SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 
Changelog for libopenssl-fips_0_9_8-0.9.8r-3.2.x86_64.rpm :
Fri Feb 25 13:00:00 2011 drahtAATTsuse.de
- spec file fixes

Fri Feb 25 13:00:00 2011 drahtAATTsuse.de
- split off package openssl (0.9.8r) to build openssl-fips package.
Dependency to openssl-fips-objectmodule, which itself needs
the plain openssl package.

Thu Feb 24 13:00:00 2011 drahtAATTsuse.de
- all compile time options removed, except for fips.
%prep cleaned up. It was necessary. patches still enabled.

Thu Dec 16 13:00:00 2010 drahtAATTsuse.de
- re-diff for fuzz=0

Wed Dec 15 13:00:00 2010 drahtAATTsuse.de
- specfile changes for %_lib (/usr/lib64).

Wed Dec 15 13:00:00 2010 drahtAATTsuse.de
- update to 0.9.8q for testing purposes with FIPS-140 openssl
object module

Tue Sep 1 14:00:00 2009 gjheAATTnovell.com
- fix Bug [bnc#526319]

Wed Aug 26 14:00:00 2009 cooloAATTnovell.com
- use %patch0 for Patch0

Fri Jul 3 14:00:00 2009 gjheAATTnovell.com
- update to version 0.9.8k
- patches merged upstream:
openssl-CVE-2008-5077.patch
openssl-CVE-2009-0590.patch
openssl-CVE-2009-0591.patch
openssl-CVE-2009-0789.patch
openssl-CVE-2009-1377.patch
openssl-CVE-2009-1378.patch
openssl-CVE-2009-1379.patch
openssl-CVE-2009-1386.patch
openssl-CVE-2009-1387.patch

Tue Jun 30 14:00:00 2009 gjheAATTnovell.com
- fix security bug [bnc#509031]
CVE-2009-1386
CVE-2009-1387

Tue Jun 30 14:00:00 2009 gjheAATTnovell.com
- fix security bug [bnc#504687]
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379

Wed Apr 15 14:00:00 2009 gjheAATTsuse.de
- fix security bug [bnc#489641]
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789

Wed Jan 7 13:00:00 2009 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Thu Dec 18 13:00:00 2008 jshiAATTsuse.de
- fix security bug [bnc#459468]
CVE-2008-5077

Tue Dec 9 13:00:00 2008 xwhuAATTsuse.de
- Disable optimization for s390x

Mon Dec 8 13:00:00 2008 xwhuAATTsuse.de
- Disable optimization of md4

Mon Nov 10 13:00:00 2008 xwhuAATTsuse.de
- Disable optimization of ripemd [bnc#442740]

Tue Oct 14 14:00:00 2008 xwhuAATTsuse.de
- Passing string as struct cause openssl segment-fault [bnc#430141]

Wed Jul 16 14:00:00 2008 mkoenigAATTsuse.de
- do not require openssl-certs, but rather recommend it
to avoid dependency cycle [bnc#408865]

Wed Jul 9 14:00:00 2008 mkoenigAATTsuse.de
- remove the certs subpackage from the openssl package
and move the CA root certificates into a package of its own

Tue Jun 24 14:00:00 2008 mkoenigAATTsuse.de
- update to version 0.9.8h
- openssl does not ship CA root certificates anymore
keep certificates that SuSE is already shipping
- resolves bad array index (function has been removed) [bnc#356549]
- removed patches
openssl-0.9.8g-fix_dh_for_certain_moduli.patch
openssl-CVE-2008-0891.patch
openssl-CVE-2008-1672.patch

Wed May 28 14:00:00 2008 mkoenigAATTsuse.de
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
[bnc#394317]

Wed May 21 14:00:00 2008 cthielAATTsuse.de
- fix baselibs.conf

Tue Apr 22 14:00:00 2008 mkoenigAATTsuse.de
- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Mon Nov 5 13:00:00 2007 mkoenigAATTsuse.de
- fix Diffie-Hellman failure with certain prime lengths

Mon Oct 22 14:00:00 2007 mkoenigAATTsuse.de
- update to version 0.9.8g:

