--------------------------------------------------------------------
-Sun Aug 19 23:38:32 UTC 2012 - crrodriguez@opensuse.org
+* Fri Jun 20 2014 John L. Whiteman <john.l.whiteman@intel.com> upstream/1.0.1h-13-g4429de1
+- Move openssl version from 1.0.1g to 1.0.1h for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 fixes
-- Open Internal file descriptors with O_CLOEXEC, leaving
- those open across fork()..execve() makes a perfect
- vector for a side-channel attack...
+* Thu Apr 10 2014 Michael Demeter <michael.demeter@intel.com> upstream/1.0.1g@357db8b
+- Move openssl version to 1.0.1g for CVE-2014-160 (Heartbleed)
--------------------------------------------------------------------
-Tue Aug 7 17:17:34 UTC 2012 - dmueller@suse.com
+* Fri Mar 22 2013 Anas Nashif <anas.nashif@intel.com> submit/trunk/20130318.194800@d92acdb
+- Fixed package groups
-- fix build on armv5 (bnc#774710)
+* Mon Mar 18 2013 Anas Nashif <anas.nashif@intel.com> submit/trunk/20121228.194701@641e3b2
+- Fixed package group
--------------------------------------------------------------------
-Thu May 10 19:18:06 UTC 2012 - crrodriguez@opensuse.org
+* Wed Nov 28 2012 Anas Nashif <anas.nashif@intel.com> upstream/1.0.1c@bc70029
+- remove patches
+- enable md2
+- Imported Upstream version 1.0.1c
-- Update to version 1.0.1c for the complete list of changes see
- NEWS, this only list packaging changes.
-- Drop aes-ni patch, no longer needed as it is builtin in openssl
- now.
-- Define GNU_SOURCE and use -std=gnu99 to build the package.
-- Use LFS_CFLAGS in platforms where it matters.
-
--------------------------------------------------------------------
-Fri May 4 12:09:57 UTC 2012 - lnussel@suse.de
-
-- don't install any demo or expired certs at all
-
--------------------------------------------------------------------
-Mon Apr 23 05:57:35 UTC 2012 - gjhe@suse.com
-
-- update to latest stable verison 1.0.0i
- including the following patches:
- CVE-2012-2110.path
- Bug748738_Tolerate_bad_MIME_headers.patch
- bug749213-Free-headers-after-use.patch
- bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
- CVE-2012-1165.patch
- CVE-2012-0884.patch
- bug749735.patch
-
--------------------------------------------------------------------
-Tue Mar 27 09:16:37 UTC 2012 - gjhe@suse.com
-
-- fix bug[bnc#749735] - Memory leak when creating public keys.
- fix bug[bnc#751977] - CMS and S/MIME Bleichenbacher attack
- CVE-2012-0884
-
--------------------------------------------------------------------
-Thu Mar 22 03:24:20 UTC 2012 - gjhe@suse.com
-
-- fix bug[bnc#751946] - S/MIME verification may erroneously fail
- CVE-2012-1165
-
--------------------------------------------------------------------
-Wed Mar 21 02:44:41 UTC 2012 - gjhe@suse.com
-
-- fix bug[bnc#749213]-Free headers after use in error message
- and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
-
--------------------------------------------------------------------
-Tue Mar 20 14:29:24 UTC 2012 - cfarrell@suse.com
-
-- license update: OpenSSL
-
--------------------------------------------------------------------
-Fri Feb 24 02:33:22 UTC 2012 - gjhe@suse.com
-
-- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
- asn1 parser.
