Commit Graph

86 Commits

Author SHA1 Message Date
Sahana Prasad
477bb5e652 - Upload new upstream sources without manually hobbling them.
- Remove the hobbling script as it is redundant. It is now allowed to ship
    the sources of patented EC curves, however it is still made unavailable to use
    by compiling with the 'no-ec2m' Configure option. The additional forbidden
    curves such as P-160, P-192, wap-tls curves are manually removed by updating
    0011-Remove-EC-curves.patch.
  - Apply the changes to ec_curve.c and  ectest.c as a new patch
    0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
  - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
  - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
┊   Resolves: rhbz#2130618, rhbz#2141672

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2023-03-21 14:21:41 +01:00
Dmitry Belyavskiy
194ef7464a Rebase to upstream version 3.0.8
Resolves: CVE-2022-4203
Resolves: CVE-2022-4304
Resolves: CVE-2022-4450
Resolves: CVE-2023-0215
Resolves: CVE-2023-0216
Resolves: CVE-2023-0217
Resolves: CVE-2023-0286
Resolves: CVE-2023-0401
2023-02-09 17:57:19 +01:00
Dmitry Belyavskiy
106fe8964c - Rebase to upstream version 3.0.7
Rebased to openssl-3.0.7 with corresponding minor bugfixes
- C99 compatibility in downstream-only 0032-Force-fips.patch
  Resolves: rhbz#2152504
- Adjusting include for the FIPS_mode macro
  Resolves: rhbz#2083876
2022-12-23 11:53:21 +01:00
Clemens Lang
32908974c2 Rebase to upstream version 3.0.5
Also fixes CVE-2022-2097, which only affects i686.

