Changelog for
openssl3-devel-3.0.1-18.el8.1.x86_64.rpm :
* Wed Mar 16 2022 Michel Alexandre Salim
3.0.1-18.1- Merge c9s openssl changes to pick up CVE-2022-0778 fix
* Wed Mar 16 2022 Dmitry Belyavskiy - 1:3.0.1-18- CVE-2022-0778 fix- Resolves: rhbz#2062315
* Thu Mar 10 2022 Clemens Lang - 1:3.0.1-17- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md()- Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch- Resolves: rhbz#2062640
* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-15- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes- Resolves: rhbz#2060510
* Fri Feb 25 2022 Clemens Lang - 1:3.0.1-14- Prevent use of SHA1 with ECDSA- Resolves: rhbz#2031742
* Fri Feb 25 2022 Dmitry Belyavskiy - 1:3.0.1-13- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters- Resolves: rhbz#1977867
* Thu Feb 24 2022 Peter Robinson - 1:3.0.1-12- Support KBKDF (NIST SP800-108) with an R value of 8bits- Resolves: rhbz#2027261
* Wed Feb 23 2022 Clemens Lang - 1:3.0.1-11- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures- Resolves: rhbz#2031742
* Wed Feb 23 2022 Dmitry Belyavskiy - 1:3.0.1-10- rebuilt
* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-9- Allow SHA1 usage in HMAC in TLS- Resolves: rhbz#2031742
* Tue Feb 22 2022 Dmitry Belyavskiy - 1:3.0.1-8- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters- Resolves: rhbz#1977867- pkcs12 export broken in FIPS mode- Resolves: rhbz#2049265
* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-8- Disable SHA1 signature creation and verification by default- Set rh-allow-sha1-signatures = yes to re-enable- Resolves: rhbz#2031742
* Thu Feb 03 2022 Sahana Prasad - 1:3.0.1-7- s_server: correctly handle 2^14 byte long records- Resolves: rhbz#2042011
* Tue Feb 01 2022 Dmitry Belyavskiy - 1:3.0.1-6- Adjust FIPS provider version- Related: rhbz#2026445
* Wed Jan 26 2022 Dmitry Belyavskiy - 1:3.0.1-5- On the s390x, zeroize all the copies of TLS premaster secret- Related: rhbz#2040448
* Fri Jan 21 2022 Dmitry Belyavskiy - 1:3.0.1-4- rebuilt
* Fri Jan 21 2022 Dmitry Belyavskiy - 1:3.0.1-3- KATS tests should be executed before HMAC verification- Restoring fips=yes for SHA1- Related: rhbz#2026445, rhbz#2041994
* Thu Jan 20 2022 Sahana Prasad - 1:3.0.1-2- Add enable-buildtest-c++ to the configure options.- Related: rhbz#1990814
* Tue Jan 18 2022 Sahana Prasad - 1:3.0.1-1- Rebase to upstream version 3.0.1- Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl- Resolves: rhbz#2038910, rhbz#2035148
* Mon Jan 17 2022 Dmitry Belyavskiy - 1:3.0.0-7- Remove algorithms we don\'t plan to certify from fips module- Remove native fipsmodule.cnf- Related: rhbz#2026445
* Tue Dec 21 2021 Dmitry Belyavskiy - 1:3.0.0-6- openssl speed should run in FIPS mode- Related: rhbz#1977318
* Wed Nov 24 2021 Dmitry Belyavskiy - 1:3.0.0-5- rebuilt for spec cleanup- Related: rhbz#1985362
* Thu Nov 18 2021 Dmitry Belyavskiy - 1:3.0.0-4- Embed FIPS HMAC in fips.so- Enforce loading FIPS provider when FIPS kernel flag is on- Related: rhbz#1985362
* Wed Nov 17 2021 Michel Alexandre Salim - 3.0.0-3.1- Fork c9s\' openssl to openssl3 for epel8 (and possibly Fedora <= 35)
* Thu Oct 07 2021 Dmitry Belyavskiy - 1:3.0.0-3- Fix memory leak in s_client- Related: rhbz#1996092
* Mon Sep 20 2021 Dmitry Belyavskiy - 1:3.0.0-2- Avoid double-free on error seeding the RNG.- KTLS and FIPS may interfere, so tests need to be tuned- Resolves: rhbz#1952844, rhbz#1961643
