- mention EVP_aes and EVP_sha2xx routines in the manpages
- add README.FIPS
- make CA dir absolute path (#445344)
- change default length for RSA key generation to 2048 (#484101)
- temporarily provide symlink to old soname to make it possible to rebuild
the dependent packages in rawhide
- add eap-fast support (#428181)
- add possibility to disable zlib by setting
- add fips mode support for testing purposes
- do not null dereference on some invalid smime files
- add buildrequires pkgconfig (#479493)
- enable assembly code on ia64
- upgrade to new upstream version (no soname bump needed)
- disable thread test - it was testing the backport of the RSA blinding -
no longer needed
Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-1
- new upstream source, updated patches
- added patch so we are hopefully ABI compatible with upcoming
0.9.7f
Wed Sep 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-20
- only parse a client cert if one was requested
- temporarily exclusivearch for %{ix86}
Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com>
- add security fixes for protocol parsing bugs (CAN-2003-0543,
CAN-2003-0544) and heap corruption (CAN-2003-0545)
- update RHNS-CA-CERT files
- ease back on the number of threads used in the threading test
Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 0.9.7a-19
- rebuild to fix gzipped file md5sums (#91211)
Mon Aug 25 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-18
- Updated libica to version 1.3.4.
Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-17
- rebuild
Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10.9
- free the kssl_ctx structure when we free an SSL structure (#99066)
Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-16
- rebuild
Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-15
- lower thread test count on s390x
Tue Jul 08 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-14
- rebuild
Thu Jun 26 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-13
- disable assembly on arches where it seems to conflict with threading
Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-12
- Updated libica to latest upstream version 1.3.0
Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.6-16
- add backported patch to harden against Klima-Pokorny-Rosa extension of
Bleichenbacher's attack (CAN-2003-0131)
Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.6-15
- add patch to enable RSA blinding by default, closing a timing attack
(CAN-2003-0147)
Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.6-14
- add fix to guard against attempts to allocate negative amounts of memory
- add patch for CAN-2003-0078, fixing a timing attack
Fri Jun 01 2001 Nalin Dahyabhai <nalin@redhat.com>
- change two memcpy() calls to memmove()
Sun May 27 2001 Philip Copeland <bryce@redhat.com>
- Removed -DL_ENDIAN for the alpha builds as unsigned long = 8 not 4 which
both L_ENDIAN / B_ENDIAN require to work correctly
Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- make subpackages depend on the main package
Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild
Fri Apr 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- use __libc_enable_secure in OPENSSL_setugid (suggested by
solar@openwall.com)
- make backported OPENSSL_setugid, BN_bntest_rand, and BN_rand_range static
functions, which keeps them away from client applications more cleanly
Tue Apr 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- backport security fixes from 0.9.6a
Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- use BN_LLONG on s390
Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)
Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- move c_rehash to the perl subpackage, because it's a perl script now
Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6
- enable MD2
- use the libcrypto.so and libssl.so targets to build shared libs with
- bump the soversion to 1 because we're no longer compatible with any of
the various 0.9.5a packages circulating around, which provide lib*.so.0
Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- change hobble-openssl for disabling MD2 again
Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
bytes or so, causing EVP_DigestInit() to zero out stack variables in
apps built against a version of the library without it
Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- disable some inline assembly, which on x86 is Pentium-specific
- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)
Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- fix s390 patch
Fri Dec 08 2000 Than Ngo <than@redhat.com>
- added support s390
Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove -Wa,* and -m* compiler flags from the default Configure file
(#20656)
- add the CA.pl man page to the perl subpackage
Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- always build with -mcpu=ev5 on alpha
Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a symlink from cert.pem to ca-bundle.crt
Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a ca-bundle file for packages like Samba to reference for CA
certificates
Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)
Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- add unzip as a buildprereq (#17662)
- update m2crypto to 0.05-snap4
Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak the makefile some more
- disable MD2 support
- disable MDC2 support
- tweak the makefile
- rework certificate makefile to have the right parts for Apache
- strip binaries and libraries
- enable actual RSA support
- use /usr/bin/perl instead of /usr/bin/perl
- move the passwd.1 man page out of the passwd package's way
- update to 0.9.5a, modified for U.S.
- add perl as a build-time requirement
- disable RC5, IDEA support
- break out python extensions
- byte-compile python extensions without the build-root
- adjust the makefile to not remove temporary files (like .key files when
building .csr files)
- fix the building of python modules without openssl-devel already
installed
Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- Bero told me to move the Makefile into this package
Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- add lib*.so symlinks to link dynamically against shared libs
Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 0.9.5
- run ldconfig directly in post/postun
- add FAQ
Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de>
- Fix build on non-x86 platforms
Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de>
- move /usr/share/ssl/* from -devel to main package
Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de>
- inital packaging
- changes from base:
- Move /usr/local/ssl to /usr/share/ssl for FHS compliance
- handle RPM_OPT_FLAGS