Blame SPECS/openssl098e.spec

c4366c
# For the curious:
c4366c
# 0.9.5a soversion = 0
c4366c
# 0.9.6 soversion = 1
c4366c
# 0.9.6a soversion = 2
c4366c
# 0.9.6c soversion = 3
c4366c
# 0.9.7a soversion = 4
c4366c
# 0.9.7ef soversion = 5
c4366c
# 0.9.8abe soversion = 6
c4366c
%define soversion 6
c4366c
c4366c
# Number of threads to spawn when testing some threading fixes.
c4366c
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
c4366c
c4366c
# Arches on which we need to prevent arch conflicts on opensslconf.h, must
c4366c
# also be handled in opensslconf-new.h.
c4366c
%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64
c4366c
c4366c
Summary: A compatibility version of a general cryptography and TLS library
c4366c
Name: openssl098e
c4366c
Version: 0.9.8e
f27bc9
Release: 29%{?dist}.3
c4366c
# The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball
c4366c
Source: openssl-fips-%{version}-usa.tar.bz2
c4366c
Source1: hobble-openssl
c4366c
Source8: openssl-thread-test.c
c4366c
Source9: opensslconf-new.h
c4366c
Source10: opensslconf-new-warning.h
c4366c
Source11: README.FIPS
c4366c
# Build changes
c4366c
Patch0: openssl-fips-0.9.8e-redhat.patch
c4366c
Patch1: openssl-0.9.8a-defaults.patch
c4366c
Patch2: openssl-0.9.8a-link-krb5.patch
c4366c
Patch3: openssl-0.9.8b-soversion.patch
c4366c
Patch4: openssl-fips-0.9.8e-enginesdir.patch
c4366c
Patch5: openssl-0.9.8a-no-rpath.patch
c4366c
Patch6: openssl-fips-0.9.8e-perlfind.patch
c4366c
Patch7: openssl-fips-0.9.8e-manfix.patch
c4366c
# Functionality changes
c4366c
Patch32: openssl-fips-0.9.8e-ia64.patch
c4366c
Patch34: openssl-0.9.6-x509.patch
c4366c
Patch35: openssl-0.9.7-beta5-version-add-engines.patch
c4366c
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
c4366c
Patch39: openssl-0.9.8b-ipv6-apps.patch
c4366c
Patch40: openssl-fips-0.9.8e-casts.patch
c4366c
Patch41: openssl-fips-0.9.8e-asm-sign.patch
c4366c
# Backported fixes including security fixes
c4366c
Patch61: openssl-0.9.8b-aliasing-bug.patch
c4366c
Patch62: openssl-0.9.8b-x509-name-cmp.patch
c4366c
Patch64: openssl-fips-0.9.8e-dtls-fixes.patch
c4366c
Patch65: openssl-0.9.8b-cve-2007-5135.patch
c4366c
Patch67: openssl-fips-0.9.8e-aescfb.patch
c4366c
Patch68: openssl-fips-0.9.8e-abi.patch
c4366c
Patch69: openssl-fips-0.9.8e-fipsmode.patch
c4366c
Patch70: openssl-fips-0.9.8e-bn-fixes.patch
c4366c
Patch71: openssl-fips-0.9.8e-use-fipscheck.patch
c4366c
Patch72: openssl-fips-0.9.8e-env-zlib.patch
c4366c
Patch73: openssl-fips-0.9.8e-default-paths.patch
c4366c
Patch74: openssl-fips-0.9.8e-evp-nonfips.patch
c4366c
Patch75: openssl-fips-0.9.8e-cve-2008-5077.patch
c4366c
Patch76: openssl-fips-0.9.8e-multi-crl.patch
c4366c
Patch77: openssl-fips-0.9.8e-no-pairwise.patch
c4366c
Patch78: openssl-fips-0.9.8e-rng-seed.patch
c4366c
Patch79: openssl-fips-0.9.8e-bad-mime.patch
c4366c
Patch80: openssl-fips-0.9.8e-cve-2009-0590.patch
c4366c
Patch81: openssl-fips-0.9.8e-dtls-dos.patch
c4366c
Patch82: openssl-fips-0.9.8e-algo-doc.patch
c4366c
Patch83: openssl-fips-0.9.8e-cve-2009-2409.patch
c4366c
Patch84: openssl-fips-0.9.8e-cve-2009-4355.patch
c4366c
Patch85: openssl-fips-0.9.8e-cve-2009-3555.patch
c4366c
Patch86: openssl-fips-0.9.8e-cve-2010-0433.patch
c4366c
Patch87: openssl-fips-0.9.8e-cve-2009-3245.patch
c4366c
Patch88: openssl-fips-0.9.8e-cve-2010-4180.patch
c4366c
Patch89: openssl-fips-0.9.8e-ssl-sha256.patch
c4366c
Patch90: openssl-fips-0.9.8e-ciph-sort.patch
c4366c
Patch91: openssl-fips-0.9.8e-apps-dgst.patch
c4366c
Patch92: openssl-fips-0.9.8e-tls-version.patch
c4366c
Patch93: openssl-fips-0.9.8e-chil-fixes.patch
c4366c
Patch94: openssl-fips-0.9.8e-dh-check.patch
c4366c
Patch95: openssl-fips-0.9.8e-sha2test.patch
c4366c
Patch96: openssl-fips-0.9.8e-apps-yesno.patch
c4366c
Patch97: openssl-fips-0.9.8e-dtls-fixes2.patch
c4366c
Patch98: openssl-fips-0.9.8e-cve-2011-4109.patch
c4366c
Patch99: openssl-fips-0.9.8e-cve-2011-4576.patch
c4366c
Patch100: openssl-fips-0.9.8e-cve-2011-4619.patch
c4366c
Patch101: openssl-fips-0.9.8e-cve-2012-0884.patch
c4366c
Patch102: openssl-fips-0.9.8e-cve-2012-1165.patch
c4366c
Patch103: openssl-fips-0.9.8e-cve-2012-2110.patch
c4366c
Patch104: openssl-fips-0.9.8e-cve-2012-2333.patch
c4366c
Patch105: openssl-fips-0.9.8e-secure-getenv.patch
c4366c
Patch106: openssl-fips-0.9.8e-cve-2013-0166.patch
c4366c
Patch107: openssl-fips-0.9.8e-cve-2013-0169.patch
c92cf8
Patch108: openssl-fips-0.9.8e-cve-2014-0224.patch
f27bc9
Patch122: openssl-fips-0.9.8e-cve-2015-0293.patch
f27bc9
Patch128: openssl-fips-0.9.8e-cve-2015-3197.patch
f27bc9
Patch129: openssl-fips-0.9.8e-disable-sslv2.patch
c4366c
c4366c
License: OpenSSL
c4366c
Group: System Environment/Libraries
c4366c
URL: http://www.openssl.org/
c4366c
BuildRoot: %{_tmppath}/%{name}-%{version}-root
c4366c
BuildRequires: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
c4366c
BuildRequires: /usr/bin/rename
c4366c
Requires: mktemp, ca-certificates >= 2008-5
c4366c
f27bc9
# for compatibility with previous versions, not needed for (and doesn't build
f27bc9
# on) newly added platforms
f27bc9
ExcludeArch: aarch64 ppc64le
f27bc9
c4366c
%description
c4366c
The OpenSSL toolkit provides support for secure communications between
c4366c
machines. OpenSSL includes a certificate management tool and shared
c4366c
libraries which provide various cryptographic algorithms and
c4366c
protocols. This version of OpenSSL package is provided for compatibility
f27bc9
with the previous Red Hat Enterprise Linux release.
