| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libopenssl0_9_8 | Distribution: openSUSE 11.2 |
| Version: 0.9.8k | Vendor: openSUSE |
| Release: 3.10.1 | Build date: Fri Nov 19 16:17:44 2010 |
| Group: Productivity/Networking/Security | Build host: build35 |
| Size: 2114288 | Source RPM: openssl-0.9.8k-3.10.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.openssl.org/ | |
| Summary: Secure Sockets and Transport Layer Security | |
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
Authors:
--------
Mark J. Cox <mark@openssl.org>
Ralf S. Engelschall <rse@openssl.org>
Dr. Stephen Henson <steve@openssl.org>
Ben Laurie <ben@openssl.org>
Bodo Moeller <bodo@openssl.org>
Ulf Moeller <ulf@openssl.org>
Holger Reif <holger@openssl.org>
Paul C. Sutton <paul@openssl.org>
BSD3c(or similar)
* Thu Nov 18 2010 gjhe@novell.com
- fix bug [bnc#651003]
CVE-2010-3864
* Sat Sep 25 2010 gjhe@novell.com
- fix bug [bnc#629905]
CVE-2010-2939
* Wed Mar 31 2010 meissner@suse.de
- Added patch to enable secure renegotiation
support for CVE-2009-3555 / bnc#584292
* Fri Jan 15 2010 gjhe@novell.com
- fix security bug [bnc#566238]
CVE-2009-4355
* Fri Nov 13 2009 gjhe@novell.com
- fix security bug [bnc#553641]
CVE-2009-3555
* Tue Sep 01 2009 gjhe@novell.com
- fix Bug [bnc#526319]
* Wed Aug 26 2009 coolo@novell.com
- use %patch0 for Patch0
* Fri Jul 03 2009 gjhe@novell.com
- update to version 0.9.8k
- patches merged upstream:
openssl-CVE-2008-5077.patch
openssl-CVE-2009-0590.patch
openssl-CVE-2009-0591.patch
openssl-CVE-2009-0789.patch
openssl-CVE-2009-1377.patch
openssl-CVE-2009-1378.patch
openssl-CVE-2009-1379.patch
openssl-CVE-2009-1386.patch
openssl-CVE-2009-1387.patch
* Tue Jun 30 2009 gjhe@novell.com
- fix security bug [bnc#509031]
CVE-2009-1386
CVE-2009-1387
* Tue Jun 30 2009 gjhe@novell.com
- fix security bug [bnc#504687]
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
* Wed Apr 15 2009 gjhe@suse.de
- fix security bug [bnc#489641]
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789
* Wed Jan 07 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Thu Dec 18 2008 jshi@suse.de
- fix security bug [bnc#459468]
CVE-2008-5077
* Tue Dec 09 2008 xwhu@suse.de
- Disable optimization for s390x
* Mon Dec 08 2008 xwhu@suse.de
- Disable optimization of md4
* Mon Nov 10 2008 xwhu@suse.de
- Disable optimization of ripemd [bnc#442740]
* Tue Oct 14 2008 xwhu@suse.de
- Passing string as struct cause openssl segment-fault [bnc#430141]
* Wed Jul 16 2008 mkoenig@suse.de
- do not require openssl-certs, but rather recommend it
to avoid dependency cycle [bnc#408865]
* Wed Jul 09 2008 mkoenig@suse.de
- remove the certs subpackage from the openssl package
and move the CA root certificates into a package of its own
* Tue Jun 24 2008 mkoenig@suse.de
- update to version 0.9.8h
- openssl does not ship CA root certificates anymore
keep certificates that SuSE is already shipping
- resolves bad array index (function has been removed) [bnc#356549]
- removed patches
openssl-0.9.8g-fix_dh_for_certain_moduli.patch
openssl-CVE-2008-0891.patch
openssl-CVE-2008-1672.patch
* Wed May 28 2008 mkoenig@suse.de
- fix OpenSSL Server Name extension crash (CVE-2008-0891)
and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
[bnc#394317]
* Wed May 21 2008 cthiel@suse.de
- fix baselibs.conf
* Tue Apr 22 2008 mkoenig@suse.de
- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Mon Nov 05 2007 mkoenig@suse.de
- fix Diffie-Hellman failure with certain prime lengths
* Mon Oct 22 2007 mkoenig@suse.de
- update to version 0.9.8g:
* fix some bugs introduced with 0.9.8f
* Mon Oct 15 2007 mkoenig@suse.de
- update to version 0.9.8f:
* fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
