1 -------------------------------------------------------------------
2 Sun Aug 19 23:38:32 UTC 2012 - crrodriguez@opensuse.org
4 - Open Internal file descriptors with O_CLOEXEC, leaving
5 those open across fork()..execve() makes a perfect
6 vector for a side-channel attack...
8 -------------------------------------------------------------------
9 Tue Aug 7 17:17:34 UTC 2012 - dmueller@suse.com
11 - fix build on armv5 (bnc#774710)
13 -------------------------------------------------------------------
14 Thu May 10 19:18:06 UTC 2012 - crrodriguez@opensuse.org
16 - Update to version 1.0.1c for the complete list of changes see
17 NEWS, this only list packaging changes.
18 - Drop aes-ni patch, no longer needed as it is builtin in openssl
20 - Define GNU_SOURCE and use -std=gnu99 to build the package.
21 - Use LFS_CFLAGS in platforms where it matters.
23 -------------------------------------------------------------------
24 Fri May 4 12:09:57 UTC 2012 - lnussel@suse.de
26 - don't install any demo or expired certs at all
28 -------------------------------------------------------------------
29 Mon Apr 23 05:57:35 UTC 2012 - gjhe@suse.com
31 - update to latest stable verison 1.0.0i
32 including the following patches:
34 Bug748738_Tolerate_bad_MIME_headers.patch
35 bug749213-Free-headers-after-use.patch
36 bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
41 -------------------------------------------------------------------
42 Tue Mar 27 09:16:37 UTC 2012 - gjhe@suse.com
44 - fix bug[bnc#749735] - Memory leak when creating public keys.
45 fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack
48 -------------------------------------------------------------------
49 Thu Mar 22 03:24:20 UTC 2012 - gjhe@suse.com
51 - fix bug[bnc#751946] - S/MIME verification may erroneously fail
54 -------------------------------------------------------------------
55 Wed Mar 21 02:44:41 UTC 2012 - gjhe@suse.com
57 - fix bug[bnc#749213]-Free headers after use in error message
58 and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
60 -------------------------------------------------------------------
61 Tue Mar 20 14:29:24 UTC 2012 - cfarrell@suse.com
63 - license update: OpenSSL
65 -------------------------------------------------------------------
66 Fri Feb 24 02:33:22 UTC 2012 - gjhe@suse.com
68 - fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
72 -------------------------------------------------------------------
73 Thu Feb 2 06:55:12 UTC 2012 - gjhe@suse.com
75 - Update to version 1.0.0g fix the following:
76 DTLS DoS attack (CVE-2012-0050)
78 -------------------------------------------------------------------
79 Wed Jan 11 05:35:18 UTC 2012 - gjhe@suse.com
81 - Update to version 1.0.0f fix the following:
82 DTLS Plaintext Recovery Attack (CVE-2011-4108)
83 Uninitialized SSL 3.0 Padding (CVE-2011-4576)
84 Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
85 SGC Restart DoS Attack (CVE-2011-4619)
86 Invalid GOST parameters DoS Attack (CVE-2012-0027)
88 -------------------------------------------------------------------
89 Tue Oct 18 16:43:50 UTC 2011 - crrodriguez@opensuse.org
91 - AES-NI: Check the return value of Engine_add()
92 if the ENGINE_add() call fails: it ends up adding a reference
93 to a freed up ENGINE which is likely to subsequently contain garbage
94 This will happen if an ENGINE with the same name is added multiple
95 times,for example different libraries. [bnc#720601]
97 -------------------------------------------------------------------
98 Sat Oct 8 21:36:58 UTC 2011 - crrodriguez@opensuse.org
100 - Build with -DSSL_FORBID_ENULL so servers are not
101 able to use the NULL encryption ciphers (Those offering no
102 encryption whatsoever).
104 -------------------------------------------------------------------
105 Wed Sep 7 14:29:41 UTC 2011 - crrodriguez@opensuse.org
107 - Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210
108 see http://openssl.org/news/secadv_20110906.txt for details.
110 -------------------------------------------------------------------
111 Sat Aug 6 00:33:47 UTC 2011 - crrodriguez@opensuse.org
113 - Add upstream patch that calls ENGINE_register_all_complete()
114 in ENGINE_load_builtin_engines() saving us from adding dozens
115 of calls to such function to calling applications.
117 -------------------------------------------------------------------
118 Fri Aug 5 19:09:42 UTC 2011 - crrodriguez@opensuse.org
120 - remove -fno-strict-aliasing from CFLAGS no longer needed
121 and is likely to slow down stuff.
123 -------------------------------------------------------------------
124 Mon Jul 25 19:07:32 UTC 2011 - jengelh@medozas.de
126 - Edit baselibs.conf to provide libopenssl-devel-32bit too
128 -------------------------------------------------------------------
129 Fri Jun 24 04:51:50 UTC 2011 - gjhe@novell.com
131 - update to latest stable version 1.0.0d.
132 patch removed(already in the new package):
135 ECDSA_signatures_timing_attack.patch
137 -------------------------------------------------------------------
138 Tue May 31 07:07:49 UTC 2011 - gjhe@novell.com
140 - fix bug[bnc#693027].
141 Add protection against ECDSA timing attacks as mentioned in the paper
142 by Billy Bob Brumley and Nicola Tuveri, see:
143 http://eprint.iacr.org/2011/232.pdf
144 [Billy Bob Brumley and Nicola Tuveri]
146 -------------------------------------------------------------------
147 Mon May 16 14:38:26 UTC 2011 - andrea@opensuse.org
149 - added openssl as dependency in the devel package
151 -------------------------------------------------------------------
152 Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com
154 - fix bug [bnc#670526]
155 CVE-2011-0014,OCSP stapling vulnerability
157 -------------------------------------------------------------------
158 Sat Jan 15 19:58:51 UTC 2011 - cristian.rodriguez@opensuse.org
160 - Add patch from upstream in order to support AES-NI instruction
161 set present on current Intel and AMD processors
163 -------------------------------------------------------------------
164 Mon Jan 10 11:45:27 CET 2011 - meissner@suse.de
166 - enable -DPURIFY to avoid valgrind errors.
168 -------------------------------------------------------------------
169 Thu Dec 9 07:04:32 UTC 2010 - gjhe@novell.com
171 - update to stable version 1.0.0c.
