Tomáš Mráz
|
5980c2800d
|
- merge review fixes (#226220)
- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)
|
2008-01-25 16:44:05 +00:00 |
|
Tomáš Mráz
|
d8cd5c45d8
|
- set default paths when no explicit paths are set (#418771)
- do not add tls extensions to client hello for SSLv3 (#422081)
|
2007-12-13 17:16:43 +00:00 |
|
Tomáš Mráz
|
2a80bfda1d
|
- enable some new crypto algorithms and features
- add some more important bug fixes from openssl CVS
|
2007-12-03 19:57:11 +00:00 |
|
Tomáš Mráz
|
139aecb45e
|
- we have Dec now and not Nov
|
2007-12-03 15:26:28 +00:00 |
|
Tomáš Mráz
|
3849a1678a
|
- update to latest upstream release, SONAME bumped to 7
|
2007-12-03 14:24:08 +00:00 |
|
jorton
|
6427162702
|
- update to new CA bundle from mozilla.org
|
2007-10-15 15:20:47 +00:00 |
|
Tomáš Mráz
|
873b8d554b
|
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
- add alpha sub-archs (#296031)
|
2007-10-12 12:17:08 +00:00 |
|
Tomáš Mráz
|
65e6d90529
|
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
- add alpha sub-archs (#296031)
|
2007-10-12 12:16:00 +00:00 |
|
Tomáš Mráz
|
568fd16a03
|
- rebuild
|
2007-08-21 19:42:52 +00:00 |
|
Tomáš Mráz
|
aa64c417f5
|
- use localhost in testsuite, hopefully fixes slow build in koji
- CVE-2007-3108 - fix side channel attack on private keys (#250577)
- make ssl session cache id matching strict (#233599)
|
2007-08-03 12:16:54 +00:00 |
|
Tomáš Mráz
|
b191bc7a11
|
- allow building on ARM architectures (#245417)
- use reference timestamps to prevent multilib conflicts (#218064)
- -devel package must require pkgconfig (#241031)
|
2007-07-25 13:37:15 +00:00 |
|
Tomáš Mráz
|
fba756feb1
|
- detect duplicates in add_dir properly (#206346)
|
2006-12-11 19:46:13 +00:00 |
|
Tomáš Mráz
|
4ca06fa547
|
- the previous change still didn't make X509_NAME_cmp transitive
|
2006-11-30 23:10:43 +00:00 |
|
Tomáš Mráz
|
f0fb64db28
|
- make X509_NAME_cmp transitive otherwise certificate lookup is broken
(#216050)
- Resolves: rhbz#216050
|
2006-11-23 20:38:24 +00:00 |
|
Tomáš Mráz
|
a99897e811
|
- aliasing bug in engine loading, patch by IBM (#213216)
|
2006-11-02 21:16:00 +00:00 |
|
Tomáš Mráz
|
98d8457650
|
- CVE-2006-2940 fix was incorrect (#208744)
|
2006-10-02 08:37:59 +00:00 |
|
Tomáš Mráz
|
6dc7017559
|
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
|
2006-09-28 19:59:16 +00:00 |
|
Tomáš Mráz
|
cd294fcd2a
|
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
|
2006-09-28 19:58:49 +00:00 |
|
Tomáš Mráz
|
ba40f6bb66
|
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
|
2006-09-05 13:44:39 +00:00 |
|
Tomáš Mráz
|
2020821670
|
- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)
patch by IBM
|
2006-08-02 18:18:43 +00:00 |
|
aoliva
|
c1d3bf9a12
|
- rebuild with new binutils (#200330)
|
2006-07-29 02:54:33 +00:00 |
|
Tomáš Mráz
|
e9887c37ef
|
- add a temporary workaround for sha512 test failure on s390 (#199604)
|
2006-07-21 08:28:43 +00:00 |
|
Tomáš Mráz
|
4d4d77e68c
|
- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)
- add patches for BN threadsafety, AES cache collision attack hazard fix
and pkcs7 code memleak fix from upstream CVS
|
2006-07-20 12:58:48 +00:00 |
|
Jesse Keating
|
a362beea0e
|
bumped for rebuild
|
2006-07-12 07:35:49 +00:00 |
|
Tomáš Mráz
|
6b8c7ea159
|
- dropped libica and ica engine from build
|
2006-06-21 21:14:05 +00:00 |
|
jorton
|
24c8087012
|
- update to new CA bundle from mozilla.org; adds CA certificates from
netlock.hu and startcom.org
|
2006-06-21 12:49:44 +00:00 |
|
