Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libopenssl0_9_8-0.9.8j-27.1 RPM for armv7hl

From OpenSuSE Ports Leap 42.3 updates for armv7hl

Name: libopenssl0_9_8 Distribution: openSUSE Leap 42.3
Version: 0.9.8j Vendor: openSUSE
Release: 27.1 Build date: Tue Dec 11 11:07:38 2018
Group: Productivity/Networking/Security Build host: obs-arm-5
Size: 2327871 Source RPM: compat-openssl098-0.9.8j-27.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.openssl.org/
Summary: Secure Sockets and Transport Layer Security
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.

Please read the file /usr/share/doc/packages/openssl/README-FIPS.txt
for information on FIPS-140-2 compliant mode of operation of the
openssl shared libraries.

Provides

Requires

License

OpenSSL

Changelog

* Wed Nov 28 2018 Vítězslav Čížek <vcizek@suse.com>
  - Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9)
    * modify openssl-CVE-2016-8610.patch
* Wed Nov 14 2018 Vítězslav Čížek <vcizek@suse.com>
  - Elliptic curve scalar multiplication timing attack defenses
    * fixes "PortSmash" (bsc#1113534, CVE-2018-5407)
  - Add openssl-CVE-2018-5407-PortSmash.patch
* Mon Nov 05 2018 Vítězslav Čížek <vcizek@suse.com>
  - OpenSSL Security Advisory [30 October 2018]
    * Timing vulnerability in DSA signature generation
      (bsc#1113652, CVE-2018-0734)
    * And more timing fixes
  - Add patches:
    * openssl-CVE-2018-0734.patch
    * 0001-Merge-to-1.0.2-DSA-mod-inverse-fix.patch
    * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
    * 0001-DSA-Address-a-timing-side-channel-whereby-it-is-possible.patch
    * 0002-ECDSA-Address-a-timing-side-channel-whereby-it-is-possible.patch
* Thu Aug 16 2018 vcizek@suse.com
  - Fix One&Done side-channel attack on RSA (bsc#1104789)
    * add openssl-One_and_Done.patch
* Mon Aug 13 2018 vcizek@suse.com
  - OpenSSL Security Advisory [12 June 2018]
    * Reject excessively large primes in DH key generation
      (bsc#1097158, CVE-2018-0732)
    - add openssl-CVE-2018-0732.patch
    * blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)
    - add 0001-Add-blinding-to-a-DSA-signature.patch and
      0001-Add-blinding-to-an-ECDSA-signature.patch
* Thu Aug 09 2018 vcizek@suse.com
  - OpenSSL Security Advisory [16 Apr 2018]
    * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
      (bsc#1089039)
    - add openssl-CVE-2018-0737.patch
* Tue Mar 27 2018 vcizek@suse.com
  - OpenSSL Security Advisory [27 Mar 2018]
    * Constructed ASN.1 types with a recursive definition could exceed
      the stack (CVE-2018-0739) (bsc#1087102)
  - add openssl-CVE-2018-0739.patch
* Mon Nov 06 2017 vcizek@suse.com
  - Backport alternative chain lookup patches (bsc#1032261)
    * openssl-1.0.1i-trusted-first.patch
    * openssl-1.0.1i-alt-chains.patch
  - fix crash in DES (bsc#1065363)
    * add openssl-fix_crash_in_DES.patch
* Tue Apr 18 2017 vcizek@suse.com
  - backport DEFAULT_SUSE cipher list (bsc#1034941)
    * add openssl-add_DEFAULT_SUSE_cipher_list.patch
* Tue Jan 31 2017 vcizek@suse.com
  - OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)
  - ECSDA P-256 timing attack key recovery (bsc#1019334, CVE-2016-7056)
  - remote denial of service in SSL alert handling
    (bsc#1005878, CVE-2016-8610)
  - degrade 3DES to MEDIUM in SSL2 (bsc#1001912)
  - fix crash in openssl speed (bsc#1000677)
  - added patches:
    * openssl-CVE-2016-7056.patch
    * openssl-CVE-2016-8610.patch
    * openssl-fix_crash_in_openssl_speed.patch
    * openssl-degrade_3DES_to_MEDIUM_in_SSL2.patch
  - add missing commit for CVE-2016-2108 (bsc#1004499)
    * updated openssl-CVE-2016-2108.patch
  - don't attempt session resumption if no ticket is present and session
    ID length is zero (bsc#984663)
    * add openssl-no_session_resumption_without_ticket.patch
* Fri Sep 23 2016 vcizek@suse.com