173 CVE-2010-1633_and_CVE-2010-0742.patch
178 -------------------------------------------------------------------
179 Thu Nov 18 07:53:12 UTC 2010 - gjhe@novell.com
181 - fix bug [bnc#651003]
184 -------------------------------------------------------------------
185 Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com
187 - fix bug [bnc#629905]
190 -------------------------------------------------------------------
191 Wed Jul 28 20:55:18 UTC 2010 - cristian.rodriguez@opensuse.org
193 - Exclude static libraries, see what breaks and fix that
196 -------------------------------------------------------------------
197 Wed Jun 30 08:47:39 UTC 2010 - jengelh@medozas.de
199 - fix two compile errors on SPARC
201 -------------------------------------------------------------------
202 Tue Jun 15 09:53:54 UTC 2010 - bg@novell.com
204 - -fstack-protector is not supported on hppa
206 -------------------------------------------------------------------
207 Fri Jun 4 07:11:28 UTC 2010 - gjhe@novell.com
213 -------------------------------------------------------------------
214 Mon May 31 03:06:39 UTC 2010 - gjhe@novell.com
216 - fix bnc #610223,change Configure to tell openssl to load engines
217 from /%{_lib} instead of %{_libdir}
219 -------------------------------------------------------------------
220 Mon May 10 16:11:54 UTC 2010 - aj@suse.de
222 - Do not compile in build time but use mtime of changes file instead.
223 This allows build-compare to identify that no changes have happened.
225 -------------------------------------------------------------------
226 Tue May 4 02:55:52 UTC 2010 - gjhe@novell.com
228 - build libopenssl to /%{_lib} dir,and keep only one
229 libopenssl-devel for new developping programs.
231 -------------------------------------------------------------------
232 Tue Apr 27 05:44:32 UTC 2010 - gjhe@novell.com
234 - build libopenssl and libopenssl-devel to a version directory
236 -------------------------------------------------------------------
237 Sat Apr 24 09:46:37 UTC 2010 - coolo@novell.com
239 - buildrequire pkg-config to fix provides
241 -------------------------------------------------------------------
242 Wed Apr 21 13:54:15 UTC 2010 - lnussel@suse.de
244 - also create old certificate hash in /etc/ssl/certs for
245 compatibility with applications that still link against 0.9.8
247 -------------------------------------------------------------------
248 Mon Apr 12 16:12:08 CEST 2010 - meissner@suse.de
250 - Disable our own build targets, instead use the openSSL provided ones
251 as they are now good (or should be good at least).
253 - add -Wa,--noexecstack to the Configure call, this is the upstream
254 approved way to avoid exec-stack marking
256 -------------------------------------------------------------------
257 Mon Apr 12 04:57:17 UTC 2010 - gjhe@novell.com
260 Merge the following patches from 0.9.8k:
261 openssl-0.9.6g-alpha.diff
262 openssl-0.9.7f-ppc64.diff
263 openssl-0.9.8-flags-priority.dif
264 openssl-0.9.8-sparc.dif
265 openssl-allow-arch.diff
266 openssl-hppa-config.diff
268 -------------------------------------------------------------------
269 Fri Apr 9 11:42:51 CEST 2010 - meissner@suse.de
271 - fixed "exectuable stack" for libcrypto.so issue on i586 by
272 adjusting the assembler output during MMX builds.
274 -------------------------------------------------------------------
275 Wed Apr 7 14:08:05 CEST 2010 - meissner@suse.de
277 - Openssl is now partially converted to libdir usage upstream,
278 merge that in to fix lib64 builds.
280 -------------------------------------------------------------------
281 Thu Mar 25 02:18:22 UTC 2010 - gjhe@novell.com
283 - fix security bug [bnc#590833]
286 -------------------------------------------------------------------
287 Mon Mar 22 06:29:14 UTC 2010 - gjhe@novell.com
289 - update to version 0.9.8m
290 Merge the following patches from 0.9.8k:
293 openssl-0.9.6g-alpha.diff
294 openssl-0.9.7f-ppc64.diff
295 openssl-0.9.8-flags-priority.dif
296 openssl-0.9.8-sparc.dif
297 openssl-allow-arch.diff
298 openssl-hppa-config.diff
300 -------------------------------------------------------------------
301 Fri Feb 5 01:24:55 UTC 2010 - jengelh@medozas.de
303 - build openssl for sparc64
305 -------------------------------------------------------------------
306 Mon Dec 14 16:11:11 CET 2009 - jengelh@medozas.de
308 - add baselibs.conf as a source
309 - package documentation as noarch
311 -------------------------------------------------------------------
312 Tue Nov 3 19:09:35 UTC 2009 - coolo@novell.com
314 - updated patches to apply with fuzz=0
316 -------------------------------------------------------------------
317 Tue Sep 1 10:21:16 CEST 2009 - gjhe@novell.com
319 - fix Bug [bnc#526319]
321 -------------------------------------------------------------------
322 Wed Aug 26 11:24:16 CEST 2009 - coolo@novell.com
324 - use %patch0 for Patch0
326 -------------------------------------------------------------------
327 Fri Jul 3 11:53:48 CEST 2009 - gjhe@novell.com
329 - update to version 0.9.8k
330 - patches merged upstream:
331 openssl-CVE-2008-5077.patch
332 openssl-CVE-2009-0590.patch
333 openssl-CVE-2009-0591.patch
334 openssl-CVE-2009-0789.patch
335 openssl-CVE-2009-1377.patch
336 openssl-CVE-2009-1378.patch
337 openssl-CVE-2009-1379.patch
338 openssl-CVE-2009-1386.patch
339 openssl-CVE-2009-1387.patch
341 -------------------------------------------------------------------
342 Tue Jun 30 05:17:26 CEST 2009 - gjhe@novell.com
344 - fix security bug [bnc#509031]
348 -------------------------------------------------------------------
349 Tue Jun 30 05:16:39 CEST 2009 - gjhe@novell.com
351 - fix security bug [bnc#504687]
356 -------------------------------------------------------------------
357 Wed Apr 15 12:28:29 CEST 2009 - gjhe@suse.de
359 - fix security bug [bnc#489641]
364 -------------------------------------------------------------------
365 Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
367 - obsolete old -XXbit packages (bnc#437293)
369 -------------------------------------------------------------------
370 Thu Dec 18 08:15:12 CET 2008 - jshi@suse.de
372 - fix security bug [bnc#459468]
375 -------------------------------------------------------------------
376 Tue Dec 9 11:32:50 CET 2008 - xwhu@suse.de
378 - Disable optimization for s390x
380 -------------------------------------------------------------------
381 Mon Dec 8 12:12:14 CET 2008 - xwhu@suse.de
383 - Disable optimization of md4
385 -------------------------------------------------------------------
386 Mon Nov 10 10:22:04 CET 2008 - xwhu@suse.de
388 - Disable optimization of ripemd [bnc#442740]
390 -------------------------------------------------------------------
