Changelog for libopenssl1_0_0-1.0.1e-1.4.1.x86_64.rpm :

* Mon Aug 12 2013 Fix bug[ bnc#832833] openssl ssl_set_cert_masks() is broken modify patch file: SSL_get_certificate-broken.patch
* Tue Feb 12 2013 Update to 1.0.1e o Bugfix release (bnc#803004)- Drop openssl-1.0.1d-s3-packet.patch, included upstream
* Sun Feb 10 2013 Added openssl-1.0.1d-s3-packet.patch from upstream, fixes bnc#803004, openssl ticket#2975
* Tue Feb 05 2013 update to version 1.0.1d, fixing security issues o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 bnc#802184 o Fix for TLS AESNI record handling flaw CVE-2012-2686
* Mon Nov 12 2012 fix bug[bnc#784994] - VIA padlock support on 64 systems e_padlock: add support for x86_64 gcc
* Sun Aug 19 2012 Open Internal file descriptors with O_CLOEXEC, leaving those open across fork()..execve() makes a perfect vector for a side-channel attack...
* Tue Aug 07 2012 fix build on armv5 (bnc#774710)
* Thu May 10 2012 Update to version 1.0.1c for the complete list of changes see NEWS, this only list packaging changes.- Drop aes-ni patch, no longer needed as it is builtin in openssl now.- Define GNU_SOURCE and use -std=gnu99 to build the package.- Use LFS_CFLAGS in platforms where it matters.
* Fri May 04 2012 don\'t install any demo or expired certs at all
* Mon Apr 23 2012 update to latest stable verison 1.0.0i including the following patches: CVE-2012-2110.path Bug748738_Tolerate_bad_MIME_headers.patch bug749213-Free-headers-after-use.patch bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch CVE-2012-1165.patch CVE-2012-0884.patch bug749735.patch
* Tue Mar 27 2012 fix bug[bnc#749735] - Memory leak when creating public keys. fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack CVE-2012-0884
* Thu Mar 22 2012 fix bug[bnc#751946] - S/MIME verification may erroneously fail CVE-2012-1165
* Wed Mar 21 2012 fix bug[bnc#749213]-Free headers after use in error message and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
* Tue Mar 20 2012 license update: OpenSSL
* Fri Feb 24 2012 fix bug[bnc#748738] - Tolerate bad MIME headers in openssl\'s asn1 parser. CVE-2006-7250
* Thu Feb 02 2012 Update to version 1.0.0g fix the following: DTLS DoS attack (CVE-2012-0050)
* Wed Jan 11 2012 Update to version 1.0.0f fix the following: DTLS Plaintext Recovery Attack (CVE-2011-4108) Uninitialized SSL 3.0 Padding (CVE-2011-4576) Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) SGC Restart DoS Attack (CVE-2011-4619) Invalid GOST parameters DoS Attack (CVE-2012-0027)
* Tue Oct 18 2011 AES-NI: Check the return value of Engine_add() if the ENGINE_add() call fails: it ends up adding a reference to a freed up ENGINE which is likely to subsequently contain garbage This will happen if an ENGINE with the same name is added multiple times,for example different libraries. [bnc#720601]
* Sat Oct 08 2011 Build with -DSSL_FORBID_ENULL so servers are not able to use the NULL encryption ciphers (Those offering no encryption whatsoever).
* Wed Sep 07 2011 Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210 see for details.
* Sat Aug 06 2011 Add upstream patch that calls ENGINE_register_all_complete() in ENGINE_load_builtin_engines() saving us from adding dozens of calls to such function to calling applications.
* Fri Aug 05 2011 remove -fno-strict-aliasing from CFLAGS no longer needed and is likely to slow down stuff.
* Mon Jul 25 2011 Edit baselibs.conf to provide libopenssl-devel-32bit too
* Fri Jun 24 2011 update to latest stable version 1.0.0d. patch removed(already in the new package): CVE-2011-0014 patch added: ECDSA_signatures_timing_attack.patch
* Tue May 31 2011 fix bug[bnc#693027]. Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: [Billy Bob Brumley and Nicola Tuveri]
* Mon May 16 2011 added openssl as dependency in the devel package
* Thu Feb 10 2011 fix bug [bnc#670526] CVE-2011-0014,OCSP stapling vulnerability
* Sat Jan 15 2011 Add patch from upstream in order to support AES-NI instruction set present on current Intel and AMD processors
* Mon Jan 10 2011 enable -DPURIFY to avoid valgrind errors.