  - resume reading from /dev/urandom when interrupted by a signal
    (bsc#995075)
    * add openssl-randfile_fread_interrupt.patch
* Thu Sep 22 2016 vcizek@suse.com
  - OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
    Severity: High
    * OCSP Status Request extension unbounded memory growth
      (CVE-2016-6304) (bsc#999666)
    Severity: Low
    * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
    * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
    * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
    * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
    * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
    * Birthday attack against 64-bit block ciphers (SWEET32)
      (CVE-2016-2183) (bsc#995359)
    * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
    * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
    * Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
  - added patches:
    * openssl-CVE-2016-2177.patch
    * openssl-CVE-2016-2178.patch
    * openssl-CVE-2016-2179.patch
    * openssl-CVE-2016-2181.patch
    * openssl-CVE-2016-2182.patch
    * openssl-CVE-2016-2183-SWEET32.patch
    * openssl-CVE-2016-6302.patch
    * openssl-CVE-2016-6303.patch
    * openssl-CVE-2016-6304.patch
    * openssl-CVE-2016-6306.patch
    * 0001-PR-2506.patch
* Thu Sep 22 2016 vcizek@suse.com
  - update expired S/MIME certs (bsc#979475)
    * add openssl-update-expired-smime-certs.patch
  - fix crash in print_notice (bsc#998190)
    * add openssl-print_notice-NULL_crash.patch
* Thu Apr 28 2016 vcizek@suse.com
  - OpenSSL Security Advisory [3rd May 2016]
    * Memory corruption in the ASN.1 encoder
    - bsc#977617 (CVE-2016-2108)
    * EVP_EncodeUpdate overflow
    - bsc#977614 (CVE-2016-2105)
    * EVP_EncryptUpdate overflow
    - bsc#977615 (CVE-2016-2106)
    * ASN.1 BIO excessive memory allocation
    - bsc#976942 (CVE-2016-2109)
    * add patches
      + openssl-CVE-2016-2105.patch
      + openssl-CVE-2016-2106.patch
      + openssl-CVE-2016-2108.patch
      + openssl-CVE-2016-2109.patch
  - Fix side channel attack on modular exponentiation
    * "CacheBleed" (bsc#968050)
    * add openssl-CVE-2016-0702.patch
  - Fix buffer overrun in ASN1_parse (bsc#976943)
    * add 0001-Fix-buffer-overrun-in-ASN1_parse.patch
  - Rename README.SuSE to the new spelling (bsc#889013)
* Fri Feb 26 2016 psimons@suse.com
  - Fix CVE-2016-0797 (bnc#968048) via "openssl-CVE-2016-0797.patch".
    The BN_hex2bn() and BN_dec2bn() functions had a bug that could
    result in an attempt to de-reference a NULL pointer. This could
    have security consequences if these functions were ever called by
    user applications with large untrusted hex/decimal data. Also,
    internal usage of these functions in OpenSSL uses data from config
    files or application command line arguments. If user developed
    applications generated config file data based on untrusted data,
    then this could have had security consequences as well.
  - Fix CVE-2016-0799 (bnc#968374) via "openssl-CVE-2016-0799.patch".
    On many 64 bit systems, the internal fmtstr() and doapr_outch()
    functions could miscalculate the length of a string and attempt to
    access out-of-bounds memory locations. These problems could have
    enabled attacks where large amounts of untrusted data is passed to
    the BIO_*printf functions. If applications use these functions in
    this way then they could have been vulnerable. OpenSSL itself uses
    these functions when printing out human-readable dumps of ASN.1
    data. Therefore applications that print this data could have been
    vulnerable if the data is from untrusted sources. OpenSSL command
    line applications could also have been vulnerable when they print
    out ASN.1 data, or if untrusted data is passed as command line
    arguments. Libssl is not considered directly vulnerable.
