Package: openssl / 1.1.1n-0+deb10u3

Metadata

Package Version Patches format
openssl 1.1.1n-0+deb10u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian targets.patch | (download)

Configurations/20-debian.conf | 192 192 + 0 - 0 !
1 file changed, 192 insertions(+)

 
 debian-targets
man section.patch | (download)

Configurations/unix-Makefile.tmpl | 6 4 + 2 - 0 !
util/process_docs.pl | 3 2 + 1 - 0 !
2 files changed, 6 insertions(+), 3 deletions(-)

 
 man-section
no symbolic.patch | (download)

Configurations/shared-info.pl | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 no-symbolic
pic.patch | (download)

crypto/des/asm/desboth.pl | 17 14 + 3 - 0 !
crypto/perlasm/cbc.pl | 24 20 + 4 - 0 !
crypto/perlasm/x86gas.pl | 16 16 + 0 - 0 !
crypto/x86cpuid.pl | 10 5 + 5 - 0 !
4 files changed, 55 insertions(+), 12 deletions(-)

 
 pic
c_rehash compat.patch | (download)

tools/c_rehash.in | 20 14 + 6 - 0 !
1 file changed, 14 insertions(+), 6 deletions(-)

 
 [patch] also create old hash for compatibility
Set systemwide default settings for libssl users.patch | (download)

apps/openssl.cnf | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 
 set systemwide default settings for libssl users

This config change enforeces a TLS1.2 protocol version as minimum. It
can be overwritten by the system administrator.

It also changes the default security level from 1 to 2, moving from the 80 bit
security level to the 112 bit security level.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
c_rehash Do not use shell to invoke openssl.patch | (download)

tools/c_rehash.in | 29 25 + 4 - 0 !
1 file changed, 25 insertions(+), 4 deletions(-)

 
 c_rehash: do not use shell to invoke openssl

Except on VMS where it is safe.

This fixes CVE-2022-1292.
Fix file operations in c_rehash.patch | (download)

tools/c_rehash.in | 131 59 + 72 - 0 !
1 file changed, 59 insertions(+), 72 deletions(-)

 
 fix file operations in c_rehash.

CVE-2022-2068
Update expired SCT certificates.patch | (download)

test/certs/embeddedSCTs1-key.pem | 38 25 + 13 - 0 !
test/certs/embeddedSCTs1.pem | 35 18 + 17 - 0 !
test/certs/embeddedSCTs1.sct | 12 6 + 6 - 0 !
test/certs/embeddedSCTs1_issuer-key.pem | 15 15 + 0 - 0 !
test/certs/embeddedSCTs1_issuer.pem | 30 15 + 15 - 0 !
5 files changed, 79 insertions(+), 51 deletions(-)

 
 update expired sct certificates
ct_test.c Update the epoch time.patch | (download)

test/ct_test.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 ct_test.c: update the epoch time
Update further expiring certificates that affect tests.patch | (download)

test/smime-certs/mksmime-certs.sh | 22 11 + 11 - 0 !
test/smime-certs/smdh.pem | 72 43 + 29 - 0 !
test/smime-certs/smdsa1.pem | 86 43 + 43 - 0 !
test/smime-certs/smdsa2.pem | 86 43 + 43 - 0 !
test/smime-certs/smdsa3.pem | 86 43 + 43 - 0 !
test/smime-certs/smec1.pem | 36 18 + 18 - 0 !
test/smime-certs/smec2.pem | 38 19 + 19 - 0 !
test/smime-certs/smroot.pem | 90 45 + 45 - 0 !
test/smime-certs/smrsa1.pem | 90 45 + 45 - 0 !
test/smime-certs/smrsa2.pem | 90 45 + 45 - 0 !
test/smime-certs/smrsa3.pem | 90 45 + 45 - 0 !
11 files changed, 400 insertions(+), 386 deletions(-)

 
 update further expiring certificates that affect tests

Namely the smime certificates used in test_cms
will expire soon and affect tests.

Fixes #15179