* fix some bugs introduced with 0.9.8f

Mon Oct 15 14:00:00 2007 mkoenigAATTsuse.de
- update to version 0.9.8f:

* fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
- patches merged upstream:
openssl-0.9.8-key_length.patch
openssl-CVE-2007-3108-bug296511
openssl-CVE-2007-5135.patch
openssl-gcc42.patch
openssl-gcc42_b.patch
openssl-s390-config.diff

Mon Oct 1 14:00:00 2007 mkoenigAATTsuse.de
- fix buffer overflow CVE-2007-5135 [#329208]

Wed Sep 5 14:00:00 2007 mkoenigAATTsuse.de
- fix another gcc 4.2 build problem [#307669]

Fri Aug 3 14:00:00 2007 cooloAATTsuse.de
- provide the version obsoleted (#293401)

Wed Aug 1 14:00:00 2007 wernerAATTsuse.de
- Add patch from CVS for RSA key reconstruction vulnerability
(CVE-2007-3108, VU#724968, bug #296511)

Thu May 24 14:00:00 2007 mkoenigAATTsuse.de
- fix build with gcc-4.2
openssl-gcc42.patch
- do not install example scripts with executable permissions

Mon Apr 30 14:00:00 2007 roAATTsuse.de
- adapt requires

Fri Apr 27 14:00:00 2007 mkoenigAATTsuse.de
- Do not use dots in package name
- explicitly build with gcc-4.1 because of currently unresolved
failures with gcc-4.2

Wed Apr 25 14:00:00 2007 mkoenigAATTsuse.de
- Split/rename package to follow library packaging policy [#260219]
New package libopenssl0.9.8 containing shared libs
openssl-devel package renamed to libopenssl-devel
New package openssl-certs containing certificates
- add zlib-devel to Requires of devel package
- remove old Obsoletes and Conflicts
openssls (Last used Nov 2000)
ssleay (Last used 6.2)

Mon Apr 23 14:00:00 2007 mkoenigAATTsuse.de
- Fix key length [#254905,#262477]

Tue Mar 6 13:00:00 2007 mkoenigAATTsuse.de
- update to version 0.9.8e:

* patches merged upstream:
openssl-CVE-2006-2940-fixup.patch
openssl-0.9.8d-padlock-static.patch

Tue Jan 9 13:00:00 2007 mkoenigAATTsuse.de
- fix PadLock support [#230823]

Thu Nov 30 13:00:00 2006 mkoenigAATTsuse.de
- enable fix for CVE-2006-2940 [#223040], SWAMP-ID 7198

Mon Nov 6 13:00:00 2006 poemlAATTsuse.de
- configure with \'zlib\' instead of \'zlib-dynamic\'. Build with the
latter, there are problems opening the libz when running on the
Via Epia or vmware platforms. [#213305]

Wed Oct 4 14:00:00 2006 poemlAATTsuse.de
- add patch for the CVE-2006-2940 fix: the newly introduced limit
on DH modulus size could lead to a crash when exerted. [#208971]
Discovered and fixed after the 0.9.8d release.

Fri Sep 29 14:00:00 2006 poemlAATTsuse.de
- update to 0.9.8d

* ) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)

* ) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937)

* ) Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738)

* ) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)

* ) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
match only those. Before that, \"AES256-SHA\" would be interpreted
as a pattern and match \"AES128-SHA\" too (since AES128-SHA got
the same strength classification in 0.9.7h) as we currently only
have a single AES bit in the ciphersuite description bitmap.
That change, however, also applied to ciphersuite strings such as
\"RC4-MD5\" that intentionally matched multiple ciphersuites --
namely, SSL 2.0 ciphersuites in addition to the more common ones
from SSL 3.0/TLS 1.0.
So we change the selection algorithm again: Naming an explicit
ciphersuite selects this one ciphersuite, and any other similar
ciphersuite (same bitmap) from
*other
* protocol versions.
Thus, \"RC4-MD5\" again will properly select both the SSL 2.0
ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
Since SSL 2.0 does not have any ciphersuites for which the
128/256 bit distinction would be relevant, this works for now.
The proper fix will be to use different bits for AES128 and
AES256, which would have avoided the problems from the beginning;
however, bits are scarce, so we can only do this in a new release
(not just a patchlevel) when we can change the SSL_CIPHER
definition to split the single \'unsigned long mask\' bitmap into
multiple values to extend the available space.
- not in mentioned in CHANGES: patch for CVE-2006-4339 corrected
[openssl.org #1397]

Fri Sep 8 14:00:00 2006 schwabAATTsuse.de
- Fix inverted logic.