  - Fix CVE-2016-0800 (bnc#968046, "Drown"). OpenSSL used to be
    vulnerable to a cross-protocol attack that could lead to
    decryption of TLS sessions by using a server supporting SSLv2 and
    EXPORT cipher suites as a Bleichenbacher RSA padding oracle. The
    patch "openssl-CVE-2016-0800-DROWN-disable-ssl2.patch" remedies
    this issue by disabling the SSLv2 protocol (unless the environment
    variable $OPENSSL_ALLOW_SSL2 is defined) and all weak EXPORT
    ciphers (unless $OPENSSL_ALLOW_EXPORT is defined).
* Wed Feb 24 2016 vcizek@suse.com
  - avoid running OPENSSL_config twice. This avoids breaking
    engine loading. (bsc#952871, bsc#967787)
    * add openssl-avoid-config-twice.patch
* Fri Feb 12 2016 vcizek@suse.com
  - fix CVE-2015-3197 (bsc#963415)
    * SSLv2 doesn't block disabled ciphers
    * add openssl-CVE-2015-3197.patch
* Fri Dec 04 2015 vcizek@suse.com
  - X509_ATTRIBUTE memory leak (CVE-2015-3195) (bsc#957812)
    * added openssl-CVE-2015-3195.patch
* Fri Dec 04 2015 vcizek@suse.com
  - prevent segfault in s_client with invalid options (bsc#952099)
    * added openssl-s_client-check-if-con-null-before-using-it.patch
* Wed Oct 21 2015 vcizek@suse.com
  - fix an ecdh negotiation bug (bsc#947833)
    * added openssl-fix-ecdh_negotiation_bug.patch
* Tue Aug 04 2015 vcizek@suse.com
  - fixed a regression caused by openssl-CVE-2015-0287.patch
    (bsc#937492)
* Mon Jun 15 2015 vcizek@suse.com
  - remove libopenssl0_9_8-hmac from baselibs.conf
* Mon Jun 15 2015 vcizek@suse.com
  - disable EXPORT ciphers by default (bnc#931698, comment #3)
    * added openssl-disable_EXPORT_ciphers_by_default.patch
* Fri Jun 12 2015 vcizek@suse.com
  - CVE-2015-4000 (boo#931698)
    * The Logjam Attack / weakdh.org
    * reject connections with DH parameters shorter than 1024 bits
    * generates 2048-bit DH parameters by default
  - CVE-2015-1788 (boo#934487)
    * Malformed ECParameters causes infinite loop
  - CVE-2015-1789 (boo#934489)
    * Exploitable out-of-bounds read in X509_cmp_time
  - CVE-2015-1790 (boo#934491)
    * PKCS7 crash with missing EnvelopedContent
  - CVE-2015-1792 (boo#934493)
    * CMS verify infinite loop with unknown hash function
  - CVE-2015-1791 (boo#933911)
    * race condition in NewSessionTicket
  - CVE-2015-3216 (boo#933898)
    * Crash in ssleay_rand_bytes due to locking regression
    * modified openssl-1.0.1i-fipslocking.patch
  - fix timing side channel in RSA decryption (bnc#929678)
  - newly added patches:
    * 0001-s_server-Use-2048-bit-DH-parameters-by-default.patch
    * 0002-dhparam-set-the-default-to-2048-bits.patch
    * 0003-dhparam-fix-documentation.patch
    * 0004-Update-documentation-with-Diffie-Hellman-best-practi.patch
    * 0005-client-reject-handshakes-with-DH-parameters-1024-bits.patch
    * openssl-CVE-2015-1788.patch
    * openssl-CVE-2015-1789.patch
    * openssl-CVE-2015-1790.patch
    * openssl-CVE-2015-1791.patch
    * openssl-CVE-2015-1792.patch
    * openssl-RSA_premaster_secret_in_constant_time.patch
* Thu Apr 16 2015 vcizek@suse.com
  - add ECC ciphersuites to DEFAULT (bnc#879179)
    * modified openssl-enable-ecdh.patch
* Mon Mar 16 2015 vcizek@suse.com
  - security update:
    * CVE-2015-0209 (bnc#919648)
    - Fix a failure to NULL a pointer freed on error
    * CVE-2015-0286 (bnc#922496)
    - Segmentation fault in ASN1_TYPE_cmp
    * CVE-2015-0287 (bnc#922499)
    - ASN.1 structure reuse memory corruption
    * CVE-2015-0288 x509: (bnc#920236)
    - added missing public key is not NULL check
    * CVE-2015-0289 (bnc#922500)
    - PKCS7 NULL pointer dereferences
    * CVE-2015-0292 (bnc#922501)
    - Base64 decode
    * CVE-2015-0293 (bnc#922488)
    - Fix reachable assert in SSLv2 servers
    * added patches:
    openssl-CVE-2015-0209.patch
    openssl-CVE-2015-0286.patch
    openssl-CVE-2015-0287.patch
    openssl-CVE-2015-0288.patch
    openssl-CVE-2015-0289.patch
    openssl-CVE-2015-0292.patch
    openssl-CVE-2015-0293.patch
* Wed Feb 04 2015 vcizek@suse.com
  - fix a memory leak in ssl_lib.c (CVE-2009-5146) (bnc#915976)
    * added openssl-CVE-2009-5146.patch
* Fri Jan 09 2015 vcizek@suse.com
  - fix for several security vulnerabilities:
    * CVE-2014-3570 (bnc#912296)
    - Bignum squaring (BN_sqr) may produce incorrect results on some
      platforms, including x86_64.