391 Tue Oct 14 09:08:47 CEST 2008 - xwhu@suse.de
393 - Passing string as struct cause openssl segment-fault [bnc#430141]
395 -------------------------------------------------------------------
396 Wed Jul 16 12:02:37 CEST 2008 - mkoenig@suse.de
398 - do not require openssl-certs, but rather recommend it
399 to avoid dependency cycle [bnc#408865]
401 -------------------------------------------------------------------
402 Wed Jul 9 12:53:27 CEST 2008 - mkoenig@suse.de
404 - remove the certs subpackage from the openssl package
405 and move the CA root certificates into a package of its own
407 -------------------------------------------------------------------
408 Tue Jun 24 09:09:04 CEST 2008 - mkoenig@suse.de
410 - update to version 0.9.8h
411 - openssl does not ship CA root certificates anymore
412 keep certificates that SuSE is already shipping
413 - resolves bad array index (function has been removed) [bnc#356549]
415 openssl-0.9.8g-fix_dh_for_certain_moduli.patch
416 openssl-CVE-2008-0891.patch
417 openssl-CVE-2008-1672.patch
419 -------------------------------------------------------------------
420 Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de
422 - fix OpenSSL Server Name extension crash (CVE-2008-0891)
423 and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
426 -------------------------------------------------------------------
427 Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de
431 -------------------------------------------------------------------
432 Tue Apr 22 14:39:35 CEST 2008 - mkoenig@suse.de
434 - add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]
436 -------------------------------------------------------------------
437 Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
439 - added baselibs.conf file to build xxbit packages
442 -------------------------------------------------------------------
443 Mon Nov 5 14:27:06 CET 2007 - mkoenig@suse.de
445 - fix Diffie-Hellman failure with certain prime lengths
447 -------------------------------------------------------------------
448 Mon Oct 22 15:00:21 CEST 2007 - mkoenig@suse.de
450 - update to version 0.9.8g:
451 * fix some bugs introduced with 0.9.8f
453 -------------------------------------------------------------------
454 Mon Oct 15 11:17:14 CEST 2007 - mkoenig@suse.de
456 - update to version 0.9.8f:
457 * fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
458 - patches merged upstream:
459 openssl-0.9.8-key_length.patch
460 openssl-CVE-2007-3108-bug296511
461 openssl-CVE-2007-5135.patch
463 openssl-gcc42_b.patch
464 openssl-s390-config.diff
466 -------------------------------------------------------------------
467 Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de
469 - fix buffer overflow CVE-2007-5135 [#329208]
471 -------------------------------------------------------------------
472 Wed Sep 5 11:39:26 CEST 2007 - mkoenig@suse.de
474 - fix another gcc 4.2 build problem [#307669]
476 -------------------------------------------------------------------
477 Fri Aug 3 14:17:27 CEST 2007 - coolo@suse.de
479 - provide the version obsoleted (#293401)
481 -------------------------------------------------------------------
482 Wed Aug 1 18:01:45 CEST 2007 - werner@suse.de
484 - Add patch from CVS for RSA key reconstruction vulnerability
485 (CVE-2007-3108, VU#724968, bug #296511)
487 -------------------------------------------------------------------
488 Thu May 24 16:18:50 CEST 2007 - mkoenig@suse.de
490 - fix build with gcc-4.2
492 - do not install example scripts with executable permissions
494 -------------------------------------------------------------------
495 Mon Apr 30 01:32:44 CEST 2007 - ro@suse.de
499 -------------------------------------------------------------------
500 Fri Apr 27 15:25:13 CEST 2007 - mkoenig@suse.de
502 - Do not use dots in package name
503 - explicitly build with gcc-4.1 because of currently unresolved
504 failures with gcc-4.2
506 -------------------------------------------------------------------
507 Wed Apr 25 12:32:44 CEST 2007 - mkoenig@suse.de
509 - Split/rename package to follow library packaging policy [#260219]
510 New package libopenssl0.9.8 containing shared libs
511 openssl-devel package renamed to libopenssl-devel
512 New package openssl-certs containing certificates
513 - add zlib-devel to Requires of devel package
514 - remove old Obsoletes and Conflicts
515 openssls (Last used Nov 2000)
516 ssleay (Last used 6.2)
518 -------------------------------------------------------------------
519 Mon Apr 23 11:17:57 CEST 2007 - mkoenig@suse.de
521 - Fix key length [#254905,#262477]
523 -------------------------------------------------------------------
524 Tue Mar 6 10:38:10 CET 2007 - mkoenig@suse.de
526 - update to version 0.9.8e:
527 * patches merged upstream:
528 openssl-CVE-2006-2940-fixup.patch
529 openssl-0.9.8d-padlock-static.patch
531 -------------------------------------------------------------------
532 Tue Jan 9 14:30:28 CET 2007 - mkoenig@suse.de
534 - fix PadLock support [#230823]
536 -------------------------------------------------------------------
537 Thu Nov 30 14:33:51 CET 2006 - mkoenig@suse.de
539 - enable fix for CVE-2006-2940 [#223040], SWAMP-ID 7198
541 -------------------------------------------------------------------
542 Mon Nov 6 18:35:10 CET 2006 - poeml@suse.de
544 - configure with 'zlib' instead of 'zlib-dynamic'. Build with the
545 latter, there are problems opening the libz when running on the
546 Via Epia or vmware platforms. [#213305]
548 -------------------------------------------------------------------
549 Wed Oct 4 15:07:55 CEST 2006 - poeml@suse.de
551 - add patch for the CVE-2006-2940 fix: the newly introduced limit
552 on DH modulus size could lead to a crash when exerted. [#208971]
553 Discovered and fixed after the 0.9.8d release.
555 -------------------------------------------------------------------
556 Fri Sep 29 18:37:01 CEST 2006 - poeml@suse.de
559 *) Introduce limits to prevent malicious keys being able to
560 cause a denial of service. (CVE-2006-2940)
561 *) Fix ASN.1 parsing of certain invalid structures that can result
562 in a denial of service. (CVE-2006-2937)
563 *) Fix buffer overflow in SSL_get_shared_ciphers() function.
565 *) Fix SSL client code which could crash if connecting to a
566 malicious SSLv2 server. (CVE-2006-4343)
567 *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
568 match only those. Before that, "AES256-SHA" would be interpreted
569 as a pattern and match "AES128-SHA" too (since AES128-SHA got
570 the same strength classification in 0.9.7h) as we currently only
571 have a single AES bit in the ciphersuite description bitmap.
