| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| debian-targets.patch | debian-targets | Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> | no | 2017-11-05 | ||
| man-section.patch | man-section | Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> | no | 2017-11-05 | ||
| no-symbolic.patch | no-symbolic | Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> | no | 2017-11-05 | ||
| pic.patch | pic | Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> | no | 2017-11-05 | ||
| c_rehash-compat.patch | also create old hash for compatibility | Ludwig Nussel <ludwig.nussel@suse.de> | no | 2010-04-21 | ||
| Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch | Configure: allow to enable ktls if target does not start with Linux The Debian build system uses a `debian' target which sets CFLAGS and then we have for instance debian-amd64 which inherits from linux-x86_64 and debian. So far so good. Since the target name does not start with `linux', the build system does not enable ktls. So in order to get enabled, I added a `enable => [ "ktls" ],' to the generic linux config which sets it explicit). Having this set, we can check for it instead matching the target name. This commit is based on changes for afalgeng in commit 9e381e8a01859 ("Configure: allow to enable afalgeng if target does not start with Linux") |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2021-04-01 | ||
| Remove-the-provider-section.patch | Remove the provider section. The provider section breaks libssl1.1 users. Remove it for now. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2022-06-08 | ||
| conf-Serialize-allocation-free-of-ssl_names.patch | conf: Serialize allocation/free of ssl_names. The access to `ssl_names' is not fully serialized. With multiple threads it is possible that more than one thread starts to clean up `ssl_names'. This leads to occasional segfaults if more than one terminates and performs the clean up. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2022-09-19 | ||
| Fix-tests-for-new-default-security-level.patch | Fix tests for new default security level Fix tests that were expecting a default security level of 1 to work with the new default of 2. (Merged from https://github.com/openssl/openssl/pull/16760) |
Matt Caswell <matt@openssl.org> | no | 2021-10-05 | ||
| evp-process-key-length-and-iv-length-early-if-present.patch | evp: process key length and iv length early if present evp_cipher_init_internal() takes a params array argument and this is processed late in the initialisation process for some ciphers (AEAD ones). This means that changing the IV length as a parameter will either truncate the IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised bytes. Truncation is very bad if SP 800-38d section 8.2.1 is being used to contruct a deterministic IV. This leads to an instant loss of confidentiality. Grabbing extra bytes isn't so serious, it will most likely result in a bad decryption. Problem reported by Tony Battersby of Cybernetics.com but earlier discovered and raised as issue #19822. Fixes CVE-2023-5363 Fixes #19822 |
Pauli <pauli@openssl.org> | no | 2023-10-06 | ||
| test-add-unit-test-for-CVE-2023-5363.patch | test: add unit test for CVE-2023-5363 | Pauli <pauli@openssl.org> | no | 2023-10-06 |