    - added openssl-CVE-2014-3570.patch
    * CVE-2014-3571 (bnc#912294)
    - Fix crash in dtls1_get_record whilst in the listen state where
      you get two separate reads performed - one for the header and
      one for the body of the handshake record.
    - added openssl-CVE-2014-3571.patch
    * CVE-2014-3572 (bnc#912015)
    - don't accept a handshake using an ephemeral ECDH ciphersuites
      with the server key exchange message omitted.
    - added openssl-CVE-2014-3572.patch
    * CVE-2014-8275 (bnc#912018)
    - fix various certificate fingerprint issues
    - added openssl-CVE-2014-8275.patch
    * CVE-2015-0204 (bnc#912014)
    - Only allow ephemeral RSA keys in export ciphersuites
    - added openssl-CVE-2015-0204.patch
    * CVE-2015-0205 (bnc#912293)
    - OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't
      support DH certificates and this typo prohibits skipping of
      certificate verify message for sign only certificates anyway.
    - patch only fixes the wrong condition
    - added openssl-CVE-2015-0205.patch
* Wed Oct 22 2014 vcizek@suse.com
  - fix regression caused by CVE-2014-0224.patch (bnc#892403)
  - added patches:
    * Fix-stateless-session-resumption-so-it-can-coexist-with-SNI.patch
    * Generate-stateless-session-ID-just-after-the-ticket-is-r.patch
* Tue Oct 21 2014 vcizek@suse.com
  - security fixes for bnc#901277 and bnc#901223
  - NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability.
    OpenSSL only adds downgrade detection support for client applications.
    See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.
  - details of the addressed vulnerabilities:
    * ) Session Ticket Memory Leak.
      When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
      integrity of that ticket is first verified. In the event of a session
      ticket integrity check failing, OpenSSL will fail to free memory
      causing a memory leak. By sending a large number of invalid session
      tickets an attacker could exploit this issue in a Denial Of Service
      attack.
      (CVE-2014-3567)
    * ) Build option no-ssl3 is incomplete.
      When OpenSSL is configured with "no-ssl3" as a build option, servers
      could accept and complete a SSL 3.0 handshake, and clients could be
      configured to send them.
      (CVE-2014-3568)
    * ) Add support for TLS_FALLBACK_SCSV.
      Client applications doing fallback retries should call
      SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
      (CVE-2014-3566)
* Mon Aug 18 2014 vcizek@suse.com
  - Double Free when processing DTLS packets (CVE-2014-3505)
    * added openssl-CVE-2014-3505.patch
    * bnc#890767
  - DTLS memory exhaustion (CVE-2014-3506)
    * added openssl-CVE-2014-3506.patch
    * bnc#890768
  - DTLS memory leak from zero-length fragments (CVE-2014-3507)
    * added openssl-CVE-2014-3507.patch
    * bnc#890769
  - Information leak in pretty printing functions (CVE-2014-3508)
    * added openssl-CVE-2014-3508.patch
    * bnc#890764
  - OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
    * added openssl-CVE-2014-3510.patch
    * bnc#890770
* Tue Jul 08 2014 meissner@suse.com
  - exclusivearch for SLE11 architectures still in in SLE12
* Mon Jul 07 2014 meissner@suse.com
  - compat library taken from SLE11 openssl 0.9.8j. FATE#316925
    - only the shared objects are included, no development
      headers.
