Changelog for libopenssl-fips_0_9_8-0.9.8r-3.2.x86_64.rpm :
Fri Feb 25 13:00:00 2011
- spec file fixes

Fri Feb 25 13:00:00 2011
- split off package openssl (0.9.8r) to build openssl-fips package.
Dependency to openssl-fips-objectmodule, which itself needs
the plain openssl package.

Thu Feb 24 13:00:00 2011
- all compile time options removed, except for fips.
%prep cleaned up. It was necessary. patches still enabled.

Thu Dec 16 13:00:00 2010
- re-diff for fuzz=0

Wed Dec 15 13:00:00 2010
- specfile changes for %_lib (/usr/lib64).

Wed Dec 15 13:00:00 2010
- update to 0.9.8q for testing purposes with FIPS-140 openssl
object module

Tue Sep 1 14:00:00 2009
- fix Bug [bnc#526319]

Wed Aug 26 14:00:00 2009
- use %patch0 for Patch0

Fri Jul 3 14:00:00 2009
- update to version 0.9.8k
- patches merged upstream:

Tue Jun 30 14:00:00 2009
- fix security bug [bnc#509031]

Tue Jun 30 14:00:00 2009
- fix security bug [bnc#504687]

Wed Apr 15 14:00:00 2009
- fix security bug [bnc#489641]

Wed Jan 7 13:00:00 2009
- obsolete old -XXbit packages (bnc#437293)

Thu Dec 18 13:00:00 2008
- fix security bug [bnc#459468]

Tue Dec 9 13:00:00 2008
- Disable optimization for s390x

Mon Dec 8 13:00:00 2008
- Disable optimization of md4

Mon Nov 10 13:00:00 2008
- Disable optimization of ripemd [bnc#442740]

Tue Oct 14 14:00:00 2008
- Passing string as struct cause openssl segment-fault [bnc#430141]

Wed Jul 16 14:00:00 2008
- do not require openssl-certs, but rather recommend it
to avoid dependency cycle [bnc#408865]

Wed Jul 9 14:00:00 2008
- remove the certs subpackage from the openssl package
and move the CA root certificates into a package of its own

Tue Jun 24 14:00:00 2008
- update to version 0.9.8h
- openssl does not ship CA root certificates anymore
keep certificates that SuSE is already shipping
- resolves bad array index (function has been removed) [bnc#356549]
- removed patches

Wed May 28 14:00:00 2008
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)

Wed May 21 14:00:00 2008
- fix baselibs.conf

Tue Apr 22 14:00:00 2008
- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]

Thu Apr 10 14:00:00 2008
- added baselibs.conf file to build xxbit packages
for multilib support

Mon Nov 5 13:00:00 2007
- fix Diffie-Hellman failure with certain prime lengths

Mon Oct 22 14:00:00 2007
- update to version 0.9.8g:

* fix some bugs introduced with 0.9.8f

Mon Oct 15 14:00:00 2007
- update to version 0.9.8f:

* fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
- patches merged upstream:

Mon Oct 1 14:00:00 2007
- fix buffer overflow CVE-2007-5135 [#329208]

Wed Sep 5 14:00:00 2007
- fix another gcc 4.2 build problem [#307669]

Fri Aug 3 14:00:00 2007
- provide the version obsoleted (#293401)

Wed Aug 1 14:00:00 2007
- Add patch from CVS for RSA key reconstruction vulnerability
(CVE-2007-3108, VU#724968, bug #296511)

Thu May 24 14:00:00 2007
- fix build with gcc-4.2
- do not install example scripts with executable permissions

Mon Apr 30 14:00:00 2007
- adapt requires

Fri Apr 27 14:00:00 2007
- Do not use dots in package name
- explicitly build with gcc-4.1 because of currently unresolved
failures with gcc-4.2

Wed Apr 25 14:00:00 2007
- Split/rename package to follow library packaging policy [#260219]
New package libopenssl0.9.8 containing shared libs
openssl-devel package renamed to libopenssl-devel
New package openssl-certs containing certificates
- add zlib-devel to Requires of devel package
- remove old Obsoletes and Conflicts
openssls (Last used Nov 2000)
ssleay (Last used 6.2)

Mon Apr 23 14:00:00 2007
- Fix key length [#254905,#262477]

Tue Mar 6 13:00:00 2007
- update to version 0.9.8e:

* patches merged upstream:

Tue Jan 9 13:00:00 2007
- fix PadLock support [#230823]

Thu Nov 30 13:00:00 2006
- enable fix for CVE-2006-2940 [#223040], SWAMP-ID 7198

Mon Nov 6 13:00:00 2006
- configure with \'zlib\' instead of \'zlib-dynamic\'. Build with the
latter, there are problems opening the libz when running on the
Via Epia or vmware platforms. [#213305]

Wed Oct 4 14:00:00 2006
- add patch for the CVE-2006-2940 fix: the newly introduced limit
on DH modulus size could lead to a crash when exerted. [#208971]
Discovered and fixed after the 0.9.8d release.

