libopenssl1_0_0-hmac-1.0.2j-7.3>t  DH`pYTซ/=„@ؘc LZq3E dpyd>f=+=bj[b-_/n{n#ja%$gÊnXaF5 *9%> %4{Sy]XuOxr""P, Vj^ƽjk EʍZB7F ˤvkگ"$da#74ZzEHy H/s~ "3!iZR6u}oTX\A_2]HVa836e166677aa2169674a05a481a4443e5c71988HYTซ/=„" eZՋ-r*9\s@w$pk ¿4'|&,Enf,Y$M$X!=0cq Mzjy( l$%]ǔ UT N./>AW+ц$pcqB3 !8>E!YъƤ";QHg#5>; sWbdF PnRF>e =.j )!M-N_fY%;3bPlf.: >9?d " o - Fg     $,`p(89:FGHIXY\4]<^kbscdZe_fdlfuxvwxzClibopenssl1_0_0-hmac1.0.2j7.3HMAC files for FIPS-140-2 integrity checking of the openssl shared librariesThe FIPS compliant operation of the openssl shared libraries is NOT possible without the HMAC hashes contained in this package!YTcloud129openSUSE Leap 42.3openSUSEBSD-3-Clausehttp://bugs.opensuse.orgProductivity/Networking/Securityhttps://www.openssl.org/linuxx86_64AAYTYTd31344b6c501c83ae337443adf07747f34e89df3f27bb3e6e07eb5d30402b708rootrootrootrootopenssl-1.0.2j-7.3.src.rpmlibopenssl1_0_0-hmaclibopenssl1_0_0-hmac(x86-64)   libopenssl1_0_0rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)1.0.2j-7.33.0.4-14.0-14.4.6-14.11.2XW@W_@W_@W@Wu@WW.@W~W~D@W(WVV@V`.V@V9@V@UŬU@UUUzU?v@UT@TTTq@T@T@Tto@TR(@S<@SSS@SQ@Sh@Sh@S[SkqSkqShShSI*SCS1oS0@SSnR2@RRΏ@R=R=RTR@R usable in case you have third party /dev/crypto * libgmp.so --> may help to doing some maths using GMP * libgost.so --> implements the GOST block cipher * libpadlock.so --> VIA padlock support - Al other are removed because they require third party propietary shared libraries nowhere to be found or that we can test.- openssl-pkgconfig.patch: Here we go.. For applications to benefit fully of features provided by openSSL engines (rdrand, aes-ni..etc) either builtin or in DSO form applications have to call ENGINE_load_builtin_engines() or OPENSSL_config() unfortunately from a total of 68 apps/libraries linked to libcrypto in a desktop system, only 4 do so, and there is a sea of buggy code that I dont feel like fixing. Instead we can pass -DOPENSSL_LOAD_CONF in the pkgconfig files so the needed operation becomes implicit the next time such apps are recompiled, see OPENSSL_config(3) Unfortunately this does not fix everything, because there are apps not using pkgconfig or using it incorrectly, but it is a good start.- add openssl-1.0.1c-default-paths.patch: Fix from Fedora for openssl s_client not setting CApath by default- 0005-libssl-Hide-library-private-symbols.patch: hide private symbols, this *only* applies to libssl where it is straightforward to do so as applications should not be using any of the symbols declared/defined in headers that the library does not install. A separate patch MAY be provided in the future for libcrypto where things are much more complicated and threfore requires careful testing.- compression_methods_switch.patch: Disable compression by default to avoid the CRIME attack (CVE-2012-4929 bnc#793420) Can be override by setting environment variable OPENSSL_NO_DEFAULT_ZLIB=no- Don't use the legacy /etc/ssl/certs directory anymore but rather the p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991, openssl-1.0.1e-truststore.diff)- Build enable-ec_nistp_64_gcc_128, ecdh is many times faster but only works in x86_64. According to the openSSL team "it is superior to the default in multiple regards (speed, and also security as the new implementations are secure against timing attacks)" It is not enabled by default due to the build system being unable to detect if the compiler supports __uint128_t.- pick openssl-fix-pod-syntax.diff out of the upstream RT to fix build with perl 5.18- add %if tag for BuildArch. sles may also need latest openssl.- disable fstack-protector on aarch64- Update to 1.0.1e o Bugfix release (bnc#803004) - Drop openssl-1.0.1d-s3-packet.patch, included upstream- Added openssl-1.0.1d-s3-packet.patch from upstream, fixes bnc#803004, openssl ticket#2975- update to version 1.0.1d, fixing security issues o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 bnc#802184 o Fix for TLS AESNI record handling flaw CVE-2012-2686- fix bug[bnc#784994] - VIA padlock support on 64 systems e_padlock: add support for x86_64 gcc- Open Internal file descriptors with O_CLOEXEC, leaving those open across fork()..execve() makes a perfect vector for a side-channel attack...- fix build on armv5 (bnc#774710)- Update to version 1.0.1c for the complete list of changes see NEWS, this only list packaging changes. - Drop aes-ni patch, no longer needed as it is builtin in openssl now. - Define GNU_SOURCE and use -std=gnu99 to build the package. - Use LFS_CFLAGS in platforms where it matters.