- CVE-2006-7250
-
--------------------------------------------------------------------
-Thu Feb 2 06:55:12 UTC 2012 - gjhe@suse.com
-
-- Update to version 1.0.0g fix the following:
- DTLS DoS attack (CVE-2012-0050)
-
--------------------------------------------------------------------
-Wed Jan 11 05:35:18 UTC 2012 - gjhe@suse.com
-
-- Update to version 1.0.0f fix the following:
- DTLS Plaintext Recovery Attack (CVE-2011-4108)
- Uninitialized SSL 3.0 Padding (CVE-2011-4576)
- Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
- SGC Restart DoS Attack (CVE-2011-4619)
- Invalid GOST parameters DoS Attack (CVE-2012-0027)
-
--------------------------------------------------------------------
-Tue Oct 18 16:43:50 UTC 2011 - crrodriguez@opensuse.org
-
-- AES-NI: Check the return value of Engine_add()
- if the ENGINE_add() call fails: it ends up adding a reference
- to a freed up ENGINE which is likely to subsequently contain garbage
- This will happen if an ENGINE with the same name is added multiple
- times,for example different libraries. [bnc#720601]
-
--------------------------------------------------------------------
-Sat Oct 8 21:36:58 UTC 2011 - crrodriguez@opensuse.org
-
-- Build with -DSSL_FORBID_ENULL so servers are not
- able to use the NULL encryption ciphers (Those offering no
- encryption whatsoever).
-
--------------------------------------------------------------------
-Wed Sep 7 14:29:41 UTC 2011 - crrodriguez@opensuse.org
-
-- Update to openssl 1.0.0e fixes CVE-2011-3207 and CVE-2011-3210
- see http://openssl.org/news/secadv_20110906.txt for details.
-
--------------------------------------------------------------------
-Sat Aug 6 00:33:47 UTC 2011 - crrodriguez@opensuse.org
-
-- Add upstream patch that calls ENGINE_register_all_complete()
- in ENGINE_load_builtin_engines() saving us from adding dozens
- of calls to such function to calling applications.
-
--------------------------------------------------------------------
-Fri Aug 5 19:09:42 UTC 2011 - crrodriguez@opensuse.org
-
-- remove -fno-strict-aliasing from CFLAGS no longer needed
- and is likely to slow down stuff.
-
--------------------------------------------------------------------
-Mon Jul 25 19:07:32 UTC 2011 - jengelh@medozas.de
-
-- Edit baselibs.conf to provide libopenssl-devel-32bit too
-
--------------------------------------------------------------------
-Fri Jun 24 04:51:50 UTC 2011 - gjhe@novell.com
-
-- update to latest stable version 1.0.0d.
- patch removed(already in the new package):
- CVE-2011-0014
- patch added:
- ECDSA_signatures_timing_attack.patch
-
--------------------------------------------------------------------
-Tue May 31 07:07:49 UTC 2011 - gjhe@novell.com
-
-- fix bug[bnc#693027].
- Add protection against ECDSA timing attacks as mentioned in the paper
- by Billy Bob Brumley and Nicola Tuveri, see:
- http://eprint.iacr.org/2011/232.pdf
- [Billy Bob Brumley and Nicola Tuveri]
-
--------------------------------------------------------------------
-Mon May 16 14:38:26 UTC 2011 - andrea@opensuse.org
-
-- added openssl as dependency in the devel package
-
--------------------------------------------------------------------
-Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com
-
-- fix bug [bnc#670526]
- CVE-2011-0014,OCSP stapling vulnerability
-
--------------------------------------------------------------------
-Sat Jan 15 19:58:51 UTC 2011 - cristian.rodriguez@opensuse.org
-
-- Add patch from upstream in order to support AES-NI instruction
- set present on current Intel and AMD processors
-
--------------------------------------------------------------------
-Mon Jan 10 11:45:27 CET 2011 - meissner@suse.de
-
-- enable -DPURIFY to avoid valgrind errors.
-
--------------------------------------------------------------------
-Thu Dec 9 07:04:32 UTC 2010 - gjhe@novell.com
-
-- update to stable version 1.0.0c.
- patch included:
- CVE-2010-1633_and_CVE-2010-0742.patch
- patchset-19727.diff
- CVE-2010-2939.patch
- CVE-2010-3864.patch
-
--------------------------------------------------------------------
-Thu Nov 18 07:53:12 UTC 2010 - gjhe@novell.com
-
-- fix bug [bnc#651003]
- CVE-2010-3864
-
--------------------------------------------------------------------
-Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com
-
-- fix bug [bnc#629905]
- CVE-2010-2939
-
--------------------------------------------------------------------
-Wed Jul 28 20:55:18 UTC 2010 - cristian.rodriguez@opensuse.org
-
-- Exclude static libraries, see what breaks and fix that
- instead
-
--------------------------------------------------------------------
-Wed Jun 30 08:47:39 UTC 2010 - jengelh@medozas.de
-
-- fix two compile errors on SPARC
-
--------------------------------------------------------------------
-Tue Jun 15 09:53:54 UTC 2010 - bg@novell.com
-
-- -fstack-protector is not supported on hppa
-
--------------------------------------------------------------------
-Fri Jun 4 07:11:28 UTC 2010 - gjhe@novell.com
-
-- fix bnc #610642
- CVE-2010-0742
- CVE-2010-1633
-
--------------------------------------------------------------------
-Mon May 31 03:06:39 UTC 2010 - gjhe@novell.com
-
-- fix bnc #610223,change Configure to tell openssl to load engines
- from /%{_lib} instead of %{_libdir}
-
--------------------------------------------------------------------
-Mon May 10 16:11:54 UTC 2010 - aj@suse.de
-
-- Do not compile in build time but use mtime of changes file instead.