Fri Sep 29 14:00:00 2006
- update to 0.9.8d

* ) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)

* ) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937)

* ) Fix buffer overflow in SSL_get_shared_ciphers() function.

* ) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)

* ) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
match only those. Before that, \"AES256-SHA\" would be interpreted
as a pattern and match \"AES128-SHA\" too (since AES128-SHA got
the same strength classification in 0.9.7h) as we currently only
have a single AES bit in the ciphersuite description bitmap.
That change, however, also applied to ciphersuite strings such as
\"RC4-MD5\" that intentionally matched multiple ciphersuites --
namely, SSL 2.0 ciphersuites in addition to the more common ones
from SSL 3.0/TLS 1.0.
So we change the selection algorithm again: Naming an explicit
ciphersuite selects this one ciphersuite, and any other similar
ciphersuite (same bitmap) from
* protocol versions.
Thus, \"RC4-MD5\" again will properly select both the SSL 2.0
ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
Since SSL 2.0 does not have any ciphersuites for which the
128/256 bit distinction would be relevant, this works for now.
The proper fix will be to use different bits for AES128 and
AES256, which would have avoided the problems from the beginning;
however, bits are scarce, so we can only do this in a new release
(not just a patchlevel) when we can change the SSL_CIPHER
definition to split the single \'unsigned long mask\' bitmap into
multiple values to extend the available space.
- not in mentioned in CHANGES: patch for CVE-2006-4339 corrected
[ #1397]

Fri Sep 8 14:00:00 2006
- Fix inverted logic.

Wed Sep 6 14:00:00 2006
- update to 0.9.8c
Changes between 0.9.8b and 0.9.8c [05 Sep 2006]

* ) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]

* ) Add AES IGE and biIGE modes. [Ben Laurie]

* ) Change the Unix randomness entropy gathering to use poll() when
possible instead of select(), since the latter has some
undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]

* ) Disable \"ECCdraft\" ciphersuites more thoroughly. Now special
treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
cannot be implicitly activated as part of, e.g., the \"AES\" alias.
However, please upgrade to OpenSSL 0.9.9[-dev] for
non-experimental use of the ECC ciphersuites to get TLS extension
support, which is required for curve and point format negotiation
to avoid potential handshake problems. [Bodo Moeller]

* ) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 (\"RC4-64-MD5\")
- SSLv3/TLSv1 0x00 0x61 (\"EXP1024-RC2-CBC-MD5\")
- SSLv3/TLSv1 0x00 0x60 (\"EXP1024-RC4-MD5\")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Also deactive the remaining ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
unofficial, and the ID has long expired. [Bodo Moeller]

* ) Fix RSA blinding Heisenbug (problems sometimes occured on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]

* ) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
versions), which is now available for royalty-free use
Also, add Camellia TLS ciphersuites from RFC 4132.
To minimize changes between patchlevels in the OpenSSL 0.9.8
series, Camellia remains excluded from compilation unless OpenSSL
is configured with \'enable-camellia\'. [NTT]

* ) Disable the padding bug check when compression is in use. The padding
bug check assumes the first packet is of even length, this is not
necessarily true if compresssion is enabled and can result in false
positives causing handshake failure. The actual bug test is ancient
code so it is hoped that implementations will either have fixed it by
now or any which still have the bug do not support compression.
[Steve Henson]
Changes between 0.9.8a and 0.9.8b [04 May 2006]

* ) When applying a cipher rule check to see if string match is an explicit
cipher suite and only match that one cipher suite if it is. [Steve Henson]

* ) Link in manifests for VC++ if needed. [Austin Ziegler ]

* ) Update support for ECC-based TLS ciphersuites according to
draft-ietf-tls-ecc-12.txt with proposed changes (but without
TLS extensions, which are supported starting with the 0.9.9
branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila]

* ) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
opaque EVP_CIPHER_CTX handling. [Steve Henson]

* ) Fixes and enhancements to zlib compression code. We now only use
\"zlib1.dll\" and use the default __cdecl calling convention on Win32
to conform with the standards mentioned here:
Static zlib linking now works on Windows and the new --with-zlib-include
- -with-zlib-lib options to Configure can be used to supply the location
of the headers and library. Gracefully handle case where zlib library
can\'t be loaded. [Steve Henson]

* ) Several fixes and enhancements to the OID generation code. The old code
sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn\'t
handle numbers larger than ULONG_MAX, truncated printing and had a
non standard OBJ_obj2txt() behaviour. [Steve Henson]

* ) Add support for building of engines under engine/ as shared libraries
under VC++ build system. [Steve Henson]

* ) Corrected the numerous bugs in the Win32 path splitter in DSO.
Hopefully, we will not see any false combination of paths any more.
[Richard Levitte]
- enable Camellia cipher. There is a royalty free license to the
patents, see
NOTE: the license forbids patches to the cipher.
- build with zlib-dynamic and add zlib-devel to BuildRequires.
Allows compression of data in TLS, although few application would
actually use it since there is no standard for negotiating the
compression method. The only one I know if is stunnel.