- don't install any demo or expired certs at all- update to latest stable verison 1.0.0i including the following patches: CVE-2012-2110.path Bug748738_Tolerate_bad_MIME_headers.patch bug749213-Free-headers-after-use.patch bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch CVE-2012-1165.patch CVE-2012-0884.patch bug749735.patch- fix bug[bnc#749735] - Memory leak when creating public keys. fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack CVE-2012-0884- fix bug[bnc#751946] - S/MIME verification may erroneously fail CVE-2012-1165- fix bug[bnc#749213]-Free headers after use in error message and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt- license update: OpenSSL- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's asn1 parser. CVE-2006-7250- Update to version 1.0.0g fix the following: DTLS DoS attack (CVE-2012-0050)- Update to version 1.0.0f fix the following: DTLS Plaintext Recovery Attack (CVE-2011-4108) Uninitialized SSL 3.0 Padding (CVE-2011-4576) Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) SGC Restart DoS Attack (CVE-2011-4619) Invalid GOST parameters DoS Attack (CVE-2012-0027)- AES-NI: Check the return value of Engine_add() if the ENGINE_add() call fails: it ends up adding a reference to a freed up ENGINE which is likely to subsequently contain garbage This will happen if an ENGINE with the same name is added multiple times,for example different libraries. [bnc#720601]- Build with -DSSL_FORBID_ENULL so servers are not able to use the NULL encryption ciphers (Those offering no encryption whatsoever).- Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210 see http://openssl.org/news/secadv_20110906.txt for details.- Add upstream patch that calls ENGINE_register_all_complete() in ENGINE_load_builtin_engines() saving us from adding dozens of calls to such function to calling applications.- remove -fno-strict-aliasing from CFLAGS no longer needed and is likely to slow down stuff.- Edit baselibs.conf to provide libopenssl-devel-32bit too- update to latest stable version 1.0.0d. patch removed(already in the new package): CVE-2011-0014 patch added: ECDSA_signatures_timing_attack.patch- fix bug[bnc#693027]. Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: http://eprint.iacr.org/2011/232.pdf [Billy Bob Brumley and Nicola Tuveri]- added openssl as dependency in the devel package- fix bug [bnc#670526] CVE-2011-0014,OCSP stapling vulnerability- Add patch from upstream in order to support AES-NI instruction set present on current Intel and AMD processors- enable -DPURIFY to avoid valgrind errors.- update to stable version 1.0.0c. patch included: CVE-2010-1633_and_CVE-2010-0742.patch patchset-19727.diff CVE-2010-2939.patch CVE-2010-3864.patch- fix bug [bnc#651003] CVE-2010-3864- fix bug [bnc#629905] CVE-2010-2939- Exclude static libraries, see what breaks and fix that instead- fix two compile errors on SPARC- -fstack-protector is not supported on hppa- fix bnc #610642 CVE-2010-0742 CVE-2010-1633- fix bnc #610223,change Configure to tell openssl to load engines from /%{_lib} instead of %{_libdir}- Do not compile in build time but use mtime of changes file instead. This allows build-compare to identify that no changes have happened.- build libopenssl to /%{_lib} dir,and keep only one libopenssl-devel for new developping programs.- build libopenssl and libopenssl-devel to a version directory- buildrequire pkg-config to fix provides- also create old certificate hash in /etc/ssl/certs for compatibility with applications that still link against 0.9.8- Disable our own build targets, instead use the openSSL provided ones as they are now good (or should be good at least). - add -Wa,--noexecstack to the Configure call, this is the upstream approved way to avoid exec-stack marking- update to 1.0.0 Merge the following patches from 0.9.8k: openssl-0.9.6g-alpha.diff openssl-0.9.7f-ppc64.diff openssl-0.9.8-flags-priority.dif openssl-0.9.8-sparc.dif openssl-allow-arch.diff openssl-hppa-config.diff- fixed "exectuable stack" for libcrypto.so issue on i586 by adjusting the assembler output during MMX builds.- Openssl is now partially converted to libdir usage upstream, merge that in to fix lib64 builds.- fix security bug [bnc#590833] CVE-2010-0740- update to version 0.9.8m Merge the following patches from 0.9.8k: bswap.diff non-exec-stack.diff openssl-0.9.6g-alpha.diff openssl-0.9.7f-ppc64.diff openssl-0.9.8-flags-priority.dif openssl-0.9.8-sparc.dif openssl-allow-arch.diff openssl-hppa-config.diff- build openssl for sparc64- add baselibs.conf as a source - package documentation as noarch- updated patches to apply with fuzz=0- fix Bug [bnc#526319]- use %patch0 for Patch0- update to version 0.9.8k - patches merged upstream: openssl-CVE-2008-5077.patch openssl-CVE-2009-0590.patch openssl-CVE-2009-0591.patch openssl-CVE-2009-0789.patch openssl-CVE-2009-1377.patch openssl-CVE-2009-1378.patch openssl-CVE-2009-1379.patch openssl-CVE-2009-1386.patch openssl-CVE-2009-1387.patch- fix security bug [bnc#509031] CVE-2009-1386 CVE-2009-1387- fix security bug [bnc#504687] CVE-2009-1377 CVE-2009-1378 CVE-2009-1379- fix security bug [bnc#489641] CVE-2009-0590 CVE-2009-0591 CVE-2009-0789cloud129 14943735631.0.2j-7.31.0.2j-7.3.libcrypto.so.1.0.0.hmac.libssl.so.1.0.0.hmac/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Leap:42.3/standard/0e30adffe8296257aa35bb8408497f19-opensslcpiolzma5x86_64-suse-linuxASCII text#XQKn)5S?p] crv(vX0DM)pV}i15mO.O pW`6!6g W9Os.Q:;)Ƚ~.h ,̸w /#^ဳ=c~>!3&/:+jtt9$ gU R"D!%BD:b_)