- patches merged upstream:
openssl-0.9.8-key_length.patch
openssl-CVE-2007-3108-bug296511
openssl-CVE-2007-5135.patch
openssl-gcc42.patch
openssl-gcc42_b.patch
openssl-s390-config.diff
* Mon Oct 01 2007 mkoenig@suse.de
- fix buffer overflow CVE-2007-5135 [#329208]
* Wed Sep 05 2007 mkoenig@suse.de
- fix another gcc 4.2 build problem [#307669]
* Fri Aug 03 2007 coolo@suse.de
- provide the version obsoleted (#293401)
* Wed Aug 01 2007 werner@suse.de
- Add patch from CVS for RSA key reconstruction vulnerability
(CVE-2007-3108, VU#724968, bug #296511)
* Thu May 24 2007 mkoenig@suse.de
- fix build with gcc-4.2
openssl-gcc42.patch
- do not install example scripts with executable permissions
* Sun Apr 29 2007 ro@suse.de
- adapt requires
* Fri Apr 27 2007 mkoenig@suse.de
- Do not use dots in package name
- explicitly build with gcc-4.1 because of currently unresolved
failures with gcc-4.2
* Wed Apr 25 2007 mkoenig@suse.de
- Split/rename package to follow library packaging policy [#260219]
New package libopenssl0.9.8 containing shared libs
openssl-devel package renamed to libopenssl-devel
New package openssl-certs containing certificates
- add zlib-devel to Requires of devel package
- remove old Obsoletes and Conflicts
openssls (Last used Nov 2000)
ssleay (Last used 6.2)
* Mon Apr 23 2007 mkoenig@suse.de
- Fix key length [#254905,#262477]
* Tue Mar 06 2007 mkoenig@suse.de
- update to version 0.9.8e:
* patches merged upstream:
openssl-CVE-2006-2940-fixup.patch
openssl-0.9.8d-padlock-static.patch
* Tue Jan 09 2007 mkoenig@suse.de
- fix PadLock support [#230823]
* Thu Nov 30 2006 mkoenig@suse.de
- enable fix for CVE-2006-2940 [#223040], SWAMP-ID 7198
* Mon Nov 06 2006 poeml@suse.de
- configure with 'zlib' instead of 'zlib-dynamic'. Build with the
latter, there are problems opening the libz when running on the
Via Epia or vmware platforms. [#213305]
* Wed Oct 04 2006 poeml@suse.de
- add patch for the CVE-2006-2940 fix: the newly introduced limit
on DH modulus size could lead to a crash when exerted. [#208971]
Discovered and fixed after the 0.9.8d release.
* Fri Sep 29 2006 poeml@suse.de
- update to 0.9.8d
* ) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
* ) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937)
* ) Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738)
* ) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
* ) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
match only those. Before that, "AES256-SHA" would be interpreted
as a pattern and match "AES128-SHA" too (since AES128-SHA got
the same strength classification in 0.9.7h) as we currently only
have a single AES bit in the ciphersuite description bitmap.
That change, however, also applied to ciphersuite strings such as
"RC4-MD5" that intentionally matched multiple ciphersuites --
namely, SSL 2.0 ciphersuites in addition to the more common ones
from SSL 3.0/TLS 1.0.
So we change the selection algorithm again: Naming an explicit
ciphersuite selects this one ciphersuite, and any other similar
ciphersuite (same bitmap) from *other* protocol versions.
Thus, "RC4-MD5" again will properly select both the SSL 2.0
ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
Since SSL 2.0 does not have any ciphersuites for which the
128/256 bit distinction would be relevant, this works for now.
The proper fix will be to use different bits for AES128 and
AES256, which would have avoided the problems from the beginning;
however, bits are scarce, so we can only do this in a new release
(not just a patchlevel) when we can change the SSL_CIPHER
definition to split the single 'unsigned long mask' bitmap into
multiple values to extend the available space.