572 That change, however, also applied to ciphersuite strings such as
573 "RC4-MD5" that intentionally matched multiple ciphersuites --
574 namely, SSL 2.0 ciphersuites in addition to the more common ones
575 from SSL 3.0/TLS 1.0.
576 So we change the selection algorithm again: Naming an explicit
577 ciphersuite selects this one ciphersuite, and any other similar
578 ciphersuite (same bitmap) from *other* protocol versions.
579 Thus, "RC4-MD5" again will properly select both the SSL 2.0
580 ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
581 Since SSL 2.0 does not have any ciphersuites for which the
582 128/256 bit distinction would be relevant, this works for now.
583 The proper fix will be to use different bits for AES128 and
584 AES256, which would have avoided the problems from the beginning;
585 however, bits are scarce, so we can only do this in a new release
586 (not just a patchlevel) when we can change the SSL_CIPHER
587 definition to split the single 'unsigned long mask' bitmap into
588 multiple values to extend the available space.
589 - not in mentioned in CHANGES: patch for CVE-2006-4339 corrected
592 -------------------------------------------------------------------
593 Fri Sep 8 20:33:40 CEST 2006 - schwab@suse.de
595 - Fix inverted logic.
597 -------------------------------------------------------------------
598 Wed Sep 6 17:56:08 CEST 2006 - poeml@suse.de
601 Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
602 *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
603 (CVE-2006-4339) [Ben Laurie and Google Security Team]
604 *) Add AES IGE and biIGE modes. [Ben Laurie]
605 *) Change the Unix randomness entropy gathering to use poll() when
606 possible instead of select(), since the latter has some
607 undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]
608 *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
609 treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
610 cannot be implicitly activated as part of, e.g., the "AES" alias.
611 However, please upgrade to OpenSSL 0.9.9[-dev] for
612 non-experimental use of the ECC ciphersuites to get TLS extension
613 support, which is required for curve and point format negotiation
614 to avoid potential handshake problems. [Bodo Moeller]
615 *) Disable rogue ciphersuites:
616 - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
617 - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
618 - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
619 The latter two were purportedly from
620 draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
622 Also deactive the remaining ciphersuites from
623 draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
624 unofficial, and the ID has long expired. [Bodo Moeller]
625 *) Fix RSA blinding Heisenbug (problems sometimes occured on
626 dual-core machines) and other potential thread-safety issues.
628 *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
629 versions), which is now available for royalty-free use
630 (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
631 Also, add Camellia TLS ciphersuites from RFC 4132.
632 To minimize changes between patchlevels in the OpenSSL 0.9.8
633 series, Camellia remains excluded from compilation unless OpenSSL
634 is configured with 'enable-camellia'. [NTT]
635 *) Disable the padding bug check when compression is in use. The padding
636 bug check assumes the first packet is of even length, this is not
637 necessarily true if compresssion is enabled and can result in false
638 positives causing handshake failure. The actual bug test is ancient
639 code so it is hoped that implementations will either have fixed it by
640 now or any which still have the bug do not support compression.
642 Changes between 0.9.8a and 0.9.8b [04 May 2006]
643 *) When applying a cipher rule check to see if string match is an explicit
644 cipher suite and only match that one cipher suite if it is. [Steve Henson]
645 *) Link in manifests for VC++ if needed. [Austin Ziegler <halostatue@gmail.com>]
646 *) Update support for ECC-based TLS ciphersuites according to
647 draft-ietf-tls-ecc-12.txt with proposed changes (but without
648 TLS extensions, which are supported starting with the 0.9.9
649 branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila]
650 *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
651 opaque EVP_CIPHER_CTX handling. [Steve Henson]
652 *) Fixes and enhancements to zlib compression code. We now only use
653 "zlib1.dll" and use the default __cdecl calling convention on Win32
654 to conform with the standards mentioned here:
655 http://www.zlib.net/DLL_FAQ.txt
656 Static zlib linking now works on Windows and the new --with-zlib-include
657 --with-zlib-lib options to Configure can be used to supply the location
658 of the headers and library. Gracefully handle case where zlib library
659 can't be loaded. [Steve Henson]
660 *) Several fixes and enhancements to the OID generation code. The old code
661 sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
662 handle numbers larger than ULONG_MAX, truncated printing and had a
663 non standard OBJ_obj2txt() behaviour. [Steve Henson]
664 *) Add support for building of engines under engine/ as shared libraries
665 under VC++ build system. [Steve Henson]
666 *) Corrected the numerous bugs in the Win32 path splitter in DSO.
667 Hopefully, we will not see any false combination of paths any more.
669 - enable Camellia cipher. There is a royalty free license to the
670 patents, see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html.
671 NOTE: the license forbids patches to the cipher.
672 - build with zlib-dynamic and add zlib-devel to BuildRequires.
673 Allows compression of data in TLS, although few application would
674 actually use it since there is no standard for negotiating the
675 compression method. The only one I know if is stunnel.
677 -------------------------------------------------------------------
678 Fri Jun 2 15:00:58 CEST 2006 - poeml@suse.de
680 - fix built-in ENGINESDIR for 64 bit architectures. We change only
681 the builtin search path for engines, not the path where engines
682 are packaged. Path can be overridden with the OPENSSL_ENGINES
683 environment variable. [#179094]
685 -------------------------------------------------------------------
686 Wed Jan 25 21:30:41 CET 2006 - mls@suse.de
688 - converted neededforbuild to BuildRequires
690 -------------------------------------------------------------------
691 Mon Jan 16 13:13:13 CET 2006 - mc@suse.de
693 - fix build problems on s390x (openssl-s390-config.diff)
694 - build with -fstack-protector
696 -------------------------------------------------------------------
697 Mon Nov 7 16:30:49 CET 2005 - dmueller@suse.de
699 - build with non-executable stack
701 -------------------------------------------------------------------
702 Thu Oct 20 17:37:47 CEST 2005 - poeml@suse.de
704 - fix unguarded free() which can cause a segfault in the ca
705 commandline app [#128655]
707 -------------------------------------------------------------------
708 Thu Oct 13 15:10:28 CEST 2005 - poeml@suse.de
710 - add Geotrusts Equifax Root1 CA certificate, which needed to
711 verify the authenticity of you.novell.com [#121966]
713 -------------------------------------------------------------------
714 Tue Oct 11 15:34:07 CEST 2005 - poeml@suse.de
717 *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
718 (part of SSL_OP_ALL). This option used to disable the
719 countermeasure against man-in-the-middle protocol-version
720 rollback in the SSL 2.0 server implementation, which is a bad
721 idea. (CAN-2005-2969)
722 *) Add two function to clear and return the verify parameter flags.