* Thu Dec 09 2010 update to stable version 1.0.0c. patch included: CVE-2010-1633_and_CVE-2010-0742.patch patchset-19727.diff CVE-2010-2939.patch CVE-2010-3864.patch
* Thu Nov 18 2010 fix bug [bnc#651003] CVE-2010-3864
* Sat Sep 25 2010 fix bug [bnc#629905] CVE-2010-2939
* Wed Jul 28 2010 Exclude static libraries, see what breaks and fix that instead
* Wed Jun 30 2010 fix two compile errors on SPARC
* Tue Jun 15 2010 -fstack-protector is not supported on hppa
* Fri Jun 04 2010 fix bnc #610642 CVE-2010-0742 CVE-2010-1633
* Mon May 31 2010 fix bnc #610223,change Configure to tell openssl to load engines from /%{_lib} instead of %{_libdir}
* Mon May 10 2010 Do not compile in build time but use mtime of changes file instead. This allows build-compare to identify that no changes have happened.
* Tue May 04 2010 build libopenssl to /%{_lib} dir,and keep only one libopenssl-devel for new developping programs.
* Tue Apr 27 2010 build libopenssl and libopenssl-devel to a version directory
* Sat Apr 24 2010 buildrequire pkg-config to fix provides
* Wed Apr 21 2010 also create old certificate hash in /etc/ssl/certs for compatibility with applications that still link against 0.9.8
* Mon Apr 12 2010 Disable our own build targets, instead use the openSSL provided ones as they are now good (or should be good at least).- add -Wa,--noexecstack to the Configure call, this is the upstream approved way to avoid exec-stack marking
* Mon Apr 12 2010 update to 1.0.0 Merge the following patches from 0.9.8k: openssl-0.9.6g-alpha.diff openssl-0.9.7f-ppc64.diff openssl-0.9.8-flags-priority.dif openssl-0.9.8-sparc.dif openssl-allow-arch.diff openssl-hppa-config.diff
* Fri Apr 09 2010 fixed \"exectuable stack\" for issue on i586 by adjusting the assembler output during MMX builds.
* Wed Apr 07 2010 Openssl is now partially converted to libdir usage upstream, merge that in to fix lib64 builds.
* Thu Mar 25 2010 fix security bug [bnc#590833] CVE-2010-0740
* Mon Mar 22 2010 update to version 0.9.8m Merge the following patches from 0.9.8k: bswap.diff non-exec-stack.diff openssl-0.9.6g-alpha.diff openssl-0.9.7f-ppc64.diff openssl-0.9.8-flags-priority.dif openssl-0.9.8-sparc.dif openssl-allow-arch.diff openssl-hppa-config.diff
* Fri Feb 05 2010 build openssl for sparc64
* Mon Dec 14 2009 add baselibs.conf as a source- package documentation as noarch
* Tue Nov 03 2009 updated patches to apply with fuzz=0
* Tue Sep 01 2009 fix Bug [bnc#526319]
* Wed Aug 26 2009 use %patch0 for Patch0
* Fri Jul 03 2009 update to version 0.9.8k- patches merged upstream: openssl-CVE-2008-5077.patch openssl-CVE-2009-0590.patch openssl-CVE-2009-0591.patch openssl-CVE-2009-0789.patch openssl-CVE-2009-1377.patch openssl-CVE-2009-1378.patch openssl-CVE-2009-1379.patch openssl-CVE-2009-1386.patch openssl-CVE-2009-1387.patch
* Tue Jun 30 2009 fix security bug [bnc#509031] CVE-2009-1386 CVE-2009-1387
* Tue Jun 30 2009 fix security bug [bnc#504687] CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
* Wed Apr 15 2009 fix security bug [bnc#489641] CVE-2009-0590 CVE-2009-0591 CVE-2009-0789