c4366c
c4366c
c4366c
%prep
c4366c
%setup -q -n openssl-fips-%{version}
c4366c
c4366c
%{SOURCE1} > /dev/null
c4366c
%patch0 -p1 -b .redhat
c4366c
%patch1 -p1 -b .defaults
c4366c
# Fix link line for libssl (bug #111154).
c4366c
%patch2 -p1 -b .krb5
c4366c
%patch3 -p1 -b .soversion
c4366c
%patch4 -p1 -b .enginesdir
c4366c
%patch5 -p1 -b .no-rpath
c4366c
%patch6 -p1 -b .perlfind
c4366c
%patch7 -p1 -b .manfix
c4366c
c4366c
%patch32 -p1 -b .ia64
c4366c
%patch34 -p1 -b .x509
c4366c
%patch35 -p1 -b .version-add-engines
c4366c
%patch38 -p1 -b .cipher-change
c4366c
%patch39 -p1 -b .ipv6-apps
c4366c
%patch40 -p1 -b .casts
c4366c
%patch41 -p1 -b .sign
c4366c
c4366c
%patch61 -p1 -b .aliasing-bug
c4366c
%patch62 -p1 -b .name-cmp
c4366c
%patch64 -p1 -b .dtls-fixes
c4366c
%patch65 -p1 -b .shciphers
c4366c
%patch67 -p1 -b .aescfb
c4366c
%patch68 -p1 -b .abi
c4366c
%patch69 -p1 -b .fipsmode
c4366c
%patch70 -p1 -b .bn-fixes
c4366c
%patch71 -p1 -b .use-fipscheck
c4366c
%patch72 -p1 -b .env-zlib
c4366c
%patch73 -p1 -b .default-paths
c4366c
%patch74 -p1 -b .nonfips
c4366c
%patch75 -p1 -b .verifysig
c4366c
%patch76 -p1 -b .multi-crl
c4366c
%patch77 -p1 -b .no-pairwise
c4366c
%patch78 -p1 -b .rng-seed
c4366c
%patch79 -p1 -b .bad-mime
c4366c
%patch80 -p1 -b .bad-string
c4366c
%patch81 -p1 -b .dtls-dos
c4366c
%patch82 -p1 -b .algo-doc
c4366c
%patch83 -p1 -b .nomd2
c4366c
%patch84 -p1 -b .compleak
c4366c
%patch85 -p1 -b .reneg
c4366c
%patch86 -p1 -b .nullprinc
c4366c
%patch87 -p1 -b .wexpand
c4366c
%patch88 -p1 -b .disable-nsbug
c4366c
%patch89 -p1 -b .sha256
c4366c
%patch90 -p1 -b .sort
c4366c
%patch91 -p1 -b .dgst
c4366c
%patch92 -p1 -b .tlsver
c4366c
%patch93 -p1 -b .chil
c4366c
%patch94 -p1 -b .dh-check
c4366c
%patch95 -p1 -b .sha2test
c4366c
%patch96 -p1 -b .yesno
c4366c
%patch97 -p1 -b .dtls-fixes2
c4366c
%patch98 -p1 -b .doublefree
c4366c
%patch99 -p1 -b .padding
c4366c
%patch100 -p1 -b .sgc-dos
c4366c
%patch101 -p1 -b .cms-mma
c4366c
%patch102 -p1 -b .bad-mime2
c4366c
%patch103 -p1 -b .biobuf
c4366c
%patch104 -p1 -b .reclen
c4366c
%patch105 -p1 -b .secure-getenv
c4366c
%patch106 -p1 -b .ocsp-dos
c4366c
%patch107 -p1 -b .lucky13
c92cf8
%patch108 -p1 -b .keying-mitm
f27bc9
%patch122 -p1 -b .ssl2-assert
f27bc9
%patch128 -p1 -b .ssl2-ciphers
f27bc9
%patch129 -p1 -b .disable-sslv2
c4366c
c4366c
# Modify the various perl scripts to reference perl in the right location.
c4366c
perl util/perlpath.pl `dirname %{__perl}`
c4366c
c4366c
# Generate a table with the compile settings for my perusal.
c4366c
touch Makefile
c4366c
make TABLE PERL=%{__perl}
c4366c
c4366c
%build 
c4366c
# Figure out which flags we want to use.
c4366c
# default
c4366c
sslarch=%{_os}-%{_arch}
c4366c
%ifarch %ix86
c4366c
sslarch=linux-elf
c4366c
if ! echo %{_target} | grep -q i686 ; then
c4366c
	sslflags="no-asm 386"
c4366c
fi
c4366c
%endif
c4366c
%ifarch sparc
c4366c
sslarch=linux-sparcv9
c4366c
sslflags=no-asm
c4366c
%endif
c4366c
%ifarch alpha
c4366c
sslarch=linux-alpha-gcc
c4366c
%endif
c4366c
%ifarch s390
c4366c
# The -fno-regmove is a workaround for bug #199604
c4366c
sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM -march=z900 -fno-regmove"
c4366c
%endif
c4366c
%ifarch s390x
c4366c
sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
c4366c
%endif
c4366c
# ia64, x86_64, ppc, ppc64 are OK by default
c4366c
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
c4366c
# usable on all platforms.  The Configure script already knows to use -fPIC and
c4366c
# RPM_OPT_FLAGS, so we can skip specifiying them here.
c4366c
./Configure \
c4366c
	--prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
c4366c
	zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa \
c4366c
	--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl098e/engines \
c4366c
	--with-krb5-dir=/usr shared \
c4366c
	${sslarch} fipscanisterbuild
c4366c
c4366c
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
c4366c
# marked as not requiring an executable stack.
c4366c
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing"
c4366c
make depend
c4366c
make all
c4366c
c4366c
# Generate hashes for the included certs.
c4366c
make rehash
c4366c
c4366c
# Overwrite FIPS README
c4366c
cp -f %{SOURCE11} .
c4366c
c4366c
%check
c4366c
# Verify that what was compiled actually works.
c4366c
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
c4366c
export LD_LIBRARY_PATH
c4366c
make -C test apps tests
c4366c
%{__cc} -o openssl-thread-test \
c4366c
	`krb5-config --cflags` \
c4366c
	-I./include \
c4366c
	$RPM_OPT_FLAGS \
c4366c
	%{SOURCE8} \
c4366c
	-L. \
c4366c
	-lssl -lcrypto \
c4366c
	`krb5-config --libs` \
c4366c
	-lpthread -lz -ldl
c4366c
./openssl-thread-test --threads %{thread_test_threads}
c4366c
c4366c
# Add generation of HMAC checksum of the final stripped library
c4366c
%define __spec_install_post \
c4366c
	%{?__debug_package:%{__debug_install_post}} \
c4366c
	%{__arch_install_post} \
c4366c
	%{__os_install_post} \
c4366c
	fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
c4366c
	ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
c4366c
	fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
c4366c
	ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
c4366c
%{nil}
c4366c
c4366c
%install
c4366c
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
c4366c