723 *) Keep cipherlists sorted in the source instead of sorting them at
724 runtime, thus removing the need for a lock.
725 *) Avoid some small subgroup attacks in Diffie-Hellman.
726 *) Add functions for well-known primes.
727 *) Extended Windows CE support.
728 *) Initialize SSL_METHOD structures at compile time instead of during
729 runtime, thus removing the need for a lock.
730 *) Make PKCS7_decrypt() work even if no certificate is supplied by
731 attempting to decrypt each encrypted key in turn. Add support to
734 -------------------------------------------------------------------
735 Thu Sep 29 18:53:08 CEST 2005 - poeml@suse.de
738 see CHANGES file or http://www.openssl.org/news/changelog.html
740 - drop obsolete openssl-no-libc.diff
741 - disable libica patch until it has been ported
743 -------------------------------------------------------------------
744 Fri May 20 11:27:12 CEST 2005 - poeml@suse.de
746 - update to 0.9.7g. The significant changes are:
747 *) Fixes for newer kerberos headers. NB: the casts are needed because
748 the 'length' field is signed on one version and unsigned on another
749 with no (?) obvious way to tell the difference, without these VC++
750 complains. Also the "definition" of FAR (blank) is no longer included
751 nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
752 some needed definitions.
753 *) Added support for proxy certificates according to RFC 3820.
754 Because they may be a security thread to unaware applications,
755 they must be explicitely allowed in run-time. See
756 docs/HOWTO/proxy_certificates.txt for further information.
758 -------------------------------------------------------------------
759 Tue May 17 16:28:51 CEST 2005 - schwab@suse.de
761 - Include %cflags_profile_generate in ${CC} since it is required for
763 - Remove explicit reference to libc.
765 -------------------------------------------------------------------
766 Fri Apr 8 17:27:27 CEST 2005 - poeml@suse.de
768 - update to 0.9.7f. The most significant changes are:
769 o Several compilation issues fixed.
770 o Many memory allocation failure checks added.
771 o Improved comparison of X509 Name type.
772 o Mandatory basic checks on certificates.
773 o Performance improvements.
774 (for a complete list see http://www.openssl.org/source/exp/CHANGES)
775 - adjust openssl-0.9.7f-ppc64.diff
776 - drop obsolete openssl-0.9.7d-crl-default_md.dif [#55435]
778 -------------------------------------------------------------------
779 Tue Jan 4 16:47:02 CET 2005 - poeml@suse.de
782 *) Avoid a race condition when CRLs are checked in a multi
783 threaded environment. This would happen due to the reordering
784 of the revoked entries during signature checking and serial
785 number lookup. Now the encoding is cached and the serial
786 number sort performed under a lock. Add new STACK function
788 *) Add Delta CRL to the extension code.
789 *) Various fixes to s3_pkt.c so alerts are sent properly.
790 *) Reduce the chances of duplicate issuer name and serial numbers
791 (in violation of RFC3280) using the OpenSSL certificate
792 creation utilities. This is done by creating a random 64 bit
793 value for the initial serial number when a serial number file
794 is created or when a self signed certificate is created using
795 'openssl req -x509'. The initial serial number file is created
796 using 'openssl x509 -next_serial' in CA.pl rather than being
798 - remove obsolete patches
799 - fix openssl-0.9.7d-padlock-glue.diff and ICA patch to patch
800 Makefile, not Makefile.ssl
801 - fixup for spaces in names of man pages not needed now
802 - pack /usr/bin/openssl_fips_fingerprint
803 - in rpm post/postun script, run /sbin/ldconfig directly (the macro
806 -------------------------------------------------------------------
807 Mon Oct 18 15:03:28 CEST 2004 - poeml@suse.de
809 - don't install openssl.doxy file [#45210]
811 -------------------------------------------------------------------
812 Thu Jul 29 16:56:44 CEST 2004 - poeml@suse.de
814 - apply patch from CVS to fix segfault in S/MIME encryption
815 (http://cvs.openssl.org/chngview?cn=12081, regression in
816 openssl-0.9.7d) [#43386]
818 -------------------------------------------------------------------
819 Mon Jul 12 15:22:31 CEST 2004 - mludvig@suse.cz
821 - Updated VIA PadLock engine.
823 -------------------------------------------------------------------
824 Wed Jun 30 21:45:01 CEST 2004 - mludvig@suse.cz
826 - Updated openssl-0.9.7d-padlock-engine.diff with support for
827 AES192, AES256 and RNG.
829 -------------------------------------------------------------------
830 Tue Jun 15 16:18:36 CEST 2004 - poeml@suse.de
832 - update IBM ICA patch to last night's version. Fixes ibmca_init()
833 to reset ibmca_dso=NULL after calling DSO_free(), if the device
834 driver could not be loaded. The bug lead to a segfault triggered
835 by stunnel, which does autoload available engines [#41874]
836 - patch from CVS: make stack API more robust (return NULL for
837 out-of-range indexes). Fixes another possible segfault during
838 engine detection (could also triggered by stunnel)
839 - add patch from Michal Ludvig for VIA PadLock support
841 -------------------------------------------------------------------
842 Wed Jun 2 20:44:40 CEST 2004 - poeml@suse.de
844 - add root certificate for the ICP-Brasil CA [#41546]
846 -------------------------------------------------------------------
847 Thu May 13 19:53:48 CEST 2004 - poeml@suse.de
849 - add patch to use default_md for CRLs too [#40435]
851 -------------------------------------------------------------------
852 Tue May 4 20:45:19 CEST 2004 - poeml@suse.de
854 - update ICA patch to apr292004 release [#39695]
856 -------------------------------------------------------------------
857 Thu Mar 18 13:47:09 CET 2004 - poeml@suse.de
860 o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
862 o Security: Fix null-pointer assignment in do_change_cipher_spec()
864 o Allow multiple active certificates with same subject in CA index
865 o Multiple X590 verification fixes
866 o Speed up HMAC and other operations
867 - remove the hunk from openssl-0.9.6d.dif that added NO_IDEA around
868 IDEA_128_CBC_WITH_MD5 in the global cipher list. Upstream now has
869 OPENSSL_NO_IDEA around it
870 - [#36386] fixed (broken generation of EVP_BytesToKey.3ssl from the
872 - permissions of lib/pkgconfig fixed
874 -------------------------------------------------------------------
875 Wed Feb 25 20:42:39 CET 2004 - poeml@suse.de
878 *) Fix various bugs revealed by running the NISCC test suite:
879 Stop out of bounds reads in the ASN1 code when presented with
880 invalid tags (CAN-2003-0543 and CAN-2003-0544).