Tomáš Mráz
|
810d3c4e49
|
- add export
|
2006-06-06 12:03:44 +00:00 |
|
Tomáš Mráz
|
50ec471f0f
|
- libica: add path to openssl headers for compilation in mock
|
2006-06-06 10:51:31 +00:00 |
|
Tomáš Mráz
|
499412dfe4
|
- fixed a few rpmlint warnings
- better fix for #173399 from upstream
- upstream fix for pkcs12
|
2006-06-05 13:55:51 +00:00 |
|
Tomáš Mráz
|
340dc6a41e
|
- there is no more linux/config.h (it was empty anyway)
|
2006-05-11 12:21:42 +00:00 |
|
Tomáš Mráz
|
bf80fa7d8e
|
- upgrade to new version, stays ABI compatible
|
2006-05-11 11:52:19 +00:00 |
|
Tomáš Mráz
|
6f11ea3f44
|
- fix stale open handles in libica (#177155)
- fix build if 'rand' or 'passwd' in buildroot path (#178782)
- initialize VIA Padlock engine (#186857)
|
2006-04-04 17:45:56 +00:00 |
|
Jesse Keating
|
8c34b0921c
|
bump for bug in double-long on ppc(64)
|
2006-02-11 04:53:59 +00:00 |
|
Jesse Keating
|
95579342d3
|
bump for new gcc/glibc
|
2006-02-07 13:22:17 +00:00 |
|
Tomáš Mráz
|
f1d9cb4f96
|
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL
(#175779)
|
2005-12-15 10:45:33 +00:00 |
|
Jesse Keating
|
6a4a9c2005
|
gcc update bump
|
2005-12-09 22:42:35 +00:00 |
|
Tomáš Mráz
|
feb192463e
|
- fix build (-lcrypto was erroneusly dropped) of the updated libica
- updated ICA engine to 1.3.6-rc3
|
2005-11-29 11:52:11 +00:00 |
|
Tomáš Mráz
|
eba5bcbbc4
|
- disable builtin compression methods for now until they work properly
(#173399)
|
2005-11-22 15:36:57 +00:00 |
|
Tomáš Mráz
|
20e19070fe
|
- don't set -rpath for openssl binary
|
2005-11-16 21:45:59 +00:00 |
|
Tomáš Mráz
|
e96bebc853
|
- new upstream version
- patches partially renumbered
|
2005-11-08 13:52:29 +00:00 |
|
Tomáš Mráz
|
2099136c66
|
- updated IBM ICA engine library and patch to latest upstream version
|
2005-10-21 13:48:38 +00:00 |
|
Tomáš Mráz
|
b073820eb5
|
- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables
the countermeasure against man in the middle attack in SSLv2 (#169863)
- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)
|
2005-10-12 12:01:16 +00:00 |
|
Tomáš Mráz
|
86877cdfc8
|
- add *.so.soversion as symlinks in /lib (#165264)
- remove unpackaged symlinks (#159595)
- fixes from upstream (constant time fixes for DSA, bn assembler div on ppc
arch, initialize memory on realloc)
|
2005-08-23 15:28:52 +00:00 |
|
Phil Knirsch
|
95f9154b19
|
- Updated ICA engine IBM patch to latest upstream version.
|
2005-08-11 10:16:19 +00:00 |
|
Karsten Hopp
|
655f2e498a
|
make it build with current rpm - remove symlinks
|
2005-08-03 13:30:46 +00:00 |
|
Tomáš Mráz
|
784dc22c4c
|
- fix CAN-2005-0109 - use constant time/memory access mod_exp so bits of
private key aren't leaked by cache eviction (#157631)
- a few more fixes from upstream 0.9.7g
|
2005-05-19 09:17:54 +00:00 |
|
Tomáš Mráz
|
4e6a921995
|
- use poll instead of select in rand (#128285)
- fix Makefile.certificate to point to /etc/pki/tls
- change the default string mask in ASN1 to PrintableString+UTF8String
|
2005-04-27 10:48:43 +00:00 |
|
jorton
|
9c01f4a254
|
- update to revision 1.37 of Mozilla CA bundle
|
2005-04-25 09:06:16 +00:00 |
|
Tomáš Mráz
|
79f559a35a
|
- move certificates to _sysconfdir/pki/tls (#143392)
- move CA directories to _sysconfdir/pki/CA
- patch the CA script and the default config so it points to the CA
directories
|
2005-04-21 20:22:55 +00:00 |
|
Tomáš Mráz
|
1d982a09cd
|
- uninitialized variable mustn't be used as input in inline assembly
- reenable the x86_64 assembly again
|
2005-04-01 16:19:34 +00:00 |
|