* Thu Sep 09 2021 Sahana Prasad - 1:3.0.0-1- Rebase to upstream version 3.0.0- Related: rhbz#1990814
* Wed Aug 25 2021 Sahana Prasad - 1:3.0.0-0.beta2.7- Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version.- Resolves: rhbz#1984097
* Mon Aug 23 2021 Dmitry Belyavskiy - 1:3.0.0-0.beta2.6- Correctly process CMS reading from /dev/stdin- Resolves: rhbz#1986315
* Mon Aug 16 2021 Sahana Prasad - 3.0.0-0.beta2.5- Add instruction for loading legacy provider in openssl.cnf- Resolves: rhbz#1975836
* Mon Aug 16 2021 Sahana Prasad - 3.0.0-0.beta2.4- Adds support for IDEA encryption.- Resolves: rhbz#1990602
* Tue Aug 10 2021 Sahana Prasad - 3.0.0-0.beta2.3- Fixes core dump in openssl req -modulus- Fixes \'openssl req\' to not ask for password when non-encrypted private key is used- cms: Do not try to check binary format on stdin and -rctform fix- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137
* Mon Aug 09 2021 Mohan Boddu - 1:3.0.0-0.beta2.2.1- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
* Wed Aug 04 2021 Dmitry Belyavskiy - 3.0.0-0.beta2.2- When signature_algorithm extension is omitted, use more relevant alerts- Resolves: rhbz#1965017
* Tue Aug 03 2021 Sahana Prasad 3.0.0-0.beta2.1- Rebase to upstream version beta2- Related: rhbz#1903209
* Thu Jul 22 2021 Sahana Prasad 3.0.0-0.beta1.5- Prevents creation of duplicate cert entries in PKCS #12 files- Resolves: rhbz#1978670
* Wed Jul 21 2021 Sahana Prasad 3.0.0-0.beta1.4- NVR bump to update to OpenSSL 3.0 Beta1
* Mon Jul 19 2021 Sahana Prasad 3.0.0-0.beta1.3- Update patch dual-abi.patch to add the #define macros in implementation files instead of public header files
* Wed Jul 14 2021 Sahana Prasad 3.0.0-0.beta1.2- Removes unused patch dual-abi.patch
* Wed Jul 14 2021 Sahana Prasad 3.0.0-0.beta1.1- Update to Beta1 version- Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16
* Tue Jul 06 2021 Sahana Prasad 3.0.0-0.alpha16.7- Fixes override of openssl_conf in openssl.cnf- Use AI_ADDRCONFIG only when explicit host name is given- Temporarily remove fipsmodule.cnf for arch i686- Fixes segmentation fault in BN_lebin2bn- Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855
* Fri Jul 02 2021 Sahana Prasad 3.0.0-0.alpha16.6- Adds FIPS mode compatibility patch (sahanaAATTredhat.com)- Related: rhbz#1977318
* Fri Jul 02 2021 Sahana Prasad 3.0.0-0.alpha16.5- Fixes system hang issue when booted in FIPS mode (sahanaAATTredhat.com)- Temporarily disable downstream FIPS patches- Related: rhbz#1977318
* Fri Jun 11 2021 Mohan Boddu 3.0.0-0.alpha16.4- Speeding up building openssl (dbelyavsAATTredhat.com) Resolves: rhbz#1903209
* Fri Jun 04 2021 Sahana Prasad 3.0.0-0.alpha16.3- Fix reading SPKAC data from stdin- Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448- Return 0 after cleanup in OPENSSL_init_crypto()- Cleanup the peer point formats on regotiation- Fix default digest to SHA256
* Thu May 27 2021 Sahana Prasad 3.0.0-0.alpha16.2- Enable FIPS via config options
* Mon May 17 2021 Sahana Prasad 3.0.0-0.alpha16.1- Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close
* Mon Apr 26 2021 Sahana Prasad 3.0.0-0.alpha15.1- Update to alpha 15 version Resolves: rhbz#1903209, rhbz#1952598,
* Fri Apr 16 2021 Mohan Boddu - 1:3.0.0-0.alpha13.1.1- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Apr 09 2021 Sahana Prasad 3.0.0-0.alpha13.1- Update to new major release OpenSSL 3.0.0 alpha 13 Resolves: rhbz#1903209