- not in mentioned in CHANGES: patch for CVE-2006-4339 corrected
[openssl.org #1397]
* Fri Sep 08 2006 schwab@suse.de
- Fix inverted logic.
* Wed Sep 06 2006 poeml@suse.de
- update to 0.9.8c
Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
* ) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]
* ) Add AES IGE and biIGE modes. [Ben Laurie]
* ) Change the Unix randomness entropy gathering to use poll() when
possible instead of select(), since the latter has some
undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]
* ) Disable "ECCdraft" ciphersuites more thoroughly. Now special
treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
cannot be implicitly activated as part of, e.g., the "AES" alias.
However, please upgrade to OpenSSL 0.9.9[-dev] for
non-experimental use of the ECC ciphersuites to get TLS extension
support, which is required for curve and point format negotiation
to avoid potential handshake problems. [Bodo Moeller]
* ) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Also deactive the remaining ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
unofficial, and the ID has long expired. [Bodo Moeller]
* ) Fix RSA blinding Heisenbug (problems sometimes occured on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]
* ) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
versions), which is now available for royalty-free use
(see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
Also, add Camellia TLS ciphersuites from RFC 4132.
To minimize changes between patchlevels in the OpenSSL 0.9.8
series, Camellia remains excluded from compilation unless OpenSSL
is configured with 'enable-camellia'. [NTT]
* ) Disable the padding bug check when compression is in use. The padding
bug check assumes the first packet is of even length, this is not
necessarily true if compresssion is enabled and can result in false
positives causing handshake failure. The actual bug test is ancient
code so it is hoped that implementations will either have fixed it by
now or any which still have the bug do not support compression.
[Steve Henson]
Changes between 0.9.8a and 0.9.8b [04 May 2006]
* ) When applying a cipher rule check to see if string match is an explicit
cipher suite and only match that one cipher suite if it is. [Steve Henson]
* ) Link in manifests for VC++ if needed. [Austin Ziegler <halostatue@gmail.com>]
* ) Update support for ECC-based TLS ciphersuites according to
draft-ietf-tls-ecc-12.txt with proposed changes (but without
TLS extensions, which are supported starting with the 0.9.9
branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila]
* ) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
opaque EVP_CIPHER_CTX handling. [Steve Henson]
* ) Fixes and enhancements to zlib compression code. We now only use
"zlib1.dll" and use the default __cdecl calling convention on Win32
to conform with the standards mentioned here:
http://www.zlib.net/DLL_FAQ.txt
Static zlib linking now works on Windows and the new --with-zlib-include
- -with-zlib-lib options to Configure can be used to supply the location
of the headers and library. Gracefully handle case where zlib library
can't be loaded. [Steve Henson]
* ) Several fixes and enhancements to the OID generation code. The old code
sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
handle numbers larger than ULONG_MAX, truncated printing and had a
non standard OBJ_obj2txt() behaviour. [Steve Henson]
* ) Add support for building of engines under engine/ as shared libraries
under VC++ build system. [Steve Henson]
* ) Corrected the numerous bugs in the Win32 path splitter in DSO.
Hopefully, we will not see any false combination of paths any more.
[Richard Levitte]
- enable Camellia cipher. There is a royalty free license to the
patents, see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html.
NOTE: the license forbids patches to the cipher.
- build with zlib-dynamic and add zlib-devel to BuildRequires.
Allows compression of data in TLS, although few application would
actually use it since there is no standard for negotiating the
compression method. The only one I know if is stunnel.
/usr/lib64/engines /usr/lib64/engines/lib4758cca.so /usr/lib64/engines/libaep.so /usr/lib64/engines/libatalla.so /usr/lib64/engines/libcapi.so /usr/lib64/engines/libchil.so /usr/lib64/engines/libcswift.so /usr/lib64/engines/libgmp.so /usr/lib64/engines/libnuron.so /usr/lib64/engines/libsureware.so /usr/lib64/engines/libubsec.so /usr/lib64/libcrypto.so.0.9.8 /usr/lib64/libssl.so.0.9.8
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon May 20 05:42:27 2013