- This allows build-compare to identify that no changes have happened.
-
--------------------------------------------------------------------
-Tue May 4 02:55:52 UTC 2010 - gjhe@novell.com
-
-- build libopenssl to /%{_lib} dir,and keep only one
- libopenssl-devel for new developping programs.
-
--------------------------------------------------------------------
-Tue Apr 27 05:44:32 UTC 2010 - gjhe@novell.com
-
-- build libopenssl and libopenssl-devel to a version directory
-
--------------------------------------------------------------------
-Sat Apr 24 09:46:37 UTC 2010 - coolo@novell.com
-
-- buildrequire pkg-config to fix provides
-
--------------------------------------------------------------------
-Wed Apr 21 13:54:15 UTC 2010 - lnussel@suse.de
-
-- also create old certificate hash in /etc/ssl/certs for
- compatibility with applications that still link against 0.9.8
-
--------------------------------------------------------------------
-Mon Apr 12 16:12:08 CEST 2010 - meissner@suse.de
-
-- Disable our own build targets, instead use the openSSL provided ones
- as they are now good (or should be good at least).
-
-- add -Wa,--noexecstack to the Configure call, this is the upstream
- approved way to avoid exec-stack marking
-
--------------------------------------------------------------------
-Mon Apr 12 04:57:17 UTC 2010 - gjhe@novell.com
-
-- update to 1.0.0
- Merge the following patches from 0.9.8k:
- openssl-0.9.6g-alpha.diff
- openssl-0.9.7f-ppc64.diff
- openssl-0.9.8-flags-priority.dif
- openssl-0.9.8-sparc.dif
- openssl-allow-arch.diff
- openssl-hppa-config.diff
-
--------------------------------------------------------------------
-Fri Apr 9 11:42:51 CEST 2010 - meissner@suse.de
-
-- fixed "exectuable stack" for libcrypto.so issue on i586 by
- adjusting the assembler output during MMX builds.
-
--------------------------------------------------------------------
-Wed Apr 7 14:08:05 CEST 2010 - meissner@suse.de
-
-- Openssl is now partially converted to libdir usage upstream,
- merge that in to fix lib64 builds.
