Group :: System/Base
RPM: openssl3
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
19 september 2023 Gleb F-Malinovskiy <glebfm at altlinux.org> 3.1.3-alt1
- Updated to 3.1.3 (fixes CVE-2023-4807).
- Updated to 3.1.2 (fixes CVE-2023-2975, CVE-2023-3446, and CVE-2023-3817).
- libcrypto3: updated the version of the conflict with the libcrypto10 package
(from "< 1.0.2r-alt3" to "< 1.0.3"), to match all possible versions of
OpenSSL 1.0.2, as long as the synchronization of the openssl.cnf
configuration file is not planned for this older version.
- Merged the openssl-providers subpackage into the libcrypto3 subpackage.
- openssl: packaged /var/lib/ssl/misc directory.
- libcrypto3: updated the version of the conflict with libcrypto10 package
(1.0.2q-alt1 -> 1.0.2r-alt3).
- Updated to 3.1.1.
- Relocated the directories /var/lib/ssl/certs and /var/lib/ssl/private from
the openssl subpackage to the libcrypto3 subpackage.
- Updated to 1.1.1u (fixes CVE-2023-2650).
- Updated from upstream OpenSSL_1_1_1-stable branch (commit
OpenSSL_1_1_1t-22-g8ddacec114). - Fixed version 1.1.1u-dev -> 1.1.1t.
- Updated from upstream OpenSSL_1_1_1-stable branch (commit
OpenSSL_1_1_1t-22-g8ddacec114) (fixes CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466). - spec: added support for loongarch64 architecture (ALT#45583)
(thx Alexey Sheplyakov).
- Updated to 1.1.1t (fixes CVE-2023-0286, CVE-2023-0215, CVE-2022-4450,
CVE-2022-4304).
- Updated to 1.1.1q (fixes CVE-2022-2068).
- Updated to 1.1.1p (fixes CVE-2022-1292, CVE-2022-2068).
- Backported upstream fix for engine version check (ALT#42274).
- Updated to 1.1.1n (fixes CVE-2022-0778).
- Updated to 1.1.1m.
- FTBFS: fixed build with lto.
- Updated to 1.1.1l (fixes CVE-2021-3711, CVE-2021-3712).
- Updated to 1.1.1k (fixes CVE-2021-3450, CVE-2021-3449).
- Updated to 1.1.1j (fixes CVE-2021-23840, CVE-2021-23841).
- E2K: Fixed makecontext handling.
- Backported upstream fix for GH#13739.
- Updated to 1.1.1i (fixes CVE-2020-1971).
- Updated to 1.1.1h.
- Updated to 1.1.1g (fixes CVE-2019-1551, CVE-2020-1967).
- Fixed build --without check.
- Updated to 1.1.1d (fixes CVE-2019-1543, CVE-2019-1549, CVE-2019-1563,
CVE-2019-1547, CVE-2019-1552). - Changed License: tag to SPDX identifier of actual openssl license.
- Readded %_bindir/openssl-config to openssl subpackage (removed in
1.1.1b-alt1 release by mistake). - Added %e2k arch support (bircoph@).
- Updated to v1.1.1b.
- libcrypto1.1: add C: libcrypto10 <= 1.0.2q-alt1.
- Backport new gost algorithm identificators from upstream.
- Updated to v1.1.0j.
- Updated to v1.1.0i.
- Updated to v1.0.2o (fixes CVE-2018-0739).
- Updated to v1.0.2n (fixes CVE-2017-3737, CVE-2017-3738).
- Added --disable tsget knob.
- Added support of s390x and mips* architectures.
- Updated to v1.0.2m (fixes CVE-2017-3735, CVE-2017-3736).
- Updated to v1.0.2k (fixes CVE-2016-7055, CVE-2017-3731, CVE-2017-3732).
- Updated to v1.0.2j (fixes CVE-2016-6309).
- Updated to 1.0.2i (fixes CVE-2016-2177, CVE-2016-2179,
CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183,
CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306).
- Backported upstream fix for CVE-2016-2178.
- Updated to 1.0.2h (fixes CVE-2016-2105 CVE-2016-2106 CVE-2016-2107
CVE-2016-2109 CVE-2016-2176).