# Install OpenSSL.
c4366c
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl098e}
c4366c
make INSTALL_PREFIX=$RPM_BUILD_ROOT install
c4366c
make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
c4366c
# OpenSSL install doesn't use correct _libdir on 64 bit archs
c4366c
[ "%{_libdir}" != /usr/lib ] && mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT%{_libdir}/
c4366c
mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl098e
c4366c
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
c4366c
rm -f $RPM_BUILD_ROOT/usr/lib/*.{a,so} || :
c4366c
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
c4366c
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
c4366c
	chmod 755 ${lib}
c4366c
	ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
c4366c
done
c4366c
c4366c
# Delete man pages in the compat package
c4366c
rm -rf $RPM_BUILD_ROOT%{_mandir}
c4366c
c4366c
# Delete configuration files
c4366c
rm -rf  $RPM_BUILD_ROOT%{_sysconfdir}/pki
c4366c
c4366c
# Remove devel stuff
c4366c
rm -rf $RPM_BUILD_ROOT/usr/lib/pkgconfig
c4366c
rm -rf $RPM_BUILD_ROOT/%{_includedir}
c4366c
c4366c
# Remove binaries
c4366c
rm -rf $RPM_BUILD_ROOT/%{_bindir}
c4366c
c4366c
%clean
c4366c
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
c4366c
c4366c
%files 
c4366c
%defattr(-,root,root)
c4366c
%doc FAQ LICENSE CHANGES NEWS INSTALL README
c4366c
%doc README.FIPS
c4366c
c4366c
%attr(0755,root,root) %{_libdir}/*.so.%{version}
c4366c
%attr(0755,root,root) %{_libdir}/*.so.%{soversion}
c4366c
%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
c4366c
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
c4366c
%dir %{_libdir}/openssl098e
c4366c
%attr(0755,root,root) %{_libdir}/openssl098e/engines
c4366c
c4366c
%post -p /sbin/ldconfig
c4366c
c4366c
%postun -p /sbin/ldconfig
c4366c
c4366c
%changelog
f27bc9
* Fri Mar  4 2016 Tomas Mraz <tmraz@redhat.com> 0.9.8e-29.3
f27bc9
- fix CVE-2015-0293 - triggerable assert in SSLv2 server
f27bc9
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
f27bc9
- disable SSLv2 in the generic TLS method
f3cd92
c92cf8
* Tue Jun  3 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-29.2
c92cf8
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
c92cf8
d22a40
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.9.8e-29
d22a40
- Mass rebuild 2014-01-24
d22a40
d22a40
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.9.8e-28
d22a40
- Mass rebuild 2013-12-27
d22a40
c4366c
* Wed Jul 17 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27
c4366c
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
c4366c
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
c4366c
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB
c4366c
  environment variable is set (fixes CVE-2012-4929 #857051)
c4366c
- use secure_getenv() everywhere instead of getenv() (#839735)
c4366c
c4366c
* Wed Jun 20 2012 Tomas Mraz <tmraz@redhat.com> 0.9.8e-26
c4366c
- merge fixes from the latest openssl-0.9.8e package
c4366c
c4366c
* Fri Apr 20 2012 Tomas Mraz <tmraz@redhat.com> 0.9.8e-18
c4366c
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
c4366c
c4366c
* Fri Apr 16 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-17
c4366c
- create compat package
c4366c
c4366c
* Fri Mar 12 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-16
c4366c
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
c4366c
c4366c
* Thu Mar  4 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-15
c4366c
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which
c4366c
  in the RHEL-5 and newer versions will crash in such case (#569774)
c4366c
c4366c
* Thu Feb 18 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-14
c4366c
- fix CVE-2009-3555 - support the safe renegotiation extension and
c4366c
  do not allow legacy renegotiation on the server by default (#533125)
c4366c
c4366c
* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-13
c4366c
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
c4366c
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data()
c4366c
  is called prematurely by application (#546707)
c4366c
c4366c
* Mon Jun 29 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8e-12
c4366c
- abort if selftests failed and random number generator is polled
c4366c
- mention EVP_aes and EVP_sha2xx routines in the manpages
c4366c
- add README.FIPS
c4366c
c4366c
* Thu May 21 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8e-10
c4366c
- fix CVE-2009-1386 CVE-2009-1387 (DTLS DoS problems)
c4366c
  (#503685, #503688)
c4366c
c4366c
* Thu May 21 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8e-9
c4366c
- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
c4366c
  (DTLS DoS problems) (#501253, #501254, #501572)
c4366c
c4366c
* Wed Apr 15 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8e-8
c4366c
- support multiple CRLs with same subject in a store (#457134)
c4366c
- fix CVE-2009-0590 - reject incorrectly encoded ASN.1 strings (#492304)
c4366c
- seed FIPS rng directly from kernel random device
c4366c
- do not require fipscheck to build the package (#475798)
c4366c
- call pairwise key tests in FIPS mode only (#479817)
c4366c
- do not crash when parsing bad mime data (#472440)
c4366c
c4366c
* Tue Dec 16 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-7
c4366c