-
--------------------------------------------------------------------
-Thu Mar 25 02:18:22 UTC 2010 - gjhe@novell.com
-
-- fix security bug [bnc#590833]
- CVE-2010-0740
-
--------------------------------------------------------------------
-Mon Mar 22 06:29:14 UTC 2010 - gjhe@novell.com
-
-- update to version 0.9.8m
- Merge the following patches from 0.9.8k:
- bswap.diff
- non-exec-stack.diff
- openssl-0.9.6g-alpha.diff
- openssl-0.9.7f-ppc64.diff
- openssl-0.9.8-flags-priority.dif
- openssl-0.9.8-sparc.dif
- openssl-allow-arch.diff
- openssl-hppa-config.diff
-
--------------------------------------------------------------------
-Fri Feb 5 01:24:55 UTC 2010 - jengelh@medozas.de
-
-- build openssl for sparc64
-
--------------------------------------------------------------------
-Mon Dec 14 16:11:11 CET 2009 - jengelh@medozas.de
-
-- add baselibs.conf as a source
-- package documentation as noarch
-
--------------------------------------------------------------------
-Tue Nov 3 19:09:35 UTC 2009 - coolo@novell.com
-
-- updated patches to apply with fuzz=0
-
--------------------------------------------------------------------
-Tue Sep 1 10:21:16 CEST 2009 - gjhe@novell.com
-
-- fix Bug [bnc#526319]
-
--------------------------------------------------------------------
-Wed Aug 26 11:24:16 CEST 2009 - coolo@novell.com
-
-- use %patch0 for Patch0
-
--------------------------------------------------------------------
-Fri Jul 3 11:53:48 CEST 2009 - gjhe@novell.com
-
-- update to version 0.9.8k
-- patches merged upstream:
- openssl-CVE-2008-5077.patch
- openssl-CVE-2009-0590.patch
- openssl-CVE-2009-0591.patch
- openssl-CVE-2009-0789.patch
- openssl-CVE-2009-1377.patch
- openssl-CVE-2009-1378.patch
- openssl-CVE-2009-1379.patch
- openssl-CVE-2009-1386.patch
- openssl-CVE-2009-1387.patch
-
--------------------------------------------------------------------
-Tue Jun 30 05:17:26 CEST 2009 - gjhe@novell.com
-
-- fix security bug [bnc#509031]
- CVE-2009-1386
- CVE-2009-1387
-
--------------------------------------------------------------------
-Tue Jun 30 05:16:39 CEST 2009 - gjhe@novell.com
-
-- fix security bug [bnc#504687]
- CVE-2009-1377
- CVE-2009-1378
- CVE-2009-1379
-
--------------------------------------------------------------------
-Wed Apr 15 12:28:29 CEST 2009 - gjhe@suse.de
-
-- fix security bug [bnc#489641]
- CVE-2009-0590
- CVE-2009-0591
- CVE-2009-0789
-
--------------------------------------------------------------------
-Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
-
-- obsolete old -XXbit packages (bnc#437293)
-
--------------------------------------------------------------------
-Thu Dec 18 08:15:12 CET 2008 - jshi@suse.de
-
-- fix security bug [bnc#459468]
- CVE-2008-5077
-
--------------------------------------------------------------------
-Tue Dec 9 11:32:50 CET 2008 - xwhu@suse.de
-
-- Disable optimization for s390x
-
--------------------------------------------------------------------
-Mon Dec 8 12:12:14 CET 2008 - xwhu@suse.de
-
-- Disable optimization of md4
-
--------------------------------------------------------------------
-Mon Nov 10 10:22:04 CET 2008 - xwhu@suse.de
-
-- Disable optimization of ripemd [bnc#442740]
-
--------------------------------------------------------------------
-Tue Oct 14 09:08:47 CEST 2008 - xwhu@suse.de
-
-- Passing string as struct cause openssl segment-fault [bnc#430141]
-
--------------------------------------------------------------------
-Wed Jul 16 12:02:37 CEST 2008 - mkoenig@suse.de
-
-- do not require openssl-certs, but rather recommend it
- to avoid dependency cycle [bnc#408865]
-
--------------------------------------------------------------------
-Wed Jul 9 12:53:27 CEST 2008 - mkoenig@suse.de
-
-- remove the certs subpackage from the openssl package
- and move the CA root certificates into a package of its own
-
--------------------------------------------------------------------
-Tue Jun 24 09:09:04 CEST 2008 - mkoenig@suse.de
-
-- update to version 0.9.8h
-- openssl does not ship CA root certificates anymore
- keep certificates that SuSE is already shipping
-- resolves bad array index (function has been removed) [bnc#356549]
-- removed patches
- openssl-0.9.8g-fix_dh_for_certain_moduli.patch
- openssl-CVE-2008-0891.patch
- openssl-CVE-2008-1672.patch
-
--------------------------------------------------------------------
-Wed May 28 15:04:08 CEST 2008 - mkoenig@suse.de
-
-- fix OpenSSL Server Name extension crash (CVE-2008-0891)
