/CVE-2014-3572.html
http://support.novell.com/security/cve/CVE-2014-8275.html
http://support.novell.com/security/cve/CVE-2015-0204.html
http://support.novell.com/security/cve/CVE-2015-0205.html
http://support.novell.com/security/cve/CVE-2015-0206.html
https://bugzilla.suse.com/show_bug.cgi?id=911399
https://bugzilla.suse.com/show_bug.cgi?id=912014
https://bugzilla.suse.com/show_bug.cgi?id=912015
https://bugzilla.suse.com/show_bug.cgi?id=912018
https://bugzilla.suse.com/show_bug.cgi?id=912292
https://bugzilla.suse.com/show_bug.cgi?id=912293
https://bugzilla.suse.com/show_bug.cgi?id=912294
https://bugzilla.suse.com/show_bug.cgi?id=912296
|
|
openSUSE Security Update: openssl: fixed elliptic curve handshake failure
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1474-1
Rating: low
References: #905037
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This openssl update fixes a TLS handshake problem when elliptic curves are
in use.
|
|
openSUSE Security Update: update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1331-1
Rating: important
References: #901223 #901277
Cross-References: CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
CVE-2014-3568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following issues were fixed in this release:
CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,
CVE-2014-3567: DTLS memory leak and session ticket memory leak
|
|
|
|
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1052-1
Rating: moderate
References: #890764 #890765 #890766 #890767 #890768 #890769
#890770 #890771 #890772
Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507
CVE-2014-3508 CVE-2014-3509 CVE-2014-3510
CVE-2014-3511 CVE-2014-3512 CVE-2014-5139
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This openssl update fixes the following security issues:
- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)
|
|
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
|
|
update for openssl
Description:
- Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer
dereference in do_ssl3_write Add file: CVE-2014-0198.patch
Bump PKGREVISION.
|
|
OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer.
Description:
A use-after-free race condition in OpenSSL's read buffer
was fixed that could cause connections to drop
(CVE-2010-5298).
Bump PKGREVISION.
|
|
update for openssl
This is an openssl version update to 1.0.1g.
- The main reason for this upgrade was to be clear about
the TLS heartbeat problem know as "Heartbleed"
(CVE-2014-0160). That problem was already fixed in our
previous openssl update.
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
openSUSE-based Linux binary emulation environment.
|