881 Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
882 If verify callback ignores invalid public key errors don't try to check
883 certificate signature with the NULL public key.
884 *) New -ignore_err option in ocsp application to stop the server
885 exiting on the first error in a request.
886 *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
887 if the server requested one: as stated in TLS 1.0 and SSL 3.0
889 *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
890 extra data after the compression methods not only for TLS 1.0
891 but also for SSL 3.0 (as required by the specification).
892 *) Change X509_certificate_type() to mark the key as exported/exportable
893 when it's 512 *bits* long, not 512 bytes.
894 *) Change AES_cbc_encrypt() so it outputs exact multiple of
895 blocks during encryption.
896 *) Various fixes to base64 BIO and non blocking I/O. On write
897 flushes were not handled properly if the BIO retried. On read
898 data was not being buffered properly and had various logic bugs.
899 This also affects blocking I/O when the data being decoded is a
901 *) Various S/MIME bugfixes and compatibility changes:
902 output correct application/pkcs7 MIME type if
903 PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
904 Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
905 of files as .eml work). Correctly handle very long lines in MIME
908 quote: This version of the engine patch has updated error handling in
909 the DES/SHA code, and turns RSA blinding off for hardware
911 - filenames of some man pages contain spaces now. Replace them with
913 - fix compiler warnings in showciphers.c
914 - fix permissions of /usr/%_lib/pkgconfig
916 -------------------------------------------------------------------
917 Sat Jan 10 10:55:59 CET 2004 - adrian@suse.de
920 - remove unneeded PreRequires
922 -------------------------------------------------------------------
923 Tue Nov 18 14:07:53 CET 2003 - poeml@suse.de
925 - ditch annoying mail to root about moved locations [#31969]
927 -------------------------------------------------------------------
928 Wed Aug 13 22:30:13 CEST 2003 - poeml@suse.de
930 - enable profile feedback based optimizations (except AES which
932 - add -fno-strict-aliasing, due to warnings about code where
933 dereferencing type-punned pointers will break strict aliasing
934 - make a readlink function if readlink is not available
936 -------------------------------------------------------------------
937 Mon Aug 4 16:16:57 CEST 2003 - ro@suse.de
939 - fixed manpages symlinks
941 -------------------------------------------------------------------
942 Wed Jul 30 15:37:37 CEST 2003 - meissner@suse.de
944 - Fix Makefile to create pkgconfig file with lib64 on lib64 systems.
946 -------------------------------------------------------------------
947 Sun Jul 27 15:51:04 CEST 2003 - poeml@suse.de
949 - don't explicitely strip binaries since RPM handles it, and may
950 keep the stripped information somewhere
952 -------------------------------------------------------------------
953 Tue Jul 15 16:29:16 CEST 2003 - meissner@suse.de
955 - -DMD32_REG_T=int for ppc64 and s390x.
957 -------------------------------------------------------------------
958 Thu Jul 10 23:14:22 CEST 2003 - poeml@suse.de
960 - update ibm ICA patch to 20030708 release (libica-1.3)
962 -------------------------------------------------------------------
963 Mon May 12 23:27:07 CEST 2003 - poeml@suse.de
965 - package the openssl.pc file for pkgconfig
967 -------------------------------------------------------------------
968 Wed Apr 16 16:04:32 CEST 2003 - poeml@suse.de
970 - update to 0.9.7b. The most significant changes are:
971 o New library section OCSP.
972 o Complete rewrite of ASN1 code.
973 o CRL checking in verify code and openssl utility.
974 o Extension copying in 'ca' utility.
975 o Flexible display options in 'ca' utility.
976 o Provisional support for international characters with UTF8.
977 o Support for external crypto devices ('engine') is no longer
978 a separate distribution.
979 o New elliptic curve library section.
980 o New AES (Rijndael) library section.
981 o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
982 Linux x86_64, Linux 64-bit on Sparc v9
983 o Extended support for some platforms: VxWorks
984 o Enhanced support for shared libraries.
985 o Now only builds PIC code when shared library support is requested.
986 o Support for pkg-config.
987 o Lots of new manuals.
988 o Makes symbolic links to or copies of manuals to cover all described
990 o Change DES API to clean up the namespace (some applications link also
991 against libdes providing similar functions having the same name).
992 Provide macros for backward compatibility (will be removed in the
994 o Unify handling of cryptographic algorithms (software and engine)
995 to be available via EVP routines for asymmetric and symmetric ciphers.
996 o NCONF: new configuration handling routines.
997 o Change API to use more 'const' modifiers to improve error checking
999 o Finally remove references to RSAref.
1000 o Reworked parts of the BIGNUM code.
1001 o Support for new engines: Broadcom ubsec, Accelerated Encryption
1002 Processing, IBM 4758.
1003 o A few new engines added in the demos area.
1004 o Extended and corrected OID (object identifier) table.
1005 o PRNG: query at more locations for a random device, automatic query for
1006 EGD style random sources at several locations.
1007 o SSL/TLS: allow optional cipher choice according to server's preference.
1008 o SSL/TLS: allow server to explicitly set new session ids.
1009 o SSL/TLS: support Kerberos cipher suites (RFC2712).
1010 Only supports MIT Kerberos for now.
1011 o SSL/TLS: allow more precise control of renegotiations and sessions.
1012 o SSL/TLS: add callback to retrieve SSL/TLS messages.
1013 o SSL/TLS: support AES cipher suites (RFC3268).
1014 - adapt the ibmca patch
1015 - remove openssl-nocrypt.diff, openssl's crypt() vanished
1016 - configuration syntax has changed ($sys_id added before $lflags)
1018 -------------------------------------------------------------------
1019 Thu Feb 20 11:55:34 CET 2003 - poeml@suse.de
1021 - update to bugfix release 0.9.6i:
1022 - security fix: In ssl3_get_record (ssl/s3_pkt.c), minimize
1023 information leaked via timing by performing a MAC computation
1024 even if incorrrect block cipher padding has been found. This
1025 is a countermeasure against active attacks where the attacker
1026 has to distinguish between bad padding and a MAC verification
1027 error. (CAN-2003-0078)
1028 - a few more small bugfixes (mainly missing assertions)
1030 -------------------------------------------------------------------
1031 Fri Dec 6 10:07:20 CET 2002 - poeml@suse.de
1033 - update to 0.9.6h (last release in the 0.9.6 series)
1034 o New configuration targets for Tandem OSS and A/UX.