- and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672)
- [bnc#394317]
-
--------------------------------------------------------------------
-Wed May 21 20:48:39 CEST 2008 - cthiel@suse.de
-
-- fix baselibs.conf
-
--------------------------------------------------------------------
-Tue Apr 22 14:39:35 CEST 2008 - mkoenig@suse.de
-
-- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]
-
--------------------------------------------------------------------
-Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
-
-- added baselibs.conf file to build xxbit packages
- for multilib support
-
--------------------------------------------------------------------
-Mon Nov 5 14:27:06 CET 2007 - mkoenig@suse.de
-
-- fix Diffie-Hellman failure with certain prime lengths
-
--------------------------------------------------------------------
-Mon Oct 22 15:00:21 CEST 2007 - mkoenig@suse.de
-
-- update to version 0.9.8g:
- * fix some bugs introduced with 0.9.8f
-
--------------------------------------------------------------------
-Mon Oct 15 11:17:14 CEST 2007 - mkoenig@suse.de
-
-- update to version 0.9.8f:
- * fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995
-- patches merged upstream:
- openssl-0.9.8-key_length.patch
- openssl-CVE-2007-3108-bug296511
- openssl-CVE-2007-5135.patch
- openssl-gcc42.patch
- openssl-gcc42_b.patch
- openssl-s390-config.diff
-
--------------------------------------------------------------------
-Mon Oct 1 11:29:55 CEST 2007 - mkoenig@suse.de
-
-- fix buffer overflow CVE-2007-5135 [#329208]
-
--------------------------------------------------------------------
-Wed Sep 5 11:39:26 CEST 2007 - mkoenig@suse.de
-
-- fix another gcc 4.2 build problem [#307669]
-
--------------------------------------------------------------------
-Fri Aug 3 14:17:27 CEST 2007 - coolo@suse.de
-
-- provide the version obsoleted (#293401)
-
--------------------------------------------------------------------
-Wed Aug 1 18:01:45 CEST 2007 - werner@suse.de
-
-- Add patch from CVS for RSA key reconstruction vulnerability
- (CVE-2007-3108, VU#724968, bug #296511)
-
--------------------------------------------------------------------
-Thu May 24 16:18:50 CEST 2007 - mkoenig@suse.de
-
-- fix build with gcc-4.2
- openssl-gcc42.patch
-- do not install example scripts with executable permissions
-
--------------------------------------------------------------------
-Mon Apr 30 01:32:44 CEST 2007 - ro@suse.de
-
-- adapt requires
-
--------------------------------------------------------------------
-Fri Apr 27 15:25:13 CEST 2007 - mkoenig@suse.de
-
-- Do not use dots in package name
-- explicitly build with gcc-4.1 because of currently unresolved
- failures with gcc-4.2
-
--------------------------------------------------------------------
-Wed Apr 25 12:32:44 CEST 2007 - mkoenig@suse.de
-
-- Split/rename package to follow library packaging policy [#260219]
- New package libopenssl0.9.8 containing shared libs
- openssl-devel package renamed to libopenssl-devel
- New package openssl-certs containing certificates
-- add zlib-devel to Requires of devel package
-- remove old Obsoletes and Conflicts
- openssls (Last used Nov 2000)
- ssleay (Last used 6.2)
-
--------------------------------------------------------------------
-Mon Apr 23 11:17:57 CEST 2007 - mkoenig@suse.de
-
-- Fix key length [#254905,#262477]
-
--------------------------------------------------------------------
-Tue Mar 6 10:38:10 CET 2007 - mkoenig@suse.de
-
-- update to version 0.9.8e:
- * patches merged upstream:
- openssl-CVE-2006-2940-fixup.patch
- openssl-0.9.8d-padlock-static.patch
-
--------------------------------------------------------------------
-Tue Jan 9 14:30:28 CET 2007 - mkoenig@suse.de
-
-- fix PadLock support [#230823]
-
--------------------------------------------------------------------
-Thu Nov 30 14:33:51 CET 2006 - mkoenig@suse.de
-
-- enable fix for CVE-2006-2940 [#223040], SWAMP-ID 7198
-
--------------------------------------------------------------------
-Mon Nov 6 18:35:10 CET 2006 - poeml@suse.de
-
-- configure with 'zlib' instead of 'zlib-dynamic'. Build with the
- latter, there are problems opening the libz when running on the
- Via Epia or vmware platforms. [#213305]
-
--------------------------------------------------------------------
-Wed Oct 4 15:07:55 CEST 2006 - poeml@suse.de
-
-- add patch for the CVE-2006-2940 fix: the newly introduced limit
- on DH modulus size could lead to a crash when exerted. [#208971]
- Discovered and fixed after the 0.9.8d release.
