Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openssl-libs-3.0.1-37.el9 RPM for i686

From CentOS Stream 9 BaseOS for x86_64

Name: openssl-libs Distribution: CentOS
Version: 3.0.1 Vendor: CentOS
Release: 37.el9 Build date: Thu Jul 7 17:27:34 2022
Group: Unspecified Build host: x86-03.stream.rdu2.redhat.com
Size: 6293202 Source RPM: openssl-3.0.1-37.el9.src.rpm
Packager: builder@centos.org
Url: http://www.openssl.org/
Summary: A general purpose cryptography library with TLS implementation
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.

Provides

Requires

License

ASL 2.0

Changelog

* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
  - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
    Resolves: CVE-2022-2097
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36
  - Ciphersuites with RSAPSK KX should be filterd in FIPS mode
  - Related: rhbz#2085088
  - FIPS provider should block RSA encryption for key transport.
  - Other RSA encryption options should still be available if key length is enough
  - Related: rhbz#2053289
  - Improve diagnostics when passing unsupported groups in TLS
  - Related: rhbz#2070197
  - Fix PPC64 Montgomery multiplication bug
  - Related: rhbz#2098199
  - Strict certificates validation shouldn't allow explicit EC parameters
  - Related: rhbz#2058663
  - CVE-2022-2068: the c_rehash script allows command injection
  - Related: rhbz#2098277
* Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35
  - Add explicit indicators for signatures in FIPS mode and mark signature
    primitives as unapproved.
    Resolves: rhbz#2087147
* Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34
  - Some OpenSSL test certificates are expired, updating
  - Resolves: rhbz#2092456
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
  - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
  - Resolves: rhbz#2089444
  - CVE-2022-1343 openssl: Signer certificate verification returned
    inaccurate response when using OCSP_NOCHECKS
  - Resolves: rhbz#2087911
  - CVE-2022-1292 openssl: c_rehash script allows command injection
  - Resolves: rhbz#2090362
  - Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
    Related: rhbz#2087147
  - Use KAT for ECDSA signature tests, s390 arch
  - Resolves: rhbz#2069235
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
  - `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
  - Resolves: rhbz#2083240
  - Ciphersuites with RSA KX should be filterd in FIPS mode
  - Related: rhbz#2085088
  - In FIPS mode, signature verification works with keys of arbitrary size
    above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
    below 2048 bits
  - Resolves: rhbz#2077884
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
  - Disable SHA-1 signature verification in FIPS mode
  - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
    Resolves: rhbz#2087147
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
  - Use KAT for ECDSA signature tests
  - Resolves: rhbz#2069235
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29
  - `-config` argument of openssl app should work properly in FIPS mode
  - Resolves: rhbz#2083274
  - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
  - Resolves: rhbz#2063947
* Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28
  - OpenSSL should not accept custom elliptic curve parameters
  - Resolves rhbz#2066412
  - OpenSSL should not accept explicit curve parameters in FIPS mode
  - Resolves rhbz#2058663
* Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27
  - Change FIPS module version to include hash of specfile, patches and sources
    Resolves: rhbz#2070550
* Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26
  - OpenSSL FIPS module should not build in non-approved algorithms
  - Resolves: rhbz#2081378
* Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25
  - FIPS provider should block RSA encryption for key transport.
  - Other RSA encryption options should still be available
  - Resolves: rhbz#2053289
* Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24
  - Fix regression in evp_pkey_name2type caused by tr_TR locale fix
    Resolves: rhbz#2071631
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-23
  - Fix openssl curl error with LANG=tr_TR.utf8
  - Resolves: rhbz#2071631
* Mon Mar 28 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
  - FIPS provider should block RSA encryption for key transport
  - Resolves: rhbz#2053289
* Tue Mar 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-21
  - Fix occasional internal error in TLS when DHE is used
  - Resolves: rhbz#2004915
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
  - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
    no OpenSSL library context is set
  - Resolves: rhbz#2065400
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19
  - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
  - Resolves: rhbz#2065400
* Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18
  - CVE-2022-0778 fix
  - Resolves: rhbz#2062315
* Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-17
  - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before
    setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
  - Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch
  - Resolves: rhbz#2062640
* Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15
  - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes
  - Resolves: rhbz#2060510
* Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14
  - Prevent use of SHA1 with ECDSA
  - Resolves: rhbz#2031742
* Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-13
  - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
  - Resolves: rhbz#1977867
* Thu Feb 24 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1:3.0.1-12
  - Support KBKDF (NIST SP800-108) with an R value of 8bits
  - Resolves: rhbz#2027261
* Wed Feb 23 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-11
  - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
  - Resolves: rhbz#2031742
* Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-10
  - rebuilt
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-9
  - Allow SHA1 usage in HMAC in TLS
  - Resolves: rhbz#2031742
* Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8
  - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
  - Resolves: rhbz#1977867
  - pkcs12 export broken in FIPS mode
  - Resolves: rhbz#2049265
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-8
  - Disable SHA1 signature creation and verification by default
  - Set rh-allow-sha1-signatures = yes to re-enable
  - Resolves: rhbz#2031742
* Thu Feb 03 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-7
  - s_server: correctly handle 2^14 byte long records
  - Resolves: rhbz#2042011
* Tue Feb 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-6
  - Adjust FIPS provider version
  - Related: rhbz#2026445
* Wed Jan 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-5
  - On the s390x, zeroize all the copies of TLS premaster secret
  - Related: rhbz#2040448
* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-4
  - rebuilt
* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-3
  - KATS tests should be executed before HMAC verification
  - Restoring fips=yes for SHA1
  - Related: rhbz#2026445, rhbz#2041994
* Thu Jan 20 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-2
  - Add enable-buildtest-c++ to the configure options.
  - Related: rhbz#1990814
* Tue Jan 18 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-1
  - Rebase to upstream version 3.0.1
  - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
  - Resolves: rhbz#2038910, rhbz#2035148
* Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-7
  - Remove algorithms we don't plan to certify from fips module
  - Remove native fipsmodule.cnf
  - Related: rhbz#2026445
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
  - openssl speed should run in FIPS mode
  - Related: rhbz#1977318
* Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-5
  - rebuilt for spec cleanup
  - Related: rhbz#1985362
* Thu Nov 18 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-4
  - Embed FIPS HMAC in fips.so
  - Enforce loading FIPS provider when FIPS kernel flag is on
  - Related: rhbz#1985362
* Thu Oct 07 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-3
  - Fix memory leak in s_client
  - Related: rhbz#1996092
* Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2
  - Avoid double-free on error seeding the RNG.
  - KTLS and FIPS may interfere, so tests need to be tuned
  - Resolves: rhbz#1952844, rhbz#1961643
* Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1
  - Rebase to upstream version 3.0.0
  - Related: rhbz#1990814
* Wed Aug 25 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-0.beta2.7
  - Removes the dual-abi build as it not required anymore. The mass rebuild
    was completed and all packages are rebuilt against Beta version.
  - Resolves: rhbz#1984097
* Mon Aug 23 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-0.beta2.6
  - Correctly process CMS reading from /dev/stdin
  - Resolves: rhbz#1986315
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.5
  - Add instruction for loading legacy provider in openssl.cnf
  - Resolves: rhbz#1975836
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.4
  - Adds support for IDEA encryption.
  - Resolves: rhbz#1990602
* Tue Aug 10 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.3
  - Fixes core dump in openssl req -modulus
  - Fixes 'openssl req' to not ask for password when non-encrypted private key
    is used
  - cms: Do not try to check binary format on stdin and -rctform fix
  - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.beta2.2.1
  - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
    Related: rhbz#1991688
* Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 3.0.0-0.beta2.2
  - When signature_algorithm extension is omitted, use more relevant alerts
  - Resolves: rhbz#1965017
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
  - Rebase to upstream version beta2
  - Related: rhbz#1903209
* Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5
  - Prevents creation of duplicate cert entries in PKCS #12 files
  - Resolves: rhbz#1978670
* Wed Jul 21 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.4
  - NVR bump to update to OpenSSL 3.0 Beta1
* Mon Jul 19 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.3
  - Update patch dual-abi.patch to add the #define macros in implementation
    files instead of public header files
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.2
  - Removes unused patch dual-abi.patch
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.1
  - Update to Beta1 version
  - Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16
* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
  - Fixes override of openssl_conf in openssl.cnf
  - Use AI_ADDRCONFIG only when explicit host name is given
  - Temporarily remove fipsmodule.cnf for arch i686
  - Fixes segmentation fault in BN_lebin2bn
  - Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855
* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.6
  - Adds FIPS mode compatibility patch (sahana@redhat.com)
  - Related: rhbz#1977318
* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.5
  - Fixes system hang issue when booted in FIPS mode (sahana@redhat.com)
  - Temporarily disable downstream FIPS patches
  - Related: rhbz#1977318
* Fri Jun 11 2021 Mohan Boddu <mboddu@redhat.com> 3.0.0-0.alpha16.4
  - Speeding up building openssl (dbelyavs@redhat.com)
    Resolves: rhbz#1903209
* Fri Jun 04 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.3
  - Fix reading SPKAC data from stdin
  - Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
  - Return 0 after cleanup in OPENSSL_init_crypto()
  - Cleanup the peer point formats on regotiation
  - Fix default digest to SHA256
* Thu May 27 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.2
  - Enable FIPS via config options
* Mon May 17 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.1
  - Update to alpha 16 version
    Resolves: rhbz#1952901 openssl sends alert after orderly connection close
* Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1
  - Update to alpha 15 version
    Resolves: rhbz#1903209, rhbz#1952598,
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.alpha13.1.1
  - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Apr 09 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha13.1
  - Update to new major release OpenSSL 3.0.0 alpha 13
    Resolves: rhbz#1903209

