SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libopenssl-devel-1.0.0m-18.55.1.x86_64.rpm :
Thu Jun 5 14:00:00 2014 wrAATTrosenauer.org
- update to upstream 1.0.0m version (bnc#880891)

* Fix for CVE-2014-0224
SSL/TLS MITM vulnerability

* Fix for CVE-2014-0221
DTLS recursion flaw

* Fix for CVE-2014-0195
DTLS invalid fragment vulnerability

* Fix for CVE-2014-3470
Anonymous ECDH denial of service

* Fix for CVE-2014-0076
Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD

* Fix for CVE-2010-5298
SSL_MODE_RELEASE_BUFFERS session injection or denial of service

Sat Jan 11 13:00:00 2014 wrAATTrosenauer.org
- update to upstream 1.0.0l version

* fixed crash in DTLS renegotiation after packet loss
(CVE-2013-6450, bnc#857203)

Fri Feb 22 13:00:00 2013 lijewski.stefanAATTgmail.com
- update to upstream 1.0.0k version fixing:

* SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)

* TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)

* OCSP invalid key DoS issue (CVE-2013-0166)
- fixes [bnc#802648] [bnc#802746] [bnc#757773]
- patch cleanup

Wed May 23 14:00:00 2012 gjheAATTsuse.com
- fix bug[bnc#761838] - denial of service via cbc mode handling
CVE-2012-2333

Mon Apr 23 14:00:00 2012 gjheAATTsuse.com
- fix bug[bnc#758060] - incorrect integer conversions in OpenSSL
can result in memory corruption.
CVE-2012-2110

Wed Mar 28 14:00:00 2012 gjheAATTsuse.com
- fix bug[bnc#749735] - Memory leak when creating public keys.
fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack
CVE-2012-0884

Wed Mar 28 14:00:00 2012 gjheAATTsuse.com
- fix bug[bnc#749735] - Memory leak when creating public keys.
fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack
CVE-2012-0884

Thu Mar 22 13:00:00 2012 gjheAATTsuse.com
- fix Bug[bnc#751946] - S/MIME verification may erroneously fail
CVE-2012-1165

Wed Mar 21 13:00:00 2012 gjheAATTsuse.com
- fix bug[bnc#749213]-Free headers after use in error message
and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt

Fri Feb 24 13:00:00 2012 gjheAATTsuse.com
- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl\'s
asn1 parser.
CVE-2006-7250

Thu Feb 2 13:00:00 2012 gjheAATTsuse.com
- fix security bug [bnc#742821] - DTLS DoS Attack
CVE-2012-0050

Wed Jan 11 13:00:00 2012 gjheAATTsuse.com
- fix security bug[bnc#739719] - openssl: various security issues
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
not affected:
Double-free in Policy Checks (CVE-2011-4109)

Tue Sep 20 14:00:00 2011 gjheAATTsuse.com
- fix bug[bnc#716144] - VUL-0: openssl ECDH crash.
CVE-2011-3210

Tue Sep 13 14:00:00 2011 gjheAATTsuse.com
- Fix bug[bnc#716143].Fix bug where CRLs with nextUpdate
in the past are sometimes accepted by initialising
X509_STORE_CTX properly. (CVE-2011-3207)

Tue May 31 14:00:00 2011 gjheAATTnovell.com
- fix bug[bnc#693027].
Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]

Sat Jan 15 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Add patch from upstream in order to support AES-NI instruction
set present on current Intel and AMD processors

Mon Jan 10 13:00:00 2011 meissnerAATTsuse.de
- enable -DPURIFY to avoid valgrind errors.