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
c4366c
c4366c
* Fri Oct 31 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-6
c4366c
- allow lookup of algorithms in engine
c4366c
c4366c
* Fri Oct 24 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-5
c4366c
- implement the integrity checking inside libcrypto so OpenSSL
c4366c
  can be used in FIPS mode by the fipscheck library
c4366c
c4366c
* Thu Oct  9 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-4
c4366c
- FIPS mode kernel flag is /proc/sys/crypto/fips_enabled
c4366c
c4366c
* Wed Sep 10 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-3
c4366c
- disable strict aliasing
c4366c
c4366c
* Tue Sep  9 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-2
c4366c
- more changes for FIPS validation (#444800)
c4366c
- correctly initialize default CA paths (#450987)
c4366c
- allow disabling zlib support through environment (#442624)
c4366c
c4366c
* Tue Jul 15 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8e-1
c4366c
- rebase to version undergoing FIPS validation (#455634)
c4366c
c4366c
* Tue Jan 15 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8b-10
c4366c
- compile with -march=z900 on s390 for performance improvements (#250818)
c4366c
- make ssl session ID matching strict (#233599)
c4366c
c4366c
* Mon Oct  8 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-9
c4366c
- fix CVE-2007-3108 - side channel attack on private keys (#250581)
c4366c
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309881)
c4366c
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321221)
c4366c
c4366c
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8.3
c4366c
- the previous change still didn't make X509_NAME_cmp transitive
c4366c
c4366c
* Thu Nov 23 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8.2
c4366c
- make X509_NAME_cmp transitive otherwise certificate lookup
c4366c
  is broken (#216050)
c4366c
c4366c
* Fri Nov  3 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8.1
c4366c
- aliasing bug in engine loading, patch by IBM (#213216)
c4366c
c4366c
* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8
c4366c
- CVE-2006-2940 fix was incorrect (#208744)
c4366c
c4366c
* Mon Sep 25 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-7
c4366c
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
c4366c
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
c4366c
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
c4366c
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
c4366c
c4366c
* Tue Sep  5 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-6
c4366c
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
c4366c
c4366c
* Wed Aug  2 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-5
c4366c
- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)
c4366c
  patch by IBM
c4366c
c4366c
* Fri Jul 28 2006 Alexandre Oliva <aoliva@redhat.com> - 0.9.8b-4.1
c4366c
- rebuild with new binutils (#200330)
c4366c
c4366c
* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-4
c4366c
- add a temporary workaround for sha512 test failure on s390 (#199604)
c4366c
c4366c
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com>
c4366c
- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)
c4366c
- add patches for BN threadsafety, AES cache collision attack hazard fix and
c4366c
  pkcs7 code memleak fix from upstream CVS
c4366c
c4366c
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8b-3.1
c4366c
- rebuild
c4366c
c4366c
* Wed Jun 21 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-3
c4366c
- dropped libica and ica engine from build
c4366c
c4366c
* Wed Jun 21 2006 Joe Orton <jorton@redhat.com>
c4366c
- update to new CA bundle from mozilla.org; adds CA certificates
c4366c
  from netlock.hu and startcom.org
c4366c
c4366c
* Mon Jun  5 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-2
c4366c
- fixed a few rpmlint warnings
c4366c
- better fix for #173399 from upstream
c4366c
- upstream fix for pkcs12
c4366c
c4366c
* Thu May 11 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-1
c4366c
- upgrade to new version, stays ABI compatible
c4366c
- there is no more linux/config.h (it was empty anyway)
c4366c
c4366c
* Tue Apr  4 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8a-6
c4366c
- fix stale open handles in libica (#177155)
c4366c
- fix build if 'rand' or 'passwd' in buildroot path (#178782)
c4366c
- initialize VIA Padlock engine (#186857)
c4366c
c4366c
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8a-5.2
c4366c
- bump again for double-long bug on ppc(64)
c4366c
c4366c
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8a-5.1
c4366c
- rebuilt for new gcc4.1 snapshot and glibc changes
c4366c
c4366c
* Thu Dec 15 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-5
c4366c
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
c4366c
  in SSL_OP_ALL (#175779)
c4366c
c4366c
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
c4366c
- rebuilt
c4366c
c4366c
* Tue Nov 29 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-4
c4366c
- fix build (-lcrypto was erroneusly dropped) of the updated libica
c4366c
- updated ICA engine to 1.3.6-rc3
c4366c
c4366c
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-3
c4366c
- disable builtin compression methods for now until they work
c4366c
  properly (#173399)