    - engines directory is /usr/lib(64)/engines098
* Mon Jun 02 2014 shchang@suse.com
  - Fixed bug[ bnc#880891], prevent buffer overread, by Sebastian Krahmer
    * Add patch file: prevent_buffer_overread.patch
* Mon Jun 02 2014 shchang@suse.com
  - Fixed bug[ bnc#880891], multiple OpenSSL CVE issues
    Add patch files: CVE-2014-3470.patch, CVE-2014-0221.patch, CVE-2014-0224.patch
* Tue Mar 25 2014 shchang@suse.com
  - Fix bug[ bnc#870192], Some libraries like libcrypto.so.0.9.8 (32bit) has the execstack flag set
    Add compile option "-Wa,--noexecstack" to make the stack non-executable
* Tue Mar 25 2014 shchang@suse.com
  - Fix bug[ bnc#869945] CVE-2014-0076: openssl: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
    Add file: CVE-2014-0076.patch
* Wed Feb 19 2014 shchang@suse.com
  - add file: fix-pod-number.patch
* Fri Feb 07 2014 meissner@suse.com
  - openssl-0.9.8b-ipv6-apps.patch: enable ipv6 in the openssl
    commandline tool. bnc#859228
* Fri Feb 07 2014 meissner@suse.com
  - openssl-enable-ecdh.patch:
    Enable ECDH / ECDHE key exchanges. (already available, but
    previously disabled as it was only a draft standard).
    bnc#859924
* Fri Feb 07 2014 meissner@suse.com
  - openssl-0.9.8j-c_rehash-with-openssl1.patch:
    If we have an (optional) openssl1 binary installed, use this to
    generate both openssl 0 and openssl 1 style certificate hashes.
    bnc#862181
* Thu Jan 23 2014 shchang@suse.com
  - Fix bug[ bnc#860332] openssl cmdline does not check certs
    Add file: bug860332-cmdline-check-certs.patch
* Fri Mar 22 2013 shchang@suse.com
  - Fix bug[ bnc#802648] CVE-2013-0169( openssl): Luck-13 issue
    Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert.
    modify patch file: CVE-2013-0169.patch
* Thu Mar 14 2013 shchang@suse.com
  - Fix bug[ bnc#808942] Remove patch file: CVE-2011-4354.patch, because
    it's not affect on SLE-9/10/11
* Fri Mar 08 2013 shchang@suse.com
  - Fix bug[ bnc#779952] CVE-2012-4929: avoid the openssl CRIME attack
    Modify patch file: compression_methods_switch.patch
* Thu Mar 07 2013 shchang@suse.com
  - Fix bug[ bnc#733252] CVE-2011-4354: 0.9.8g 32bit leaks ECC private keys
    Add patch file: CVE-2011-4354.patch
* Tue Feb 12 2013 shchang@suse.com
  - Fix bug[ bnc#802648] CVE-2013-0169( openssl): Luck-13 issue
    Add patch file: CVE-2013-0169.patch
* Fri Feb 08 2013 shchang@suse.com
  - FIX BUG[ bnc#802746] CVE-2013-0166( openssl): OCSP invalid key Dos issue
    Add patch file: CVE-2013-0166.patch
* Tue Jul 10 2012 draht@suse.de
  - correction of openssl-fips__0300_run*.diff: Add check with
    FIPS_mode() if FIPS was already initialized to avoid an abort
    due to FIPS_mode_set(1) twice, and to avoid a mode change by
    env or kernel cmdline back to 0 after initialization via
    FIPS_mode_set(1) from the calling app.
* Tue Jun 26 2012 meissner@suse.com
  - fix bug[bnc#768097] missing parameter validity checking in
    FIPS Diffie-Hellman code. (CVE-2011-5095)
* Mon Jun 18 2012 draht@suse.de
  - openssl-fips__0300_run_selftests_if_hmac_files_present.diff:
    if fips mode is given, run as usual. If fips is not on, see
    if the .hmac files are there. If not, abort the self-tests and
    continue. If yes, go through all the fips self-tests, but do
    not set FIPS mode.