Wed Sep 6 14:00:00 2006 poemlAATTsuse.de
- update to 0.9.8c
Changes between 0.9.8b and 0.9.8c [05 Sep 2006]

* ) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]

* ) Add AES IGE and biIGE modes. [Ben Laurie]

* ) Change the Unix randomness entropy gathering to use poll() when
possible instead of select(), since the latter has some
undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]

* ) Disable \"ECCdraft\" ciphersuites more thoroughly. Now special
treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
cannot be implicitly activated as part of, e.g., the \"AES\" alias.
However, please upgrade to OpenSSL 0.9.9[-dev] for
non-experimental use of the ECC ciphersuites to get TLS extension
support, which is required for curve and point format negotiation
to avoid potential handshake problems. [Bodo Moeller]

* ) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 (\"RC4-64-MD5\")
- SSLv3/TLSv1 0x00 0x61 (\"EXP1024-RC2-CBC-MD5\")
- SSLv3/TLSv1 0x00 0x60 (\"EXP1024-RC4-MD5\")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Also deactive the remaining ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
unofficial, and the ID has long expired. [Bodo Moeller]

* ) Fix RSA blinding Heisenbug (problems sometimes occured on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]

* ) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
versions), which is now available for royalty-free use
(see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
Also, add Camellia TLS ciphersuites from RFC 4132.
To minimize changes between patchlevels in the OpenSSL 0.9.8
series, Camellia remains excluded from compilation unless OpenSSL
is configured with \'enable-camellia\'. [NTT]

* ) Disable the padding bug check when compression is in use. The padding
bug check assumes the first packet is of even length, this is not
necessarily true if compresssion is enabled and can result in false
positives causing handshake failure. The actual bug test is ancient
code so it is hoped that implementations will either have fixed it by
now or any which still have the bug do not support compression.
[Steve Henson]
Changes between 0.9.8a and 0.9.8b [04 May 2006]

* ) When applying a cipher rule check to see if string match is an explicit
cipher suite and only match that one cipher suite if it is. [Steve Henson]

* ) Link in manifests for VC++ if needed. [Austin Ziegler ]

* ) Update support for ECC-based TLS ciphersuites according to
draft-ietf-tls-ecc-12.txt with proposed changes (but without
TLS extensions, which are supported starting with the 0.9.9
branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila]

* ) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
opaque EVP_CIPHER_CTX handling. [Steve Henson]

* ) Fixes and enhancements to zlib compression code. We now only use
\"zlib1.dll\" and use the default __cdecl calling convention on Win32
to conform with the standards mentioned here:
http://www.zlib.net/DLL_FAQ.txt
Static zlib linking now works on Windows and the new --with-zlib-include
- -with-zlib-lib options to Configure can be used to supply the location
of the headers and library. Gracefully handle case where zlib library
can\'t be loaded. [Steve Henson]

* ) Several fixes and enhancements to the OID generation code. The old code
sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn\'t
handle numbers larger than ULONG_MAX, truncated printing and had a
non standard OBJ_obj2txt() behaviour. [Steve Henson]

* ) Add support for building of engines under engine/ as shared libraries
under VC++ build system. [Steve Henson]

* ) Corrected the numerous bugs in the Win32 path splitter in DSO.
Hopefully, we will not see any false combination of paths any more.
[Richard Levitte]
- enable Camellia cipher. There is a royalty free license to the
patents, see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html.
NOTE: the license forbids patches to the cipher.
- build with zlib-dynamic and add zlib-devel to BuildRequires.
Allows compression of data in TLS, although few application would
actually use it since there is no standard for negotiating the
compression method. The only one I know if is stunnel.