- Updated to 1.0.2g (fixes CVE-2016-0701 CVE-2016-0702
CVE-2016-0705 CVE-2016-0797 CVE-2016-0798
CVE-2016-0799 CVE-2016-0800). - Added default ciphers to system profile.
- Updated to 1.0.2f (fixes CVE-2015-3197 CVE-2016-0701).
- libcrypto10: added conflict: libcrypto7, libssl7
(due to openssl.cnf; ALT#31671).
- Updated to 1.0.2e.
- Updated patches from Fedora openssl-1.0.2e-4.
- Added support of system profile for default cipher list.
- Disabled support of updating from openssl <= 0.9.6g-alt2.
- Updated openssl-alt-config.patch:
+ [ CA_default ] default_md = sha1 -> sha256.
+ [ req ] default_md = sha1 -> sha256.
+ [ tsa_config1 ] digests = md5, sha1 -> sha1, sha256, sha384, sha512.
- Updated to 1.0.1q (CVE-2015-1788 CVE-2015-3196 CVE-2015-3195
CVE-2015-3194).
- Fixed CVE-2015-1793.
- Fixed CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792,
CVE-2015-0209, CVE-2015-4000.
- Fixed CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,
CVE-2015-0289, CVE-2015-0293.
- Updated to 1.0.1k (fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569,
CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275,
CVE-2014-3570) (closes: 30644).
- Build with enable-ec_nistp_64_gcc_128 on architectures where
gcc supports __uint128_t (closes: #30625).
- Updated to 1.0.1j (fixes CVE-2014-3512, CVE-2014-3511, CVE-2014-3510,
CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509,
CVE-2014-5139, CVE-2014-3508, CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566, CVE-2014-3568). - Updated patches from Fedora openssl-1.0.1j-2.
- kssl.h: include <krb5/krb5.h> instead of <krb5/krb5/krb5.h> (ldv@).
- Updated to 1.0.1h (fixes CVE-2014-0224, CVE-2014-022, CVE-2014-019,
CVE-2014-347, and CVE-2010-5298).
- Updated to 1.0.1g (fixes CVE-2014-0076 and CVE-2014-0160).
- Made 3DES strength to be 128 bits instead of 168 (RH#1056616).
- Dropped delusive compatibility with alien libssl packages.
- Updated to 1.0.1f
(fixes CVE-2013-4353, CVE-2013-6449, and CVE-2013-6450).
- Updated to OpenSSL_1_0_1e-21-g0e9dd38.
- Updated patches from Fedora openssl-1.0.1e-4.
- Changed section where tests are run from %build to %check.
- Updated to OpenSSL_1_0_0k-15-g0e05f88
(fixes CVE-2013-0166 and CVE-2013-0169).
- Updated to 1.0.0j (fixes CVE-2012-2333).
- Updated to 1.0.0i (fixes CVE-2012-2110).
- Updated to 1.0.0h (fixes CVE-2012-0050, CVE-2012-0884 and other bugs).
- Updated to 1.0.0f (fixes multiple CVEs).
- Updated to 1.0.0e (fixes CVE-2011-3207).
- In pkgconfig files, moved -ldl -lz to Libs.private.
- Updated to 1.0.0d (fixes CVE-2011-0014).
- Updated to 1.0.0c (fixes CVE-2010-4180).
- Updated to 1.0.0b (fixes CVE-2010-2939 and CVE-2010-3864).
- Hardened conflict with incompatible libssl6 (closes: #24195).
- Updated to 1.0.0a.
- Merged with FC openssl-1.0.0a-3.
- openssl.cnf: Updated from openssl-1.0.0a, merged with FC.
- Updated to 0.9.8o (fixes CVE-2010-0742).
- Fixed ssl/dtls1.h ABI breakage introduced in 0.9.8m.
- Fixed 0.9.8m build regression on architectures where %_lib != lib.
- Updated to 0.9.8n (fixes CVE-2010-0740 and CVE-2010-0433).