-
--------------------------------------------------------------------
-Fri Sep 29 18:37:01 CEST 2006 - poeml@suse.de
-
-- update to 0.9.8d
- *) Introduce limits to prevent malicious keys being able to
- cause a denial of service. (CVE-2006-2940)
- *) Fix ASN.1 parsing of certain invalid structures that can result
- in a denial of service. (CVE-2006-2937)
- *) Fix buffer overflow in SSL_get_shared_ciphers() function.
- (CVE-2006-3738)
- *) Fix SSL client code which could crash if connecting to a
- malicious SSLv2 server. (CVE-2006-4343)
- *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
- match only those. Before that, "AES256-SHA" would be interpreted
- as a pattern and match "AES128-SHA" too (since AES128-SHA got
- the same strength classification in 0.9.7h) as we currently only
- have a single AES bit in the ciphersuite description bitmap.
- That change, however, also applied to ciphersuite strings such as
- "RC4-MD5" that intentionally matched multiple ciphersuites --
- namely, SSL 2.0 ciphersuites in addition to the more common ones
- from SSL 3.0/TLS 1.0.
- So we change the selection algorithm again: Naming an explicit
- ciphersuite selects this one ciphersuite, and any other similar
- ciphersuite (same bitmap) from *other* protocol versions.
- Thus, "RC4-MD5" again will properly select both the SSL 2.0
- ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
- Since SSL 2.0 does not have any ciphersuites for which the
- 128/256 bit distinction would be relevant, this works for now.
- The proper fix will be to use different bits for AES128 and
- AES256, which would have avoided the problems from the beginning;
- however, bits are scarce, so we can only do this in a new release
- (not just a patchlevel) when we can change the SSL_CIPHER
- definition to split the single 'unsigned long mask' bitmap into
- multiple values to extend the available space.
-- not in mentioned in CHANGES: patch for CVE-2006-4339 corrected
- [openssl.org #1397]
-
--------------------------------------------------------------------
-Fri Sep 8 20:33:40 CEST 2006 - schwab@suse.de
-
-- Fix inverted logic.
-
--------------------------------------------------------------------
-Wed Sep 6 17:56:08 CEST 2006 - poeml@suse.de
-
-- update to 0.9.8c
- Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
- *) Add AES IGE and biIGE modes. [Ben Laurie]
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]
- *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
- treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
- cannot be implicitly activated as part of, e.g., the "AES" alias.
- However, please upgrade to OpenSSL 0.9.9[-dev] for
- non-experimental use of the ECC ciphersuites to get TLS extension
- support, which is required for curve and point format negotiation
- to avoid potential handshake problems. [Bodo Moeller]
- *) Disable rogue ciphersuites:
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
- Also deactive the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired. [Bodo Moeller]
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
- *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
- versions), which is now available for royalty-free use
- (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
- Also, add Camellia TLS ciphersuites from RFC 4132.
- To minimize changes between patchlevels in the OpenSSL 0.9.8
- series, Camellia remains excluded from compilation unless OpenSSL
- is configured with 'enable-camellia'. [NTT]
- *) Disable the padding bug check when compression is in use. The padding
- bug check assumes the first packet is of even length, this is not
- necessarily true if compresssion is enabled and can result in false
- positives causing handshake failure. The actual bug test is ancient
- code so it is hoped that implementations will either have fixed it by
- now or any which still have the bug do not support compression.
- [Steve Henson]
- Changes between 0.9.8a and 0.9.8b [04 May 2006]
- *) When applying a cipher rule check to see if string match is an explicit
- cipher suite and only match that one cipher suite if it is. [Steve Henson]
- *) Link in manifests for VC++ if needed. [Austin Ziegler <halostatue@gmail.com>]
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-12.txt with proposed changes (but without
- TLS extensions, which are supported starting with the 0.9.9
- branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila]
- *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
- opaque EVP_CIPHER_CTX handling. [Steve Henson]
- *) Fixes and enhancements to zlib compression code. We now only use
- "zlib1.dll" and use the default __cdecl calling convention on Win32
- to conform with the standards mentioned here:
- http://www.zlib.net/DLL_FAQ.txt
- Static zlib linking now works on Windows and the new --with-zlib-include
- --with-zlib-lib options to Configure can be used to supply the location
- of the headers and library. Gracefully handle case where zlib library
- can't be loaded. [Steve Henson]
- *) Several fixes and enhancements to the OID generation code. The old code
- sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
- handle numbers larger than ULONG_MAX, truncated printing and had a
- non standard OBJ_obj2txt() behaviour. [Steve Henson]
- *) Add support for building of engines under engine/ as shared libraries
- under VC++ build system. [Steve Henson]
- *) Corrected the numerous bugs in the Win32 path splitter in DSO.