c4366c
c4366c
* Wed Nov 16 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-2
c4366c
- don't set -rpath for openssl binary
c4366c
c4366c
* Tue Nov  8 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-1
c4366c
- new upstream version
c4366c
- patches partially renumbered
c4366c
c4366c
* Fri Oct 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-11
c4366c
- updated IBM ICA engine library and patch to latest upstream version
c4366c
c4366c
* Wed Oct 12 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-10
c4366c
- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which
c4366c
  disables the countermeasure against man in the middle attack in SSLv2
c4366c
  (#169863)
c4366c
- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)
c4366c
c4366c
* Tue Aug 23 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-9
c4366c
- add *.so.soversion as symlinks in /lib (#165264)
c4366c
- remove unpackaged symlinks (#159595)
c4366c
- fixes from upstream (constant time fixes for DSA,
c4366c
  bn assembler div on ppc arch, initialize memory on realloc)
c4366c
c4366c
* Thu Aug 11 2005 Phil Knirsch <pknirsch@redhat.com> 0.9.7f-8
c4366c
- Updated ICA engine IBM patch to latest upstream version.
c4366c
c4366c
* Thu May 19 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-7
c4366c
- fix CAN-2005-0109 - use constant time/memory access mod_exp
c4366c
  so bits of private key aren't leaked by cache eviction (#157631)
c4366c
- a few more fixes from upstream 0.9.7g
c4366c
c4366c
* Wed Apr 27 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-6
c4366c
- use poll instead of select in rand (#128285)
c4366c
- fix Makefile.certificate to point to /etc/pki/tls
c4366c
- change the default string mask in ASN1 to PrintableString+UTF8String
c4366c
c4366c
* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 0.9.7f-5
c4366c
- update to revision 1.37 of Mozilla CA bundle
c4366c
c4366c
* Thu Apr 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-4
c4366c
- move certificates to _sysconfdir/pki/tls (#143392)
c4366c
- move CA directories to _sysconfdir/pki/CA
c4366c
- patch the CA script and the default config so it points to the
c4366c
  CA directories
c4366c
c4366c
* Fri Apr  1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3
c4366c
- uninitialized variable mustn't be used as input in inline
c4366c
  assembly
c4366c
- reenable the x86_64 assembly again
c4366c
c4366c
* Thu Mar 31 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-2
c4366c
- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken
c4366c
- disable broken bignum assembly on x86_64
c4366c
c4366c
* Wed Mar 30 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-1
c4366c
- reenable optimizations on ppc64 and assembly code on ia64
c4366c
- upgrade to new upstream version (no soname bump needed)
c4366c
- disable thread test - it was testing the backport of the
c4366c
  RSA blinding - no longer needed
c4366c
- added support for changing serial number to 
c4366c
  Makefile.certificate (#151188)
c4366c
- make ca-bundle.crt a config file (#118903)
c4366c
c4366c
* Tue Mar  1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-3
c4366c
- libcrypto shouldn't depend on libkrb5 (#135961)
c4366c
c4366c
* Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-2
c4366c
- rebuild
c4366c
c4366c
* Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-1
c4366c
- new upstream source, updated patches
c4366c
- added patch so we are hopefully ABI compatible with upcoming
c4366c
  0.9.7f
c4366c
c4366c
* Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com>
c4366c
- Support UTF-8 charset in the Makefile.certificate (#134944)
c4366c
- Added cmp to BuildPrereq
c4366c
c4366c
* Thu Jan 27 2005 Joe Orton <jorton@redhat.com> 0.9.7a-46
c4366c
- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)
c4366c
c4366c
* Thu Dec 23 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-45
c4366c
- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)
c4366c
c4366c
* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-44
c4366c
- rebuild
c4366c
c4366c
* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-43
c4366c
- rebuild
c4366c
c4366c
* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-42
c4366c
- rebuild
c4366c
c4366c
* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-41
c4366c
- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)
c4366c
c4366c
* Tue Oct 05 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-40
c4366c
- Include latest libica version with important bugfixes
c4366c
c4366c
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
c4366c
- rebuilt
c4366c
c4366c
* Mon Jun 14 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-38
c4366c
- Updated ICA engine IBM patch to latest upstream version.
c4366c
c4366c
* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-37
c4366c
- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)
c4366c
c4366c
* Tue May 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-36
c4366c
- handle %%{_arch}=i486/i586/i686/athlon cases in the intermediate
c4366c
  header (#124303)
c4366c
c4366c
* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 0.9.7a-35
c4366c
- add security fixes for CAN-2004-0079, CAN-2004-0112
c4366c
c4366c
* Tue Mar 16 2004 Phil Knirsch <pknirsch@redhat.com>
c4366c
- Fixed libica filespec.
