Репозитории ALT
5.1: | 0.9.8p-alt0.M51.1 |
4.1: | 0.9.8d-alt4.M41.2 |
4.0: | 0.9.8d-alt4 |
+updates: | 0.9.8d-alt4 |
Группа :: Система/Основа
Пакет: openssl098
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
30 мая 2012 Gleb F-Malinovskiy <glebfm at altlinux.org> 0.9.8d-alt4.M41.2
- 4.1 security update (fix CVE-2011-4109 CVE-2011-4576 CVE-2011-4619
CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2333)
- CVE-2008-5077
CVE-2009-0590
CVE-2009-0789
DTLS fixes.
CVE-2009-3555
CVE-2009-3245
CVE-2009-4355
CVE-2010-0433
CVE-2010-4180
- Backported upstream fix for off-by-one bug in the
SSL_get_shared_ciphers() function (CVE-2007-5135).
- Fixed side-channel attack on private keys
(CVE-2007-3108, RH#245732, http://cvs.openssl.org/chngview?cn=16275). - Mitigated branch prediction attacks
(RH#250573, http://cvs.openssl.org/chngview?cn=16077). - Changed SSL/TLS server implementation to be stricter about session ID
context matching (RH#233599, http://cvs.openssl.org/chngview?cn=16006).
- Moved a bundle of X.509 certificates of public Certificate
Authorities (CA) from openssl package to separate ca-certificates
package. - Moved /var/lib/ssl/{openssl.cnf,cert.pem} from openssl subpackage
to libssl6 subpackage.
- openssl: Updated to 0.9.8d.
- TSA patch: Updated to 20060923 (still not applied by default).
- Asymm patch: Updated to 20061110 (still not applied by default).
- Packaged engine and tsget in separate subpackages.
- Makefile.certificate, ca-bundle.crt: Updated from FC.
- Updated FC specific patches from 0.9.8b-12.
- Renamed subpackage according to soname change: libssl4 -> libssl6.
- Updated upstream bss_conn.c fix.
- Renamed srpm: openssl -> openssl097.
- Renamed subpackage: libssl -> libssl4.
- Applied upstream fixes for DoS bugs in ASN1 parser
(CVE-2006-2937, CVE-2006-2940). - Applied fix for buffer overflow in SSL_get_shared_ciphers(),
discovery and patch from Tavis Ormandy and Will Drewry of the
Google Security Team (CVE-2006-3738). - Applied fix for possible DoS in the sslv2 client code,
discovery and patch from Tavis Ormandy and Will Drewry of the
Google Security Team (CVE-2006-4343). - Build this package without optimizations based on strict aliasing rules.
- Applied upstream patch to avoid RSA signature forgery (CVE-2006-4339).
- Applied upstream fix for potential SSL 2.0 rollback
during SSL handshake (CAN-2005-2969).
- Minor package cleanup.
- Removed those of RH patches which I do not like.
- Rediffed patches and renamed them accourding to the packaging policy.
- Relocated development manpages from libssl-devel subpackage to
openssl-doc subpackage.
- Added multilib support
- Incorporated patches from Fedora.
- Changed certs dir to be more useful.
- Added provides/requires for tsa (for future use).
- Updated to 0.9.7g.
- Made split build (with/without tsa patch).
- Test build with 0.9.7e.
- Added timestamping support patch.
- Updated to 0.9.7d.
- Reviewed patches.
- Applied RH's soname convention.
- Updated to 0.9.6m.
- Fixed null-pointer assignment during SSL handshake
(CAN-2004-0079).
- Updated to 0.9.6l.
- For non-i386 ix86 platforms, relaxed textrel check.
- Updated to 0.9.6k:
+ Fix various ASN1 parsing bugs.
+ SSL/TLS protocol fix for unrequested client certificates.
- Fixed linux-elf-arm architecture support (sbolshakov@, #2804).
- Shared /usr/bin/openssl-config between openssl and
libssl-devel subpackages (fixes #2806).
- Updated to 0.9.6j.
- Applied patch against Klima-Pokorny-Rosa attack.
- Applied blinding patch from OpenSSL team,
to defend against timing attack on RSA keys.
- Updated to 0.9.6i.
- Updated to 0.9.6h.
- Merged Owl changes:
* Fri Nov 15 2002 Solar Designer <solar@owl.openwall.com> - Dropped the patch removing -Wl,-Bsymbolic which is no longer needed with
0.9.6g and/or after dropping the explicit "make build-shared". - Dropped RSAref stuff.
- Fixed glibc/crypto compatibility patch.
- Fixed libssl linkage:
Don't do an explicit "make build-shared", it's not needed and
could only cause harm (link libssl against libcrypto statically). - FHS fixes (#0000915):
+ changed %openssldir from /usr/lib/ssl to /var/lib/ssl;
+ moved openssl.cnf from %openssldir/ to /etc/openssl/;
+ on upgrade, copy old %openssldir to new location;
+ added openssl-config script to provide current %openssldir location. - Renamed openssl-devel subpackage to libssl-devel.
- Renamed openssl-devel-static subpackage to libssl-devel-static.
- 0.9.6g; asn1_lib patch merged upstream.
- Updated to 0.9.6e, recent security patch merged upstream.
- Added two post-0.9.6e changes from the CVS which correct the recent ASN.1
parsing vulnerability fixes (Owl).
- Updated to 0.9.6e, dropping the shared-on-SPARC and the official
security patches (both are now included).
- Various security fixes (see CHANGES).
- Updated to 0.9.6d.
- Added a patch by Ben Laurie for "openssl dgst" to behave on read errors.
- Properly restrict the instruction set in assembly code when building for i386 (Owl).
- Fixed /usr/bin/openssl linkage.
- Relocate shared libs to /lib/.
- libssl: Conflicts: %name < %version-%release.
- 0.9.6c
- Relocated docs.
- 0.9.6b
- Changed two memcpy() calls to memmove() (nalin).
- Added a script for creating dummy certificates (nalin).
- 0.9.6a
- Keep standard soname scheme.
- Do not provide crypt symbol (solar).
- Use __libc_enable_secure variable (solar).
- Link /usr/bin/openssl dinamically with shared libraries from libssl subpackage (solar).
- Moved shared libraries to libssl subpackage.
- Moved static libraries to devel-static subpackage.
- 0.9.6
- 0.9.5a
- separate openssl-doc package
- 0.9.5
- Fandra adaptions
- [0.9.4-3]
- config file moved to /var/ssl due to problems when it stays in /etc
- [0.9.4-2]
- the source rpm was corrupt, so this is just a rerelase
- [0.9.4-1]
- [0.9.3a-1]
- several changes