1035 o New OIDs for Microsoft attributes.
1036 o Better handling of SSL session caching.
1037 o Better comparison of distinguished names.
1038 o Better handling of shared libraries in a mixed GNU/non-GNU environment.
1039 o Support assembler code with Borland C.
1040 o Fixes for length problems.
1041 o Fixes for uninitialised variables.
1042 o Fixes for memory leaks, some unusual crashes and some race conditions.
1043 o Fixes for smaller building problems.
1044 o Updates of manuals, FAQ and other instructive documents.
1045 - add a call to make depend
1046 - fix sed expression (lib -> lib64) to replace multiple occurences
1049 -------------------------------------------------------------------
1050 Mon Nov 4 13:16:09 CET 2002 - stepan@suse.de
1052 - fix openssl for alpha ev56 cpus
1054 -------------------------------------------------------------------
1055 Thu Oct 24 12:57:36 CEST 2002 - poeml@suse.de
1057 - own the /usr/share/ssl directory [#20849]
1058 - openssl-hppa-config.diff can be applied on all architectures
1060 -------------------------------------------------------------------
1061 Mon Sep 30 16:07:49 CEST 2002 - bg@suse.de
1063 - enable hppa distribution; use only pa1.1 architecture.
1065 -------------------------------------------------------------------
1066 Tue Sep 17 17:13:46 CEST 2002 - froh@suse.de
1068 - update ibm-hardware-crypto-patch to ibmca.patch-0.96e-2 (#18953)
1070 -------------------------------------------------------------------
1071 Mon Aug 12 18:34:58 CEST 2002 - poeml@suse.de
1073 - update to 0.9.6g and drop the now included ASN1 check patch.
1075 - Use proper error handling instead of 'assertions' in buffer
1076 overflow checks added in 0.9.6e. This prevents DoS (the
1077 assertions could call abort()).
1079 -------------------------------------------------------------------
1080 Fri Aug 9 19:49:59 CEST 2002 - kukuk@suse.de
1082 - Fix requires of openssl-devel subpackage
1084 -------------------------------------------------------------------
1085 Tue Aug 6 15:18:59 MEST 2002 - draht@suse.de
1087 - Correction for changes in the ASN1 code, assembled in
1088 openssl-0.9.6e-cvs-20020802-asn1_lib.diff
1090 -------------------------------------------------------------------
1091 Thu Aug 1 00:53:33 CEST 2002 - poeml@suse.de
1093 - update to 0.9.6e. Major changes:
1094 o Various security fixes (sanity checks to asn1_get_length(),
1095 various remote buffer overflows)
1096 o new option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, disabling the
1097 countermeasure against a vulnerability in the CBC ciphersuites
1098 in SSL 3.0/TLS 1.0 that was added in 0.9.6d which turned out to
1099 be incompatible with buggy SSL implementations
1100 - update ibmca crypto hardware patch (security issues fixed)
1101 - gcc 3.1 version detection is fixed, we can drop the patch
1102 - move the most used man pages from the -doc to the main package
1103 [#9913] and resolve man page conflicts by putting them into ssl
1105 - spec file: use PreReq for %post script
1107 -------------------------------------------------------------------
1108 Fri Jul 12 17:59:10 CEST 2002 - poeml@suse.de
1110 - update to 0.9.6d. Major changes:
1111 o Various SSL/TLS library bugfixes.
1112 o Fix DH parameter generation for 'non-standard' generators.
1113 Complete Changelog: http://www.openssl.org/news/changelog.html
1114 - supposed to fix a session caching failure occuring with postfix
1115 - simplify local configuration for the architectures
1116 - there's a new config variable: $shared_ldflag
1117 - use RPM_OPT_FLAGS in favor of predifined cflags by appending them
1119 - validate config data (config --check-sanity)
1120 - resolve file conflict of /usr/share/man/man1/openssl.1.gz [#15982]
1121 - move configuration to /etc/ssl [#14387]
1122 - mark openssl.cnf %config (noreplace)
1124 -------------------------------------------------------------------
1125 Sat Jul 6 20:28:56 CEST 2002 - schwab@suse.de
1127 - Include <crypt.h> to get crypt prototype.
1129 -------------------------------------------------------------------
1130 Fri Jul 5 08:51:16 CEST 2002 - kukuk@suse.de
1132 - Remove crypt prototype from des.h header file, too.
1134 -------------------------------------------------------------------
1135 Mon Jun 10 11:38:16 CEST 2002 - meissner@suse.de
1137 - enhanced ppc64 support (needs seperate config), reenabled make check
1139 -------------------------------------------------------------------
1140 Fri May 31 14:54:06 CEST 2002 - olh@suse.de
1142 - add ppc64 support, temporary disable make check
1144 -------------------------------------------------------------------
1145 Thu Apr 18 16:30:01 CEST 2002 - meissner@suse.de
1147 - fixed x86_64 build, added bc to needed_for_build (used by tests)
1149 -------------------------------------------------------------------
1150 Wed Apr 17 16:56:34 CEST 2002 - ro@suse.de
1152 - fixed gcc version determination
1153 - drop sun4c support/always use sparcv8
1154 - ignore return code from showciphers
1156 -------------------------------------------------------------------
1157 Fri Mar 15 16:54:44 CET 2002 - poeml@suse.de
1159 - add settings for sparc to build shared objects. Note that all
1160 sparcs (sun4[mdu]) are recognized as linux-sparcv7
1162 -------------------------------------------------------------------
1163 Wed Feb 6 14:23:44 CET 2002 - kukuk@suse.de
1165 - Remove crypt function from libcrypto.so.0 [Bug #13056]
1167 -------------------------------------------------------------------
1168 Sun Feb 3 22:32:16 CET 2002 - poeml@suse.de
1170 - add settings for mips to build shared objects
1171 - print out all settings to the build log
1173 -------------------------------------------------------------------
1174 Tue Jan 29 12:42:58 CET 2002 - poeml@suse.de
1178 o support for hardware crypto devices (Cryptographic Appliances,
1179 Broadcom, and Accelerated Encryption Processing)
1180 - add IBMCA patch for IBM eServer Cryptographic Accelerator Device
1181 Driver (#12565) (forward ported from 0.9.6b)
1182 (http://www-124.ibm.com/developerworks/projects/libica/)
1183 - tell Configure how to build shared libs for s390 and s390x
1184 - tweak Makefile.org to use %_libdir
1185 - clean up spec file
1186 - add README.SuSE as source file instead of in a patch
1188 -------------------------------------------------------------------
1189 Wed Dec 5 10:59:59 CET 2001 - uli@suse.de
1191 - disabled "make test" for ARM (destest segfaults, the other tests
1194 -------------------------------------------------------------------
1195 Wed Dec 5 02:39:16 CET 2001 - ro@suse.de
1197 - removed subpackage src
1199 -------------------------------------------------------------------
1200 Wed Nov 28 13:28:42 CET 2001 - uli@suse.de
1202 - needs -ldl on ARM, too
1204 -------------------------------------------------------------------
1205 Mon Nov 19 17:48:31 MET 2001 - mls@suse.de
1207 - made mips big endian, fixed shared library creation for mips
1209 -------------------------------------------------------------------
1210 Fri Aug 31 11:19:46 CEST 2001 - rolf@suse.de
1212 - added root certificates [BUG#9913]
1213 - move from /usr/ssh to /usr/share/ssl
1215 -------------------------------------------------------------------
1216 Wed Jul 18 10:27:54 CEST 2001 - rolf@suse.de
1219 - switch to engine version of openssl, which supports hardware
1220 encryption for a few popular devices
1221 - check wether shared libraries have been generated
1223 -------------------------------------------------------------------
1224 Thu Jul 5 15:06:03 CEST 2001 - rolf@suse.de
1226 - appliy PRNG security patch
1228 -------------------------------------------------------------------
1229 Tue Jun 12 10:52:34 EDT 2001 - bk@suse.de
1231 - added support for s390x
1233 -------------------------------------------------------------------
1234 Mon May 7 21:02:30 CEST 2001 - kukuk@suse.de
1236 - Fix building of shared libraries on SPARC, too.