Thu Dec 9 13:00:00 2010 gjheAATTnovell.com
- update to stable version 1.0.0c.
patch included:
CVE-2010-1633_and_CVE-2010-0742.patch
patchset-19727.diff
CVE-2010-2939.patch
CVE-2010-3864.patch

Thu Nov 18 13:00:00 2010 gjheAATTnovell.com
- fix bug [bnc#651003]
CVE-2010-3864

Sat Sep 25 14:00:00 2010 gjheAATTnovell.com
- fix bug [bnc#629905]
CVE-2010-2939

Wed Jul 28 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Exclude static libraries, see what breaks and fix that
instead

Wed Jun 30 14:00:00 2010 jengelhAATTmedozas.de
- fix two compile errors on SPARC

Tue Jun 15 14:00:00 2010 bgAATTnovell.com
- -fstack-protector is not supported on hppa

Fri Jun 4 14:00:00 2010 gjheAATTnovell.com
- fix bnc #610642
CVE-2010-0742
CVE-2010-1633

Mon May 31 14:00:00 2010 gjheAATTnovell.com
- fix bnc #610223,change Configure to tell openssl to load engines
from /%{_lib} instead of %{_libdir}

Mon May 10 14:00:00 2010 ajAATTsuse.de
- Do not compile in build time but use mtime of changes file instead.
This allows build-compare to identify that no changes have happened.

Tue May 4 14:00:00 2010 gjheAATTnovell.com
- build libopenssl to /%{_lib} dir,and keep only one
libopenssl-devel for new developping programs.

Tue Apr 27 14:00:00 2010 gjheAATTnovell.com
- build libopenssl and libopenssl-devel to a version directory

Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides

Wed Apr 21 14:00:00 2010 lnusselAATTsuse.de
- also create old certificate hash in /etc/ssl/certs for
compatibility with applications that still link against 0.9.8

Mon Apr 12 14:00:00 2010 meissnerAATTsuse.de
- Disable our own build targets, instead use the openSSL provided ones
as they are now good (or should be good at least).
- add -Wa,--noexecstack to the Configure call, this is the upstream
approved way to avoid exec-stack marking

Mon Apr 12 14:00:00 2010 gjheAATTnovell.com
- update to 1.0.0
Merge the following patches from 0.9.8k:
openssl-0.9.6g-alpha.diff
openssl-0.9.7f-ppc64.diff
openssl-0.9.8-flags-priority.dif
openssl-0.9.8-sparc.dif
openssl-allow-arch.diff
openssl-hppa-config.diff

Fri Apr 9 14:00:00 2010 meissnerAATTsuse.de
- fixed \"exectuable stack\" for libcrypto.so issue on i586 by
adjusting the assembler output during MMX builds.

Wed Apr 7 14:00:00 2010 meissnerAATTsuse.de
- Openssl is now partially converted to libdir usage upstream,
merge that in to fix lib64 builds.

Thu Mar 25 13:00:00 2010 gjheAATTnovell.com
- fix security bug [bnc#590833]
CVE-2010-0740

Mon Mar 22 13:00:00 2010 gjheAATTnovell.com
- update to version 0.9.8m
Merge the following patches from 0.9.8k:
bswap.diff
non-exec-stack.diff
openssl-0.9.6g-alpha.diff
openssl-0.9.7f-ppc64.diff
openssl-0.9.8-flags-priority.dif
openssl-0.9.8-sparc.dif
openssl-allow-arch.diff
openssl-hppa-config.diff

Fri Feb 5 13:00:00 2010 jengelhAATTmedozas.de
- build openssl for sparc64

Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- package documentation as noarch

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Tue Sep 1 14:00:00 2009 gjheAATTnovell.com
- fix Bug [bnc#526319]

Wed Aug 26 14:00:00 2009 cooloAATTnovell.com
- use %patch0 for Patch0

Fri Jul 3 14:00:00 2009 gjheAATTnovell.com
- update to version 0.9.8k
- patches merged upstream:
openssl-CVE-2008-5077.patch
openssl-CVE-2009-0590.patch
openssl-CVE-2009-0591.patch
openssl-CVE-2009-0789.patch
openssl-CVE-2009-1377.patch
openssl-CVE-2009-1378.patch
openssl-CVE-2009-1379.patch
openssl-CVE-2009-1386.patch
openssl-CVE-2009-1387.patch

Tue Jun 30 14:00:00 2009 gjheAATTnovell.com
- fix security bug [bnc#509031]
CVE-2009-1386
CVE-2009-1387

Tue Jun 30 14:00:00 2009 gjheAATTnovell.com
- fix security bug [bnc#504687]
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379

Wed Apr 15 14:00:00 2009 gjheAATTsuse.de
- fix security bug [bnc#489641]
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789


  
ICM