c4366c
c4366c
* Thu Mar 11 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-34
c4366c
- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix
c4366c
  the intermediate header
c4366c
c4366c
* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-33
c4366c
- add an intermediate <openssl/opensslconf.h> which points to the right
c4366c
  arch-specific opensslconf.h on multilib arches
c4366c
c4366c
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
c4366c
- rebuilt
c4366c
c4366c
* Thu Feb 26 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-32
c4366c
- Updated libica to latest upstream version 1.3.5.
c4366c
c4366c
* Tue Feb 17 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-31
c4366c
- Update ICA crypto engine patch from IBM to latest version.
c4366c
c4366c
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
c4366c
- rebuilt
c4366c
c4366c
* Fri Feb 13 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-29
c4366c
- rebuilt
c4366c
c4366c
* Wed Feb 11 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-28
c4366c
- Fixed libica build.
c4366c
c4366c
* Wed Feb  4 2004 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add "-ldl" to link flags added for Linux-on-ARM (#99313)
c4366c
c4366c
* Wed Feb  4 2004 Joe Orton <jorton@redhat.com> 0.9.7a-27
c4366c
- updated ca-bundle.crt: removed expired GeoTrust roots, added
c4366c
  freessl.com root, removed trustcenter.de Class 0 root
c4366c
c4366c
* Sun Nov 30 2003 Tim Waugh <twaugh@redhat.com> 0.9.7a-26
c4366c
- Fix link line for libssl (bug #111154).
c4366c
c4366c
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-25
c4366c
- add dependency on zlib-devel for the -devel package, which depends on zlib
c4366c
  symbols because we enable zlib for libssl (#102962)
c4366c
c4366c
* Fri Oct 24 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-24
c4366c
- Use /dev/urandom instead of PRNG for libica.
c4366c
- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c
c4366c
- Use latest ICA engine patch from IBM.
c4366c
c4366c
* Sat Oct  4 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22.1
c4366c
- rebuild
c4366c
c4366c
* Wed Oct  1 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22
c4366c
- rebuild (22 wasn't actually built, fun eh?)
c4366c
c4366c
* Tue Sep 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-23
c4366c
- re-disable optimizations on ppc64
c4366c
c4366c
* Tue Sep 30 2003 Joe Orton <jorton@redhat.com>
c4366c
- add a_mbstr.c fix for 64-bit platforms from CVS
c4366c
c4366c
* Tue Sep 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22
c4366c
- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged
c4366c
  as not needing executable stacks
c4366c
c4366c
* Mon Sep 29 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-21
c4366c
- rebuild
c4366c
c4366c
* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- re-enable optimizations on ppc64
c4366c
c4366c
* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- remove exclusivearch
c4366c
c4366c
* Wed Sep 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-20
c4366c
- only parse a client cert if one was requested
c4366c
- temporarily exclusivearch for %%{ix86}
c4366c
c4366c
* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)
c4366c
  and heap corruption (CAN-2003-0545)
c4366c
- update RHNS-CA-CERT files
c4366c
- ease back on the number of threads used in the threading test
c4366c
c4366c
* Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 0.9.7a-19
c4366c
- rebuild to fix gzipped file md5sums (#91211)
c4366c
c4366c
* Mon Aug 25 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-18
c4366c
- Updated libica to version 1.3.4.
c4366c
c4366c
* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-17
c4366c
- rebuild
c4366c
c4366c
* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10.9
c4366c
- free the kssl_ctx structure when we free an SSL structure (#99066)
c4366c
c4366c
* Fri Jul 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-16
c4366c
- rebuild
c4366c
c4366c
* Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-15
c4366c
- lower thread test count on s390x
c4366c
c4366c
* Tue Jul  8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-14
c4366c
- rebuild
c4366c
c4366c
* Thu Jun 26 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-13
c4366c
- disable assembly on arches where it seems to conflict with threading
c4366c
c4366c
* Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-12
c4366c
- Updated libica to latest upstream version 1.3.0
c4366c
c4366c
* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9.9
c4366c
- rebuild
c4366c
c4366c
* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-11
c4366c
- rebuild
c4366c
c4366c
* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10
c4366c
- ubsec: don't stomp on output data which might also be input data
c4366c
c4366c
* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9
c4366c
- temporarily disable optimizations on ppc64
c4366c
c4366c
* Mon Jun  9 2003 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- backport fix for engine-used-for-everything from 0.9.7b
c4366c
- backport fix for prng not being seeded causing problems, also from 0.9.7b
c4366c
- add a check at build-time to ensure that RSA is thread-safe
c4366c
- keep perlpath from stomping on the libica configure scripts
c4366c
c4366c
* Fri Jun  6 2003 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- thread-safety fix for RSA blinding
c4366c
c4366c
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> 0.9.7a-8
c4366c
- rebuilt
c4366c
c4366c
* Fri May 30 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-7
c4366c
- Added libica-1.2 to openssl (featurerequest).
c4366c
c4366c
* Wed Apr 16 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-6
c4366c
- fix building with incorrect flags on ppc64
c4366c
c4366c
* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-5
c4366c
- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's
c4366c
  attack (CAN-2003-0131)
c4366c
c4366c
* Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com>  0.9.7a-4
c4366c
- add patch to enable RSA blinding by default, closing a timing attack
c4366c
  (CAN-2003-0147)
c4366c
c4366c
* Wed Mar  5 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-3
c4366c
- disable use of BN assembly module on x86_64, but continue to allow inline
c4366c
  assembly (#83403)
c4366c
c4366c
* Thu Feb 27 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-2
c4366c
- disable EC algorithms
c4366c
c4366c
* Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-1
c4366c
- update to 0.9.7a
c4366c
c4366c
* Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-8
c4366c
- add fix to guard against attempts to allocate negative amounts of memory
c4366c
- add patch for CAN-2003-0078, fixing a timing attack
c4366c
c4366c
* Thu Feb 13 2003 Elliot Lee <sopwith@redhat.com> 0.9.7-7
c4366c
- Add openssl-ppc64.patch
c4366c
c4366c
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-6
c4366c
- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),
c4366c
  to get the right behavior when passed uninitialized context structures
c4366c
  (#83766)
c4366c
- build with -mcpu=ev5 on alpha family (#83828)
c4366c
c4366c
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
c4366c
- rebuilt
c4366c
c4366c
* Fri Jan 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7-4
c4366c
- Added IBM hw crypto support patch.