- Updated to 0.9.8m with security fixes and improvements, including:
+ CVE-2009-3245, CVE-2008-1678
+ CVE-2009-1377, CVE-2009-1378, CVE-2009-1379
+ CVE-2009-1387 (closes: #20280)
+ CVE-2009-4355 (closes: #22817, #23037)
+ patch for Cisco VPN client DTLS
- Added extra symlinks and Provides for backwards compatibility
with Mandriva's openssl.
- Relocated backwards compatibility symlinks from /lib64 to /usr/lib64.
- Fixed backwards compatibility Provides on x86-64.
- Built for target linux-generic32 on ARM.
- Applied upstream crypto/{md5,sha1} build fixes (by Evgeny Sinelnikov
and Kirill A. Shutemov). - Applied upstream compatibility patch for Cisco VPN client DTLS
(closes: #22615).
- Updated to 0.9.8l with security fixes and improvements.
- Includes CVE-2009-3555
- Relocated /etc/openssl and /var/lib/ssl from
libssl7 subpackage to libcrypto7 subpackage.
- Packaged libcrypto shared library into separate subpackage
to break dependency loop (closes: #20175). - Packaged doc subpackage as noarch.
- Fixed backwards compatibility symlink added in previous build.
- Added extra symlinks for backwards compatibility with Fedora's libssl8.
- Backported security updates from 0.9.8l:
CVE-2009-1377, CVE-2009-1378, CVE-2009-1379
- Updated to new 0.9.8k includes security fixes and improvements
- Includes CVE-2009-0789, CVE-2009-0591, CVE-2009-0590
- Updated to 0.9.8j includes properly check EVP_VerifyFinal() and
similar return values (CVE-2008-5077)
- Added patch with pkcs12 fix for '-name' option
- Rebuilt without obsolete %post/%postun calls
- Updated to 0.9.8i
- Fixed KRB5 cipher crash for FQDN not equal SPN's FQDN at keytab.
Resolved with fixing checks at kssl_keytab_is_available()
- Updated dependencies (Alexey Tourbin).
- Added workaround for krb5.h inclusion.
- Fixed patches
+ At openssl-0.9.8g-rh-alt-soversion.patch SHLIB_SOVERSION set to 7
+ openssl-0.9.8g-rh-shlib-version.patch changed to openssl-0.9.8h-alt-shlib-version.patch
- Updated to new release
- Removed old fixes
- Prepared to Sisyphus release
- Added openssl-krb providing
- Changed soname
+ Renamed libssl6 to libssl7
- Updated to 0.9.8g
- Removed old patches and got new from Fedora
- Add rfc2712 support with MIT Kerberos.
- Backported upstream fix for off-by-one bug in the
SSL_get_shared_ciphers() function (CVE-2007-5135).
- Fixed side-channel attack on private keys
(CVE-2007-3108, RH#245732, http://cvs.openssl.org/chngview?cn=16275). - Mitigated branch prediction attacks
(RH#250573, http://cvs.openssl.org/chngview?cn=16077). - Changed SSL/TLS server implementation to be stricter about session ID
context matching (RH#233599, http://cvs.openssl.org/chngview?cn=16006).
- Moved a bundle of X.509 certificates of public Certificate
Authorities (CA) from openssl package to separate ca-certificates
package. - Moved /var/lib/ssl/{openssl.cnf,cert.pem} from openssl subpackage
to libssl6 subpackage.
- openssl: Updated to 0.9.8d.
- TSA patch: Updated to 20060923 (still not applied by default).
- Asymm patch: Updated to 20061110 (still not applied by default).
- Packaged engine and tsget in separate subpackages.
- Makefile.certificate, ca-bundle.crt: Updated from FC.
- Updated FC specific patches from 0.9.8b-12.
- Renamed subpackage according to soname change: libssl4 -> libssl6.
- Updated upstream bss_conn.c fix.
- Renamed srpm: openssl -> openssl097.
- Renamed subpackage: libssl -> libssl4.
- Applied upstream fixes for DoS bugs in ASN1 parser
(CVE-2006-2937, CVE-2006-2940). - Applied fix for buffer overflow in SSL_get_shared_ciphers(),
discovery and patch from Tavis Ormandy and Will Drewry of the
Google Security Team (CVE-2006-3738). - Applied fix for possible DoS in the sslv2 client code,
discovery and patch from Tavis Ormandy and Will Drewry of the
Google Security Team (CVE-2006-4343). - Build this package without optimizations based on strict aliasing rules.