  - package split: new sub-package libopenssl0_9_8-hmac that contains
    the two HMAC hashes for the library binaries only.
  - baselibs.conf: libopenssl0_9_8-hmac-32bit must require
    libopenssl0_9_8-32bit (exact version and release), not
    libopenssl0_9_8.
  - .spec change: added FIPSCANLIB="" to make test, or SSLv3 fails
    because forbidden in FIPS mode.
  - updated /usr/share/doc/packages/openssl/README-FIPS.txt with the
    information above.
  - [bnc#767256]
* Thu May 24 2012 meissner@suse.de
  - bug[bnc#749735] fixed a deadlock condition caused by entering a
    lock twice
* Wed May 23 2012 gjhe@suse.com
  - fix bug[bnc#761838] - denial of service via cbc mode handling
    CVE-2012-2333
* Fri May 11 2012 gjhe@suse.com
  - fix bug[bnc#761324] - TP-L3: enable cms feature in openssl
    backport cms's latest updates from the latest stable version 0.9.8x.
* Thu May 03 2012 gjhe@suse.com
  - fix [bug#759008] - valgrind showing different output on 32/64bit
    for the same test program
* Thu May 03 2012 gjhe@suse.com
  - The fix for CVE-2012-2110 did not take into account that the
    'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
    int in OpenSSL 0.9.8, making it still vulnerable. Fix by
    rejecting negative len parameter.
    CVE-2012-2131
* Mon Apr 23 2012 gjhe@suse.com
  - fix bug[bnc#758060] - incorrect integer conversions in OpenSSL
    can result in memory corruption.
    and bug[bnc#755395] - libcrypto.so.0.9.8 requires executable stack
    CVE-2012-2110
* Tue Mar 27 2012 gjhe@suse.com
  - fix bug[bnc#749735] - Memory leak when creating public keys.
* Tue Mar 27 2012 gjhe@suse.com
  - fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack
    CVE-2012-0884
* Thu Mar 22 2012 gjhe@suse.com
  - fix bug[bnc#751946] - S/MIME verification may erroneously fail
    CVE-2012-1165
* Wed Mar 21 2012 gjhe@suse.com
  - fix bug[bnc#749213]-Free headers after use in error message
    and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
* Fri Feb 24 2012 gjhe@suse.com
  - fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
    asn1 parser.
    CVE-2006-7250
* Thu Feb 09 2012 draht@suse.de
  - openssl-add_sha256_sha512.diff: Add the SHA256 and SHA512 families
    to the hash algos by default to avoid explicit initialization by
    applications. [bnc#743344]
* Thu Feb 09 2012 gjhe@suse.com
  - fix security bug [bnc#742821] - DTLS DoS Attack
    CVE-2012-0050
* Tue Jan 10 2012 gjhe@suse.com
  - fix security bug [bnc#739719] -  various security issues
    DTLS Plaintext Recovery Attack (CVE-2011-4108)
    Double-free in Policy Checks (CVE-2011-4109)
    Uninitialized SSL 3.0 Padding (CVE-2011-4576)
    Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
    SGC Restart DoS Attack (CVE-2011-4619)
* Tue Dec 27 2011 dmueller@suse.de
  - revert disablement of profile feedback driven optimisation, as
    it causes noticeable performance regressions
* Wed Dec 07 2011 draht@suse.de
  - openssl package must require and prerequire libopenssl0_9_8 of
    same version [bnc#735199].
* Wed Dec 07 2011 draht@suse.de
  - README-FIPS.txt: change occurrences of SP2 to SP1 due to release
    of package in SP1/GU.
* Thu Nov 03 2011 draht@suse.de
  - /usr/share/doc/packages/openssl/README-FIPS.txt added
* Tue Nov 01 2011 draht@suse.de
  - back out unused openssl-fips__0100_FPE_in_tests.diff; fixed by
    openssl-fips__0100_aes_EVP_CIPH_FLAG_FIPS_-_the_fenzke_code.diff
  - openssl-fips__0220_make_hmac_path_return_value_check.diff: failure
    to construct library pathname must result in immediate termination
    in fips mode.
