b825afeee6- update to final 1.0.0 upstream release
Tomáš Mráz
2010-03-30 11:48:30 +0000
f07ff38d38- update to final 1.0.0 upstream release
Tomáš Mráz
2010-03-30 09:57:36 +0000
fa66cf4b52- update to final 1.0.0 upstream release
Tomáš Mráz
2010-03-30 09:37:41 +0000
129cd80b24Initialize branch F-13 for openssl
Jesse Keating
2010-02-17 02:17:55 +0000
7c4ab8ff8e- make TLS work in the FIPS mode
Tomáš Mráz
2010-02-16 23:21:07 +0000
ad8308995b- make TLS work in the FIPS mode
Tomáš Mráz
2010-02-16 22:54:12 +0000
bffe20438c- gracefully handle zero length in assembler implementations of OPENSSL_cleanse (#564029) - do not fail in s_server if client hostname not resolvable (#561260)
Tomáš Mráz
2010-02-12 17:20:50 +0000
ae5568515b- new upstream release
Tomáš Mráz
2010-01-21 08:12:12 +0000
79249339a7- fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling
Tomáš Mráz
2010-01-14 08:57:34 +0000
7f0747ce73- add support for Intel AES-NI
Tomáš Mráz
2010-01-13 09:21:02 +0000
2d6ef07fa3- upstream fix compression handling on session resumption - various null checks and other small fixes from upstream - upstream changes for the renegotiation info according to the latest draft
Tomáš Mráz
2010-01-07 22:43:57 +0000
e8799f082e- fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS
Tomáš Mráz
2009-12-15 18:12:29 +0000
30ef066514Fix typo that causes a failure to update the common directory. (releng #2781)
Bill Nottingham
2009-11-26 01:24:58 +0000
7f87929b98Fix typo that causes a failure to update the common directory. (releng #2781)
Bill Nottingham
2009-11-25 22:56:35 +0000
5845987ab4- fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS
Tomáš Mráz
2009-11-23 07:54:08 +0000
c9026def03- add better error reporting for the unsafe renegotiation
Tomáš Mráz
2009-11-20 17:30:27 +0000
359f84cd81- fix build on s390x
Tomáš Mráz
2009-11-20 09:27:16 +0000
e88edba9c7- disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot
Tomáš Mráz
2009-11-18 14:03:10 +0000
5b761f5986- disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot
Tomáš Mráz
2009-11-18 13:14:13 +0000
6b512f3414- add missing patch
Tomáš Mráz
2009-11-13 13:22:59 +0000
5404b48738- keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check
Tomáš Mráz
2009-11-13 12:46:47 +0000
982ac6e5f9- keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check
Tomáš Mráz
2009-11-13 12:11:41 +0000
a9fcedd3fb- keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check
Tomáš Mráz
2009-11-13 11:45:07 +0000
27847ae318- update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final.
Tomáš Mráz
2009-11-12 21:15:24 +0000
654ccf4a2f- add fix to compile on new binutils
Tomáš Mráz
2009-11-12 16:27:52 +0000
aabbc9ad89- update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final.
Tomáš Mráz
2009-11-12 15:51:40 +0000
a650e4abcb- fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342)
Tomáš Mráz
2009-10-16 11:40:27 +0000
e0fe963bd1- fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342)
Tomáš Mráz
2009-10-16 11:28:02 +0000
5c062c1ba9- fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION()
Tomáš Mráz
2009-10-08 19:01:43 +0000
1a303f4853- fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION()
Tomáš Mráz
2009-10-08 18:45:10 +0000
0d4bee2e57- fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127)
Tomáš Mráz
2009-09-30 18:34:35 +0000
75f7276f8b- fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127)
Tomáš Mráz
2009-09-30 18:18:48 +0000
ac2b786dc8Initialize branch F-12 for openssl
Jesse Keating
2009-09-29 05:49:00 +0000
d01d89f81d- do not build special 'optimized' versions for i686, as that's the base arch in Fedora now
Bill Nottingham
2009-07-22 15:57:43 +0000
ed645aa98f- abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101)
Tomáš Mráz
2009-07-01 09:52:07 +0000
05a8f32a5e- abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101)
Tomáš Mráz
2009-06-30 14:20:37 +0000
44abf9d002- abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101)
Tomáš Mráz
2009-06-30 11:17:45 +0000
387d98c6e7- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572)
Tomáš Mráz
2009-05-21 16:30:42 +0000
7723dd9040- support compatibility DTLS mode for CISCO AnyConnect (#464629)
Tomáš Mráz
2009-04-21 10:05:11 +0000
e1c42b9abd- correct the SHLIB_VERSION define
Tomáš Mráz
2009-04-17 16:13:51 +0000
bb917d493c- add support for multiple CRLs with same subject - load only dynamic engine support in FIPS mode
Tomáš Mráz
2009-04-15 14:36:54 +0000
a9e5f01ef5- update to new upstream release (minor bug fixes, security fixes and machine code optimizations only)
Tomáš Mráz
2009-03-25 21:12:41 +0000
a9567a4b21- move only on 64bits
Tomáš Mráz
2009-03-19 11:03:16 +0000
58f96a71e5- move libraries to /usr/lib (#239375)
Tomáš Mráz
2009-03-19 10:31:41 +0000
15d9ef2c72- add a static subpackage
Tomáš Mráz
2009-03-13 13:10:33 +0000