Files

/etc/pki/tls
/etc/pki/tls/certs
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/misc
/etc/pki/tls/openssl.cnf
/etc/pki/tls/private
/usr/lib/.build-id
/usr/lib/.build-id/03
/usr/lib/.build-id/03/b69b6aacb4b324a08f4f193332f00ca49a6cfa
/usr/lib/.build-id/12
/usr/lib/.build-id/12/02f6ff49bd5ea8f57ba6ff4dcff2490278a8b3
/usr/lib/.build-id/56
/usr/lib/.build-id/56/c6f8d28e3df9eb9f1bd237c819cd36eb933f27
/usr/lib/.build-id/ab
/usr/lib/.build-id/ab/0208a34dc6055a1133f4331c16b11fb7b04448
/usr/lib/.build-id/b4
/usr/lib/.build-id/b4/5823680879434453c82d7f03d9e431b8c28375
/usr/lib/.build-id/c3
/usr/lib/.build-id/c3/bb2d800182c79111b2ff9cca46fbc934903359
/usr/lib/.build-id/d9
/usr/lib/.build-id/d9/52d78b54a1a308f285ba08eb3f0ffc87944063
/usr/lib/.build-id/e1
/usr/lib/.build-id/e1/e19cfcdac465ad7792f5ea76e367baa27a739e
/usr/lib/engines-3
/usr/lib/engines-3/afalg.so
/usr/lib/engines-3/capi.so
/usr/lib/engines-3/loader_attic.so
/usr/lib/engines-3/padlock.so
/usr/lib/libcrypto.so.3
/usr/lib/libcrypto.so.3.0.1
/usr/lib/libssl.so.3
/usr/lib/libssl.so.3.0.1
/usr/lib/ossl-modules
/usr/lib/ossl-modules/fips.so
/usr/lib/ossl-modules/legacy.so
/usr/share/licenses/openssl-libs
/usr/share/licenses/openssl-libs/LICENSE.txt


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Nov 24 02:52:03 2022