c4366c
c4366c
* Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add missing builddep on sed
c4366c
c4366c
* Thu Jan  9 2003 Bill Nottingham <notting@redhat.com> 0.9.7-3
c4366c
- debloat
c4366c
- fix broken manpage symlinks
c4366c
c4366c
* Wed Jan  8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-2
c4366c
- fix double-free in 'openssl ca'
c4366c
c4366c
* Fri Jan  3 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-1
c4366c
- update to 0.9.7 final
c4366c
c4366c
* Tue Dec 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-0
c4366c
- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)
c4366c
c4366c
* Wed Dec 11 2002 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)
c4366c
c4366c
* Tue Oct 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-30
c4366c
- add configuration stanza for x86_64 and use it on x86_64
c4366c
- build for linux-ppc on ppc
c4366c
- start running the self-tests again
c4366c
c4366c
* Wed Oct 02 2002 Elliot Lee <sopwith@redhat.com> 0.9.6b-29hammer.3
c4366c
- Merge fixes from previous hammer packages, including general x86-64 and
c4366c
  multilib
c4366c
c4366c
* Tue Aug  6 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-29
c4366c
- rebuild
c4366c
c4366c
* Thu Aug  1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
c4366c
- update asn patch to fix accidental reversal of a logic check
c4366c
c4366c
* Wed Jul 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
c4366c
- update asn patch to reduce chance that compiler optimization will remove
c4366c
  one of the added tests
c4366c
c4366c
* Wed Jul 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
c4366c
- rebuild
c4366c
c4366c
* Mon Jul 29 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
c4366c
- add patch to fix ASN.1 vulnerabilities
c4366c
c4366c
* Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
c4366c
- add backport of Ben Laurie's patches for OpenSSL 0.9.6d
c4366c
c4366c
* Wed Jul 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-23
c4366c
- own _datadir/ssl/misc
c4366c
c4366c
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
c4366c
- automated rebuild
c4366c
c4366c
* Sun May 26 2002 Tim Powers <timp@redhat.com>
c4366c
- automated rebuild
c4366c
c4366c
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-20
c4366c
- free ride through the build system (whee!)
c4366c
c4366c
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-19
c4366c
- rebuild in new environment
c4366c
c4366c
* Thu Apr  4 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-17, 0.9.6b-18
c4366c
- merge RHL-specific bits into stronghold package, rename
c4366c
c4366c
* Tue Apr 02 2002 Gary Benson <gbenson@redhat.com> stronghold-0.9.6c-2
c4366c
- add support for Chrysalis Luna token
c4366c
c4366c
* Tue Mar 26 2002 Gary Benson <gbenson@redhat.com>
c4366c
- disable AEP random number generation, other AEP fixes
c4366c
c4366c
* Fri Mar 15 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-15
c4366c
- only build subpackages on primary arches
c4366c
c4366c
* Thu Mar 14 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-13
c4366c
- on ia32, only disable use of assembler on i386
c4366c
- enable assembly on ia64
c4366c
c4366c
* Mon Jan  7 2002 Florian La Roche <Florian.LaRoche@redhat.de> 0.9.6b-11
c4366c
- fix sparcv9 entry
c4366c
c4366c
* Mon Jan  7 2002 Gary Benson <gbenson@redhat.com> stronghold-0.9.6c-1
c4366c
- upgrade to 0.9.6c
c4366c
- bump BuildArch to i686 and enable assembler on all platforms
c4366c
- synchronise with shrimpy and rawhide
c4366c
- bump soversion to 3
c4366c
c4366c
* Wed Oct 10 2001 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- delete BN_LLONG for s390x, patch from Oliver Paukstadt
c4366c
c4366c
* Mon Sep 17 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-9
c4366c
- update AEP driver patch
c4366c
c4366c
* Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- adjust RNG disabling patch to match version of patch from Broadcom
c4366c
c4366c
* Fri Sep  7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-8
c4366c
- disable the RNG in the ubsec engine driver
c4366c
c4366c
* Tue Aug 28 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-7
c4366c
- tweaks to the ubsec engine driver
c4366c
c4366c
* Fri Aug 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-6
c4366c
- tweaks to the ubsec engine driver
c4366c
c4366c
* Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-5
c4366c
- update ubsec engine driver from Broadcom
c4366c
c4366c
* Fri Aug 10 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-4
c4366c
- move man pages back to %%{_mandir}/man?/foo.?ssl from
c4366c
  %%{_mandir}/man?ssl/foo.?
c4366c
- add an [ engine ] section to the default configuration file
c4366c
c4366c
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add a patch for selecting a default engine in SSL_library_init()
c4366c
c4366c
* Mon Jul 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-3
c4366c
- add patches for AEP hardware support
c4366c
- add patch to keep trying when we fail to load a cert from a file and
c4366c
  there are more in the file
c4366c
- add missing prototype for ENGINE_ubsec() in engine_int.h
c4366c
c4366c
* Wed Jul 18 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-2
c4366c
- actually add hw_ubsec to the engine list
c4366c
c4366c
* Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add in the hw_ubsec driver from CVS
c4366c
c4366c
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-1
c4366c
- update to 0.9.6b
c4366c
c4366c
* Thu Jul  5 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- move .so symlinks back to %%{_libdir}
c4366c
c4366c
* Tue Jul  3 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- move shared libraries to /lib (#38410)
c4366c
c4366c
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- switch to engine code base
c4366c
c4366c
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add a script for creating dummy certificates
c4366c
- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?