1238 -------------------------------------------------------------------
1239 Mon May 7 11:36:53 MEST 2001 - rolf@suse.de
1241 - Fix ppc and s390 shared library builds
1242 - resolved conflict in manpage naming:
1243 rand.3 is now sslrand.3 [BUG#7643]
1245 -------------------------------------------------------------------
1246 Tue May 1 22:32:48 CEST 2001 - schwab@suse.de
1248 - Fix ia64 configuration.
1251 -------------------------------------------------------------------
1252 Thu Apr 26 03:17:52 CEST 2001 - bjacke@suse.de
1256 -------------------------------------------------------------------
1257 Wed Apr 18 12:56:48 CEST 2001 - kkaempf@suse.de
1259 - provide .so files in -devel package only
1261 -------------------------------------------------------------------
1262 Tue Apr 17 02:45:36 CEST 2001 - bjacke@suse.de
1264 - resolve file name conflict (#6966)
1266 -------------------------------------------------------------------
1267 Wed Mar 21 10:12:59 MET 2001 - rolf@suse.de
1269 - new subpackage openssl-src [BUG#6383]
1270 - added README.SuSE which explains where to find the man pages [BUG#6717]
1272 -------------------------------------------------------------------
1273 Fri Dec 15 18:09:16 CET 2000 - sf@suse.de
1275 - changed CFLAG to -O1 to make the tests run successfully
1277 -------------------------------------------------------------------
1278 Mon Dec 11 13:33:55 CET 2000 - rolf@suse.de
1280 - build openssl with no-idea and no-rc5 to meet US & RSA regulations
1281 - build with -fPIC on all platforms (especially IA64)
1283 -------------------------------------------------------------------
1284 Wed Nov 22 11:27:39 MET 2000 - rolf@suse.de
1286 - rename openssls to openssl-devel and add shared libs and header files
1287 - new subpackge openssl-doc for manpages and documentation
1290 -------------------------------------------------------------------
1291 Fri Oct 27 16:53:45 CEST 2000 - schwab@suse.de
1293 - Add link-time links for libcrypto and libssl.
1294 - Make sure that LD_LIBRARY_PATH is passed down to sub-makes.
1296 -------------------------------------------------------------------
1297 Mon Oct 2 17:33:07 MEST 2000 - rolf@suse.de
1301 -------------------------------------------------------------------
1302 Mon Apr 10 23:04:15 CEST 2000 - bk@suse.de
1304 - fix support for s390-linux
1306 -------------------------------------------------------------------
1307 Mon Apr 10 18:01:46 MEST 2000 - rolf@suse.de
1309 - new version 0.9.5a
1311 -------------------------------------------------------------------
1312 Sun Apr 9 02:51:42 CEST 2000 - bk@suse.de
1314 - add support for s390-linux
1316 -------------------------------------------------------------------
1317 Mon Mar 27 19:25:25 CEST 2000 - kukuk@suse.de
1319 - Use sparcv7 for SPARC
1321 -------------------------------------------------------------------
1322 Wed Mar 1 16:42:00 MET 2000 - rolf@suse.de
1324 - move manpages back, as too many conflict with system manuals
1326 -------------------------------------------------------------------
1327 Wed Mar 1 11:23:21 MET 2000 - rolf@suse.de
1329 - move manpages to %{_mandir}
1330 - include static libraries
1332 -------------------------------------------------------------------
1333 Wed Mar 1 02:52:17 CET 2000 - bk@suse.de
1335 - added subpackage source openssls, needed for ppp_ssl
1337 -------------------------------------------------------------------
1338 Tue Feb 29 12:50:48 MET 2000 - rolf@suse.de
1342 -------------------------------------------------------------------
1343 Thu Feb 24 15:43:38 CET 2000 - schwab@suse.de
1345 - add support for ia64-linux
1347 -------------------------------------------------------------------
1348 Mon Jan 31 13:05:59 CET 2000 - kukuk@suse.de
1350 - Create and add libcrypto.so.0 and libssl.so.0
1352 -------------------------------------------------------------------
1353 Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
1355 - ran old prepare_spec on spec file to switch to new prepare_spec.
1357 -------------------------------------------------------------------
1358 Wed Sep 1 12:30:08 MEST 1999 - rolf@suse.de
1362 -------------------------------------------------------------------
1363 Wed May 26 16:26:49 MEST 1999 - rolf@suse.de
1365 - new version 0.9.3 with new layout
1366 - alpha asm disabled by default now, no patch needed
1368 -------------------------------------------------------------------
1369 Thu May 20 09:38:09 MEST 1999 - ro@suse.de
1371 - disable asm for alpha: seems incomplete
1373 -------------------------------------------------------------------
1374 Mon May 17 17:43:34 MEST 1999 - rolf@suse.de
1376 - don't use -DNO_IDEA
1378 -------------------------------------------------------------------
1379 Wed May 12 16:10:03 MEST 1999 - rolf@suse.de
1381 - first version 0.9.2b