| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: libressl | Distribution: openSUSE Tumbleweed | 
| Version: 4.1.0 | Vendor: openSUSE | 
| Release: 1.1 | Build date: Mon Sep 1 15:13:02 2025 | 
| Group: Development/Libraries/C and C++ | Build host: reproducible | 
| Size: 4863359 | Source RPM: libressl-4.1.0-1.1.src.rpm | 
| Packager: http://bugs.opensuse.org | |
| Url: https://www.libressl.org/ | |
| Summary: An SSL/TLS protocol implementation | |
LibreSSL is an implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with refactorings.
OpenSSL
* Mon Sep 01 2025 Jan Engelhardt <jengelh@inai.de>
  - Move default config to /etc/libressl.
* Thu Aug 14 2025 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.1.0
    * New: libtls has a new tls_peer_cert_common_name() API call to
      retrieve the peer's common name without having to inspect the
      PEM.
    * Bugfix: Again allow the magic values -1, -2 and -3 for the salt
      length of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str()
      interface.
* Sat Mar 08 2025 Jan Engelhardt <jengelh@inai.de>
  - Document absence of openssl3 APIs in descriptions and a
    symbol list text file in %_docdir.
* Tue Oct 15 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.0.0
    * Added CRLfile option to the cms command of openssl(1) to
      specify additional CRLs for use during verification.
    * Protocol parsing in libtls was changed. The unsupported
      TLSv1.1 and TLSv1.0 protocols are ignored and no longer
      enable or disable TLSv1.2 in surprising ways.
    * The dangerous EVP_PKEY*_check(3) family of functions was
      removed. The openssl(1) pkey and pkeyparam commands no longer
      support the -check and -pubcheck flags.
    * Support for Whirlpool was removed. Applications still using
      this should honor OPENSSL_NO_WHIRLPOOL.
    * Removed X509_REQ_{get,set}_extension_nids().
    * Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD,
      STORE, STORE_METHOD, and SSL_AEAD_CTX.
    * i2d_ASN1_OBJECT() now returns -1 on error like most other
      i2d_*.
    * SPKAC support was removed from openssl(1).
    * Added TLS1-PRF support to the EVP interface.
    * SSL_CTX_set1_cert_store() and
      SSL_CIPHER_get_handshake_digest() were added to libssl.
    * The OpenSSL pkcs12 command and PKCS12_create() no longer
      support setting the Microsoft-specific Local Key Set and
      Cryptographic Service Provider attributes.
* Thu May 16 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.9.2
    * A missing bounds check could lead to a crash due to
      dereferencing a zero-sized allocation.
* Sat Mar 30 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.9.1
    * Updated tests with expiring certificates
    * CET-related build fixes for Windows and macOS targets
    * update libtls linker script to include libssl and
      libcrypto again
* Fri Mar 15 2024 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.8.3:
    * Improved control-flow enforcement (CET) support.
* Tue Nov 14 2023 Jan Engelhardt <jengelh@inai.de>
  - Rework conflicts again
* Fri Nov 03 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.8.2
    * Added support for truncated SHA-2 and for SHA-3.
    * The BPSW primality test performs additional Miller-Rabin rounds
      with random bases to reduce the likelihood of composites passing.
    * Allow testing of ciphers and digests using badly aligned buffers
      in openssl speed.
    * Added a workaround for a poorly thought-out change in OpenSSL 3
      that broke privilege separation support in libtls.
    * Compatibility changes:
    * Removed most public symbols that were deprecated in OpenSSL
      0.9.8.
    * Security fixes:
    * Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no
      longer be selected for use.
* Tue Jun 20 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Improve cross-package provides/conflicts [boo#1210313]
    * Remove explicit conflicts with other devel-libraries
    * Remove Obsoletes: ssl
* Mon May 29 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.7.3:
    * Bug fix: Hostflags in the verify parameters would not
      propagate from an SSL_CTX to newly created SSL.
    * Reliability fix: A double free or use after free could occur
      after SSL_clear(3).
* Sat Apr 08 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.7.2
    * Updates to the build system
* Sat Mar 18 2023 Jan Engelhardt <jengelh@inai.de>
  - Add more conflicts between openssl<>libressl
* Thu Mar 16 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.7.1
    * Added UI_null()
    * Added X509_STORE_*check_issued()
    * Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors
    * Added EVP_CIPHER_meth_*() setter API
* Mon Dec 12 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.7.0
    * New features:
    * Added Ed25519 support both as a primitive and via OpenSSL's
      EVP interfaces.
    * X25519 is now also supported via EVP.
    * The OpenSSL 1.1 raw public and private key API is available
      with support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and
      EVP_PKEY_X25519. Poly1305 is not currently supported via this
      interface.
    * Bug fixes:
    * Add EVP_chacha20_poly1305() to the list of all ciphers.
    * Avoid signed overflow in i2c_ASN1_BIT_STRING().
* Tue Nov 01 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.6.1
    * Custom verification callbacks could cause the X.509 verifier
      to fail to store errors resulting from leaf certificate
      verification.
    * Unbreak ASN.1 indefinite length encoding.
* Thu Oct 06 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.6.0
    * Avoid expensive RFC 3779 checks during cert verification.
    * The ASN.1 time parser has been refactored and rewritten using
      CBS. It has been made stricter in that it now enforces the
      rules from RFC 5280.
    * EVP API for HKDF ported from OpenSSL and subsequently cleaned
      up.
    * Add initial support for TS ESSCertIDv2 verification.
* Thu May 19 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.5.3
    * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in
      advancing the passed *der_in pointer incorrectly.
* Thu Apr 28 2022 Paolo Stivanin <info@paolostivanin.com>
  - Update to release 3.5.2:
    * New Features:
    * The RFC 3779 API was ported from OpenSSL. Many bugs were
      fixed, regression tests were added and the code was cleaned
      up.
    * Certificate Transparency was ported from OpenSSL. Many
      internal improvements were made, resulting in cleaner and
      safer code. Regress coverage was added. libssl does not yet
      make use of it.
    * Portable Improvements:
    * Fixed various POSIX compliance and other portability issues
      found by the port to the Sortix operating system.
    * Compatibility Changes:
    * Most structs that were previously defined in the following
      headers are now opaque as they are in OpenSSL 1.1: bio.h,
      bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
      x509.h, x509v3.h, x509_vfy.h
    * Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
      OpenSSL added the TLSv1.3 ciphersuites with "RFC names"
      instead of using something consistent with the previous
      naming. Various test suites expect these names (instead of
      checking for the much more sensible cipher numbers). The old
      names are still accepted as aliases.
    * Subject alternative names and name constraints are now
      validated when they are added to certificates. Various
      interoperability problems with stacks that validate
      certificates more strictly than OpenSSL can be avoided this
      way.
    * Attempt to opportunistically use the host name for SNI in
      s_client
  - Rebase des-fcrypt.diff
  - Rebase extra-symver.diff
* Wed Mar 16 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.4.3
    * A malicious certificate could cause an infinite loop in
      previous releases. [CVE-2022-0778]
/etc/libressl /etc/libressl/openssl.cnf /etc/libressl/x509v3.cnf /usr/bin/ocspcheck /usr/bin/openssl /usr/share/doc/packages/libressl /usr/share/doc/packages/libressl/COPYING /usr/share/man/man1/openssl.1ssl.gz /usr/share/man/man5/openssl.cnf.5ssl.gz /usr/share/man/man5/x509v3.cnf.5ssl.gz /usr/share/man/man8/ocspcheck.8ssl.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Oct 19 22:42:15 2025