c4366c
c4366c
* Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- add s390x support
c4366c
c4366c
* Fri Jun  1 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- change two memcpy() calls to memmove()
c4366c
- don't define L_ENDIAN on alpha
c4366c
c4366c
* Wed May 23 2001 Joe Orton <jorton@redhat.com> stronghold-0.9.6a-1
c4366c
- Add 'stronghold-' prefix to package names.
c4366c
- Obsolete standard openssl packages.
c4366c
c4366c
* Wed May 16 2001 Joe Orton <jorton@redhat.com>
c4366c
- Add BuildArch: i586 as per Nalin's advice.
c4366c
c4366c
* Tue May 15 2001 Joe Orton <jorton@redhat.com>
c4366c
- Enable assembler on ix86 (using new .tar.bz2 which does
c4366c
  include the asm directories).
c4366c
c4366c
* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- make subpackages depend on the main package
c4366c
c4366c
* Tue May  1 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- adjust the hobble script to not disturb symlinks in include/ (fix from
c4366c
  Joe Orton)
c4366c
c4366c
* Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- drop the m2crypo patch we weren't using
c4366c
c4366c
* Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- configure using "shared" as well
c4366c
c4366c
* Sun Apr  8 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- update to 0.9.6a
c4366c
- use the build-shared target to build shared libraries
c4366c
- bump the soversion to 2 because we're no longer compatible with
c4366c
  our 0.9.5a packages or our 0.9.6 packages
c4366c
- drop the patch for making rsatest a no-op when rsa null support is used
c4366c
- put all man pages into <section>ssl instead of <section>
c4366c
- break the m2crypto modules into a separate package
c4366c
c4366c
* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- use BN_LLONG on s390
c4366c
c4366c
* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)
c4366c
c4366c
* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- move c_rehash to the perl subpackage, because it's a perl script now
c4366c
c4366c
* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- update to 0.9.6
c4366c
- enable MD2
c4366c
- use the libcrypto.so and libssl.so targets to build shared libs with
c4366c
- bump the soversion to 1 because we're no longer compatible with any of
c4366c
  the various 0.9.5a packages circulating around, which provide lib*.so.0
c4366c
c4366c
* Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- change hobble-openssl for disabling MD2 again
c4366c
c4366c
* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
c4366c
  bytes or so, causing EVP_DigestInit() to zero out stack variables in
c4366c
  apps built against a version of the library without it
c4366c
c4366c
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- disable some inline assembly, which on x86 is Pentium-specific
c4366c
- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)
c4366c
c4366c
* Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- fix s390 patch
c4366c
c4366c
* Fri Dec 8 2000 Than Ngo <than@redhat.com>
c4366c
- added support s390
c4366c
c4366c
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
c4366c
- add the CA.pl man page to the perl subpackage
c4366c
c4366c
* Thu Nov  2 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- always build with -mcpu=ev5 on alpha
c4366c
c4366c
* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add a symlink from cert.pem to ca-bundle.crt
c4366c
c4366c
* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add a ca-bundle file for packages like Samba to reference for CA certificates
c4366c
c4366c
* Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)
c4366c
c4366c
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add unzip as a buildprereq (#17662)
c4366c
- update m2crypto to 0.05-snap4
c4366c
c4366c
* Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
c4366c
- fix some issues in building when it's not installed
c4366c
c4366c
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- make sure the headers we include are the ones we built with (aaaaarrgh!)
c4366c
c4366c
* Fri Sep  1 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- add Richard Henderson's patch for BN on ia64
c4366c
- clean up the changelog
c4366c
c4366c
* Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- fix the building of python modules without openssl-devel already installed
c4366c
c4366c
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- byte-compile python extensions without the build-root
c4366c
- adjust the makefile to not remove temporary files (like .key files when
c4366c
  building .csr files) by marking them as .PRECIOUS
c4366c
c4366c
* Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- break out python extensions into a subpackage
c4366c
c4366c
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- tweak the makefile some more
c4366c
c4366c
* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- disable MD2 support
c4366c
c4366c
* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- disable MDC2 support
c4366c
c4366c
* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- tweak the disabling of RC5, IDEA support
c4366c
- tweak the makefile
c4366c
c4366c
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- strip binaries and libraries
c4366c
- rework certificate makefile to have the right parts for Apache
c4366c
c4366c
* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- use %%{_perl} instead of /usr/bin/perl
c4366c
- disable alpha until it passes its own test suite
c4366c
c4366c
* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- move the passwd.1 man page out of the passwd package's way
c4366c
c4366c
* Fri Jun  2 2000 Nalin Dahyabhai <nalin@redhat.com>
c4366c
- update to 0.9.5a, modified for U.S.
c4366c
- add perl as a build-time requirement
c4366c
- move certificate makefile to another package
c4366c
- disable RC5, IDEA, RSA support
c4366c
- remove optimizations for now
c4366c
c4366c
* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- Bero told me to move the Makefile into this package
c4366c
c4366c
* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- add lib*.so symlinks to link dynamically against shared libs
c4366c
c4366c
* Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
c4366c
- update to 0.9.5
c4366c
- run ldconfig directly in post/postun
c4366c
- add FAQ
c4366c
c4366c
* Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
c4366c
- Fix build on non-x86 platforms
c4366c
c4366c
* Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
c4366c
- move /usr/share/ssl/* from -devel to main package
c4366c
c4366c
* Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
c4366c
- inital packaging
c4366c
- changes from base:
c4366c
  - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
c4366c
  - handle RPM_OPT_FLAGS