Related: rhbz#2099972
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-07-07 12:36:41 +02:00
Dmitry Belyavskiy
8a03afa13c Rebasing to OpenSSL 3.0.3
Resolves: rhbz#2091987
2022-06-01 17:29:35 +02:00
Dmitry Belyavskiy
a0bd929a42 Update to openssl 3.0.2
Related: rhbz#2064453
2022-03-18 10:41:13 +01:00
Sahana Prasad
347681c6b2 Rebase to upstream version 3.0.0
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-09-09 17:27:21 +02:00
Sahana Prasad
0f5f931f9a update to version 1.1.1k
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-03-26 07:37:03 +01:00
Sahana Prasad
b023ffe39f Upgrade to version 1.1.1.j
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-03-03 15:08:11 +01:00
Tomas Mraz
a07706cf0e Update to the 1.1.1i release fixing CVE-2020-1971 2020-12-09 10:49:38 +01:00
Sahana Prasad
3413ff9700 Upgrade to version 1.1.1h
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2020-11-09 10:41:15 +01:00
Tomas Mraz
5888d1863e update to the 1.1.1g release 2020-04-23 13:47:52 +02:00
Tomas Mraz
5004ccfb25 update to the 1.1.1f release 2020-04-07 16:50:53 +02:00
Tomas Mraz
c11b71fd2f update to the 1.1.1e release
add selftest of the RAND_DRBG implementation
fix incorrect error return value from FIPS_selftest_dsa
2020-03-19 17:44:25 +01:00
Tomas Mraz
f6a62c4c2c update to the 1.1.1d release 2019-09-13 17:25:44 +02:00
Tomas Mraz
31d61b19d5 update to the 1.1.1c release 2019-05-29 17:23:31 +02:00
Tomas Mraz
5cda1ca091 update to the 1.1.1b release
EVP_KDF API backport from master
SSH KDF implementation for EVP_KDF API backport from master
2019-02-28 17:01:40 +01:00
Tomas Mraz
301c642c7f update to the 1.1.1a release 2019-01-15 15:07:49 +01:00
Tomas Mraz
d2c08bab45 Upload the 1.1.1 sources 2018-09-13 09:45:00 +02:00
Tomas Mraz
62ec0f1fa9 update to the latest 1.1.1 beta version 2018-08-22 12:41:26 +02:00
Tomas Mraz
9189f03055 update to the latest 1.1.1 beta version 2018-07-25 18:15:19 +02:00
Tomas Mraz
6eb8f62027 update to upstream version 1.1.0h
Add Recommends for openssl-pkcs11
2018-03-29 15:44:09 +02:00
Tomas Mraz
8e2fdfb52a Uploaded 1.1.0g sources. 2017-11-03 17:07:20 +01:00
Tomas Mraz
1ff978b22e update to upstream version 1.1.0f
SRP and GOST is now allowed, note that GOST support requires
  adding GOST engine which is not part of openssl anymore
2017-06-02 15:32:15 +02:00
Tomas Mraz
c676ac32d5 update to upstream version 1.1.0e
add documentation of the PROFILE=SYSTEM special cipher string (#1420232)
2017-02-16 16:59:27 +01:00
Tomas Mraz
c144665042 update to upstream version 1.1.0d 2017-01-26 16:24:24 +01:00
Tomas Mraz
e443a79334 Add back EC NIST P-224 and revert SSL_read() change
- revert SSL_read() behavior change - patch from upstream (#1394677)
- EC curve NIST P-224 is now allowed, still kept disabled in TLS due
  to less than optimal security
2016-11-22 10:39:55 +01:00
Tomas Mraz
be56ae067b update to upstream version 1.1.0c 2016-11-11 14:47:36 +01:00
Tomas Mraz
510bcc2e3a update to upstream version 1.1.0b 2016-10-11 10:31:54 +02:00
Tomas Mraz
e8261d1b72 minor upstream release 1.0.2j fixing regression from previous release 2016-09-26 12:56:04 +02:00
Tomas Mraz
6e67274c62 minor upstream release 1.0.2i fixing security issues
- move man pages for perl based scripts to perl subpackage (#1377617)
2016-09-22 14:16:05 +02:00
Tomas Mraz
eeb6ac1a65 minor upstream release 1.0.2h fixing security issues 2016-05-03 18:23:18 +02:00
Tom Callaway
589d3ee15b enable RC5 with permission from Legal 2016-03-07 21:56:55 -06:00
Tomas Mraz
e7a0ff581f minor upstream release 1.0.2g fixing security issues 2016-03-01 17:22:06 +01:00
Tomas Mraz
1004dabcc6 minor upstream release 1.0.2f fixing security issues
- add support for MIPS secondary architecture
2016-01-28 17:12:09 +01:00
Tomas Mraz
4240ecaa1b minor upstream release 1.0.2e fixing moderate severity security issues
- enable fast assembler implementation for NIST P-256 and P-521
  elliptic curves (#1164210)
- filter out unwanted link options from the .pc files (#1257836)
2015-12-04 14:13:59 +01:00
Tomas Mraz
5675d07a14 minor upstream release 1.0.2d fixing a high severity security issue 2015-07-09 17:25:58 +02:00
Tomas Mraz
837dd04882 minor upstream release 1.0.2c fixing multiple security issues 2015-06-15 18:23:46 +02:00
Tomas Mraz
a1fb602a95 rebase to 1.0.2 branch 2015-04-23 13:57:26 +02:00
Tomas Mraz
7e7e3f299f new upstream release fixing multiple security issues 2015-01-09 10:54:51 +01:00
Tomas Mraz
0a961bb5e3 new upstream release fixing multiple security issues 2014-10-16 14:02:00 +02:00
Tomas Mraz
a78828f786 new upstream release fixing multiple moderate security issues
- for now disable only SSLv2 by default
2014-08-07 16:00:47 +02:00
Tomas Mraz
360a4bb67c new upstream release 1.0.1h 2014-06-05 15:05:17 +02:00
Tomas Mraz
0376d8368c new upstream release 1.0.1g
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty
2014-05-07 11:42:32 +02:00
Tomas Mraz
b3551463ca only ECC NIST Suite B curves support
- drop -fips subpackage
2013-10-16 14:37:51 +02:00
Tom Callaway
1f19ac14f9 resolve bugzilla 319901 (phew! only took 6 years & 9 days) 2013-10-15 02:08:35 +01:00
Tomas Mraz
dc696fdac4 new upstream version 2013-02-19 13:57:39 +01:00
Tomas Mraz
651215c12b new upstream version 2012-05-15 19:37:55 +02:00
Tomas Mraz
5eb4589d83 new upstream version 2012-04-26 18:10:52 +02:00
Tomas Mraz
e8c18345a4 new upstream version fixing CVE-2012-2110 2012-04-20 12:24:39 +02:00