07bd81ddaf- must also verify checksum of libssl.so in the FIPS mode - obtain the seed for FIPS rng directly from the kernel device - drop the temporary symlinks
Tomáš Mráz
2009-02-02 16:46:33 +0000
c7641abc30- drop the temporary triggerpostun and symlinking in post - fix the pkgconfig files and drop the unnecessary buildrequires on pkgconfig as it is a rpmbuild dependency (#481419)
Tomáš Mráz
2009-01-26 21:07:21 +0000
919b2c6500- add temporary triggerpostun to reinstate the symlinks
Tomáš Mráz
2009-01-17 20:49:48 +0000
7e0fce6fea- add temporary triggerpostun to reinstate the symlinks
Tomáš Mráz
2009-01-17 20:48:44 +0000
105eb2ce8f- no pairwise key tests in non-fips mode (#479817)
Tomáš Mráz
2009-01-17 19:31:29 +0000
ebd2901e1d- even more robust test for the temporary symlinks
Tomáš Mráz
2009-01-16 16:11:07 +0000
b33a50c5b2- try to ensure the temporary symlinks exist
Tomáš Mráz
2009-01-16 13:02:42 +0000
1d20b5f238- new upstream version with necessary soname bump (#455753) - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) - add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493)
Tomáš Mráz
2009-01-15 09:10:25 +0000
f1fb664cb6- rediff for no fuzz
Tomáš Mráz
2008-08-10 20:36:12 +0000
c59bdb11a0- do not add tls extensions to server hello for SSLv3 either
Tomáš Mráz
2008-08-10 19:45:27 +0000
acba378bc3- restore the touch -r for openssl.cnf
jorton
2008-06-02 11:31:55 +0000
50e76b460a- remove reference to deleted source
jorton
2008-06-02 11:28:03 +0000
bb2baacca9- move root CA bundle to ca-certificates package
jorton
2008-06-02 11:06:57 +0000
2c01b19843- fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495)
Tomáš Mráz
2008-05-28 15:52:21 +0000
6e489d9c90- release bump
Tomáš Mráz
2008-05-27 08:39:57 +0000
cc7d549a79- super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3
Tomáš Mráz
2008-05-27 08:38:06 +0000
3bbf540789sparc handling
Tom Callaway
2008-05-20 15:16:15 +0000
dfabafc476- update to new root CA bundle from mozilla.org (r1.45)
jorton
2008-03-10 10:45:36 +0000
d08968bcfa- Autorebuild for GCC 4.3
Jesse Keating
2008-02-20 05:36:13 +0000
1181966c58- rename required for build
Tomáš Mráz
2008-01-25 17:04:12 +0000
5980c2800d- merge review fixes (#226220) - adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)
Tomáš Mráz
2008-01-25 16:44:05 +0000
d8cd5c45d8- set default paths when no explicit paths are set (#418771) - do not add tls extensions to client hello for SSLv3 (#422081)
Tomáš Mráz
2007-12-13 17:16:43 +0000
2a80bfda1d- enable some new crypto algorithms and features - add some more important bug fixes from openssl CVS
Tomáš Mráz
2007-12-03 19:57:11 +0000
139aecb45e- we have Dec now and not Nov
Tomáš Mráz
2007-12-03 15:26:28 +0000
3849a1678a- update to latest upstream release, SONAME bumped to 7
Tomáš Mráz
2007-12-03 14:24:08 +0000
96585a061amakefile update to properly grab makefile.common
Bill Nottingham
2007-10-15 19:12:21 +0000
6427162702- update to new CA bundle from mozilla.org
jorton
2007-10-15 15:20:47 +0000
873b8d554b- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) - add alpha sub-archs (#296031)
Tomáš Mráz
2007-10-12 12:17:08 +0000
65e6d90529- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) - add alpha sub-archs (#296031)
Tomáš Mráz
2007-10-12 12:16:00 +0000
568fd16a03- rebuild
Tomáš Mráz
2007-08-21 19:42:52 +0000
de79c32133Test succeeded, apologies to Tomas for the noise.
Patrick Laughton
2007-08-09 00:49:27 +0000
366d8b3e20Testing Fedora SPARC ACL group permissions.
Patrick Laughton
2007-08-09 00:47:13 +0000
aa64c417f5- use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys (#250577) - make ssl session cache id matching strict (#233599)
Tomáš Mráz
2007-08-03 12:16:54 +0000
b191bc7a11- allow building on ARM architectures (#245417) - use reference timestamps to prevent multilib conflicts (#218064) - -devel package must require pkgconfig (#241031)
Tomáš Mráz
2007-07-25 13:37:15 +0000
fba756feb1- detect duplicates in add_dir properly (#206346)
Tomáš Mráz
2006-12-11 19:46:13 +0000
4ca06fa547- the previous change still didn't make X509_NAME_cmp transitive
Tomáš Mráz
2006-11-30 23:10:43 +0000
f0fb64db28- make X509_NAME_cmp transitive otherwise certificate lookup is broken (#216050) - Resolves: rhbz#216050
Tomáš Mráz
2006-11-23 20:38:24 +0000
a99897e811- aliasing bug in engine loading, patch by IBM (#213216)
Tomáš Mráz
2006-11-02 21:16:00 +0000
98d8457650- CVE-2006-2940 fix was incorrect (#208744)
Tomáš Mráz
2006-10-02 08:37:59 +0000
6dc7017559- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940)
Tomáš Mráz
2006-09-28 19:59:16 +0000
cd294fcd2a- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940)
Tomáš Mráz
2006-09-28 19:58:49 +0000
ba40f6bb66- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
Tomáš Mráz
2006-09-05 13:44:39 +0000
Tomáš Mráz
Jesse Keating
Bill Nottingham
jorton
Tom Callaway
Patrick Laughton