- Applied upstream patch to avoid RSA signature forgery (CVE-2006-4339).
- Applied upstream fix for potential SSL 2.0 rollback
during SSL handshake (CAN-2005-2969).
- Minor package cleanup.
- Removed those of RH patches which I do not like.
- Rediffed patches and renamed them accourding to the packaging policy.
- Relocated development manpages from libssl-devel subpackage to
openssl-doc subpackage.
- Added multilib support
- Incorporated patches from Fedora.
- Changed certs dir to be more useful.
- Added provides/requires for tsa (for future use).
- Updated to 0.9.7g.
- Made split build (with/without tsa patch).
- Test build with 0.9.7e.
- Added timestamping support patch.
- Updated to 0.9.7d.
- Reviewed patches.
- Applied RH's soname convention.
- Updated to 0.9.6m.
- Fixed null-pointer assignment during SSL handshake
(CAN-2004-0079).
- Updated to 0.9.6l.
- For non-i386 ix86 platforms, relaxed textrel check.
- Updated to 0.9.6k:
+ Fix various ASN1 parsing bugs.
+ SSL/TLS protocol fix for unrequested client certificates.
- Fixed linux-elf-arm architecture support (sbolshakov@, #2804).
- Shared /usr/bin/openssl-config between openssl and
libssl-devel subpackages (fixes #2806).
- Updated to 0.9.6j.
- Applied patch against Klima-Pokorny-Rosa attack.
- Applied blinding patch from OpenSSL team,
to defend against timing attack on RSA keys.
- Updated to 0.9.6i.
- Updated to 0.9.6h.
- Merged Owl changes:
* Fri Nov 15 2002 Solar Designer <solar@owl.openwall.com> - Dropped the patch removing -Wl,-Bsymbolic which is no longer needed with
0.9.6g and/or after dropping the explicit "make build-shared". - Dropped RSAref stuff.
- Fixed glibc/crypto compatibility patch.
- Fixed libssl linkage:
Don't do an explicit "make build-shared", it's not needed and
could only cause harm (link libssl against libcrypto statically). - FHS fixes (#0000915):
+ changed %openssldir from /usr/lib64/ssl to /var/lib/ssl;
+ moved openssl.cnf from %openssldir/ to /etc/openssl/;
+ on upgrade, copy old %openssldir to new location;
+ added openssl-config script to provide current %openssldir location. - Renamed openssl-devel subpackage to libssl-devel.
- Renamed openssl-devel-static subpackage to libssl-devel-static.
- 0.9.6g; asn1_lib patch merged upstream.
- Updated to 0.9.6e, recent security patch merged upstream.
- Added two post-0.9.6e changes from the CVS which correct the recent ASN.1
parsing vulnerability fixes (Owl).
- Updated to 0.9.6e, dropping the shared-on-SPARC and the official
security patches (both are now included).
- Various security fixes (see CHANGES).
- Updated to 0.9.6d.
- Added a patch by Ben Laurie for "openssl dgst" to behave on read errors.
- Properly restrict the instruction set in assembly code when building for i386 (Owl).
- Fixed /usr/bin/openssl linkage.
- Relocate shared libs to /lib/.
- libssl: Conflicts: %name < %version-%release.
- 0.9.6c
- Relocated docs.
- 0.9.6b
- Changed two memcpy() calls to memmove() (nalin).
- Added a script for creating dummy certificates (nalin).
- 0.9.6a
- Keep standard soname scheme.
- Do not provide crypt symbol (solar).
- Use __libc_enable_secure variable (solar).
- Link /usr/bin/openssl dinamically with shared libraries from libssl subpackage (solar).
- Moved shared libraries to libssl subpackage.
- Moved static libraries to devel-static subpackage.
- 0.9.6
- 0.9.5a
- separate openssl-doc package
- 0.9.5
- Fandra adaptions
- [0.9.4-3]
- config file moved to /var/ssl due to problems when it stays in /etc
- [0.9.4-2]
- the source rpm was corrupt, so this is just a rerelase
- [0.9.4-1]
- [0.9.3a-1]
- several changes