  - openssl-fips__0222_dsa_pqver_fixes.diff: fix for failure in tests:
    format of pqgver dsa test and bignum hex output
  - openssl-fips__0230_sha256_sha512_selftests.diff adds selftests for
    sha2 family sha256 and sha512.
* Thu Oct 20 2011 draht@suse.de
  - openssl-fips__0210_ignore_testvectors_rsa_salt_62.diff replaced
    by openssl-fips__0211_cavs_rsa_testvector_path_adoptions.diff
    adoptions because supplied testvector format is different.
  - openssl-fips__0212_cavs_dsa_missing_PQGVer.diff
    DSA CAVS test PQGVer.req must be executed.
  - endianness compensation for CFB1 not needed after bitlength
    adoption; causes failure in CAVS tests. See
    openssl-fips__0200_CFB1_enable.diff
* Thu Oct 06 2011 draht@suse.de
  - openssl-fips__0220_make_hmac_path_return_value_check.diff makes
    sure that fopen(3) will not receive NULL as argument.
  - indentation in get_library_path(). :)
* Fri Sep 23 2011 draht@suse.de
  - openssl-fips__0200_CFB1_enable.diff turns on CFB1 for CAVS tests.
  - openssl-fips__0210_ignore_testvectors_rsa_salt_62.diff ignore rsa_salt_62
* Tue Sep 20 2011 gjhe@suse.com
  - fix bug[bnc#716144] - VUL-0: openssl ECDH crash.
    CVE-2011-3210
* Thu Sep 15 2011 draht@suse.de
  - openssl-fips__0110_aes_EVP_CIPH_FLAG_FIPS_-_the_fenzke_code.diff
    allows the AES-NI ASM optimizations to work in FIPS mode.
* Sat Aug 13 2011 dmueller@suse.de
  - add baselibs.conf to sources
* Thu Aug 11 2011 draht@suse.de
  - create .hmac files next to the shared libraries for FIPS mode
    integrity check.
* Tue Aug 09 2011 draht@suse.de
  - re-seed the RNG via openssl-fips__0020_rng-seeding.patch
  - openssl-fips__0040_use_fipscheck_internal.diff: Don't do integrity
    checks of the library by hashing portions of object code inside
    a shlib, but do a hash on the entire library.
  - use a sha256, not a sha1, via
    openssl-fips__0045_fipscheck_sha1_sha256.diff
  - fix build of fips/sha/fips_standalone_sha1 by linking to .o files
    that are a result of "enable ASM" above, for x86_64 and x86 only.
    Via openssl-fips__0050_fips_sha_Makefile_CPUID_OBJ.diff
  - for debugging purposes included:
    openssl-fips__0080_fips_fips_c_OPENSSL_FIPS_DEBUG_FIPSCHECK_DISABLE.diff
  - hmac key set to ppaksykemnsecgtsttplmamstKMEs in
    openssl-fips__0090_hmac_key_change.diff . Note: compiled into binaries.
* Tue Aug 09 2011 draht@suse.de
  - enable ASM
  - remove BuildRequires: openssl-fips-objectmodule and build own
    fips code. Package is now code-selfcontained.
  - rename openssl-fipsmode.diff to openssl-fips__0000_fipsmode.diff
  - remove fips vs asm conflict in ./Configure via
    openssl-fips__0010_enable_shared_fips_Configure.diff
* Thu Aug 04 2011 mls@suse.de
  - Update to version 0.9.8j
    * support build with fips container module
    * multiple security fixes
    * enable TLS extensions by default
* Tue Jul 26 2011 gjhe@novell.com
  - add a switch to AESNI implementation, the environment variable is
    OPENSSL_DISABLE_AESNI, if defined, AESNI is disabled, else AESNI
    is enabled.
* Mon Jul 18 2011 xwhu@novell.com
  - fate#311769, fate#311938, optimization for AES-NI, SHA-1, RC4
* Fri Jun 10 2011 gjhe@novell.com
  - Add a switch to compression methords.Switch truned on ,
    compression methods are available;Turn off, compression
    methods are not available.And this is a temporary feature,and
    may be changed by the following updates.
* Mon May 30 2011 gjhe@novell.com
  - fix bug[bnc#693027].
    Add protection against ECDSA timing attacks as mentioned in the paper
    by Billy Bob Brumley and Nicola Tuveri, see:
    http://eprint.iacr.org/2011/232.pdf
    [Billy Bob Brumley and Nicola Tuveri]
* Thu Feb 10 2011 gjhe@novell.com
  - fix bug [bnc#670526]
    CVE-2011-0014,OCSP stapling vulnerability
* Tue Dec 07 2010 gjhe@novell.com
  - fix bug [bnc#657663]
    CVE-2010-4180
    for CVE-2010-4252,no patch is added(for the J-PAKE
    implementaion is not compiled in by default).
* Tue Nov 16 2010 gjhe@novell.com
  - fix bug [bnc#651003]
    CVE-2010-3864
* Mon Sep 27 2010 gjhe@novell.com
  - fix bug [bnc#608666]
* Sun Sep 26 2010 gjhe@novell.com
  - fix bug [bnc#629905]
    CVE-2010-2939
* Wed Mar 31 2010 meissner@suse.de
  - fixed enable-renegoation feature patch, disabled
    old patch for CVE-2009-3555. [bnc#584292]
* Thu Mar 25 2010 gjhe@novell.com
  - fix security bug [bnc#590833]
    CVE-2010-0740
* Fri Mar 12 2010 gjhe@novell.com
  - fix security bug [bnc#587379]
    CVE-2009-3245
* Thu Mar 11 2010 gjhe@novell.com
  - fix security bug [bnc#584292]
    enable security renegotiation
    and add support for DTLS renegotiation.
* Wed Mar 10 2010 gjhe@novell.com
  - fix security bug [bnc#467437]
    this patch fix both bug [bnc#467437] and bug [bnc#430141],
    and backport patch func-parm-err.patch
* Thu Feb 18 2010 rguenther@suse.de
  - fix bogus inline assembly for s390x [bnc#457410, bnc#442740]
  - re-enable optimization of md4 and ripemd
* Fri Jan 15 2010 gjhe@suse.de
  - fix security bug [bnc#566238]
    CVE-2009-4355
* Thu Nov 12 2009 gjhe@suse.de
  - fix security bug [bnc#553641]
    CVE-2009-3555
* Wed Jun 10 2009 gjhe@suse.de
  - fix security bug [bnc#509031]
    CVE-2009-1386
    CVE-2009-1387
* Fri May 22 2009 gjhe@suse.de
  - fix security bug [bnc#504687]
    CVE-2009-1377
    CVE-2009-1378
    CVE-2009-1379
* Wed Apr 15 2009 gjhe@suse.de
  - fix security bug [bnc#489641]
    CVE-2009-0591
    CVE-2009-0590
    CVE-2009-0789

Files

/usr/bin/fips_standalone_sha1
/usr/lib/.libcrypto.so.0.9.8.hmac
/usr/lib/.libssl.so.0.9.8.hmac
/usr/lib/engines098
/usr/lib/engines098/lib4758cca.so
/usr/lib/engines098/libaep.so
/usr/lib/engines098/libatalla.so
/usr/lib/engines098/libcapi.so
/usr/lib/engines098/libchil.so
/usr/lib/engines098/libcswift.so
/usr/lib/engines098/libgmp.so
/usr/lib/engines098/libnuron.so
/usr/lib/engines098/libsureware.so
/usr/lib/engines098/libubsec.so
/usr/lib/libcrypto.so.0.9.8
/usr/lib/libssl.so.0.9.8
/usr/share/doc/packages/libopenssl0_9_8
/usr/share/doc/packages/libopenssl0_9_8/CHANGES
/usr/share/doc/packages/libopenssl0_9_8/CHANGES.SSLeay
/usr/share/doc/packages/libopenssl0_9_8/INSTALL
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.DJGPP
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.MacOS
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.NW
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.OS2
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.VMS
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.W32
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.W64
/usr/share/doc/packages/libopenssl0_9_8/INSTALL.WCE
/usr/share/doc/packages/libopenssl0_9_8/LICENSE
/usr/share/doc/packages/libopenssl0_9_8/NEWS
/usr/share/doc/packages/libopenssl0_9_8/README
/usr/share/doc/packages/libopenssl0_9_8/README-FIPS.txt
/usr/share/doc/packages/libopenssl0_9_8/README.SUSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jan 10 07:04:51 2020