- Hopefully, we will not see any false combination of paths any more.
- [Richard Levitte]
-- enable Camellia cipher. There is a royalty free license to the
- patents, see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html.
- NOTE: the license forbids patches to the cipher.
-- build with zlib-dynamic and add zlib-devel to BuildRequires.
- Allows compression of data in TLS, although few application would
- actually use it since there is no standard for negotiating the
- compression method. The only one I know if is stunnel.
-
--------------------------------------------------------------------
-Fri Jun 2 15:00:58 CEST 2006 - poeml@suse.de
-
-- fix built-in ENGINESDIR for 64 bit architectures. We change only
- the builtin search path for engines, not the path where engines
- are packaged. Path can be overridden with the OPENSSL_ENGINES
- environment variable. [#179094]
-
--------------------------------------------------------------------
-Wed Jan 25 21:30:41 CET 2006 - mls@suse.de
-
-- converted neededforbuild to BuildRequires
-
--------------------------------------------------------------------
-Mon Jan 16 13:13:13 CET 2006 - mc@suse.de
-
-- fix build problems on s390x (openssl-s390-config.diff)
-- build with -fstack-protector
-
--------------------------------------------------------------------
-Mon Nov 7 16:30:49 CET 2005 - dmueller@suse.de
-
-- build with non-executable stack
-
--------------------------------------------------------------------
-Thu Oct 20 17:37:47 CEST 2005 - poeml@suse.de
-
-- fix unguarded free() which can cause a segfault in the ca
- commandline app [#128655]
-
--------------------------------------------------------------------
-Thu Oct 13 15:10:28 CEST 2005 - poeml@suse.de
-
-- add Geotrusts Equifax Root1 CA certificate, which needed to
- verify the authenticity of you.novell.com [#121966]
-
--------------------------------------------------------------------
-Tue Oct 11 15:34:07 CEST 2005 - poeml@suse.de
-
-- update to 0.9.8a
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CAN-2005-2969)
- *) Add two function to clear and return the verify parameter flags.
- *) Keep cipherlists sorted in the source instead of sorting them at
- runtime, thus removing the need for a lock.
- *) Avoid some small subgroup attacks in Diffie-Hellman.
- *) Add functions for well-known primes.
- *) Extended Windows CE support.
- *) Initialize SSL_METHOD structures at compile time instead of during
- runtime, thus removing the need for a lock.
- *) Make PKCS7_decrypt() work even if no certificate is supplied by
- attempting to decrypt each encrypted key in turn. Add support to
- smime utility.
-
--------------------------------------------------------------------
-Thu Sep 29 18:53:08 CEST 2005 - poeml@suse.de
-
-- update to 0.9.8
- see CHANGES file or http://www.openssl.org/news/changelog.html
-- adjust patches
-- drop obsolete openssl-no-libc.diff
-- disable libica patch until it has been ported
-
--------------------------------------------------------------------
-Fri May 20 11:27:12 CEST 2005 - poeml@suse.de
-
-- update to 0.9.7g. The significant changes are:
- *) Fixes for newer kerberos headers. NB: the casts are needed because
- the 'length' field is signed on one version and unsigned on another
- with no (?) obvious way to tell the difference, without these VC++
- complains. Also the "definition" of FAR (blank) is no longer included
- nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
- some needed definitions.
- *) Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
-
--------------------------------------------------------------------
-Tue May 17 16:28:51 CEST 2005 - schwab@suse.de
-
-- Include %cflags_profile_generate in ${CC} since it is required for
- linking as well.
-- Remove explicit reference to libc.
-
--------------------------------------------------------------------
-Fri Apr 8 17:27:27 CEST 2005 - poeml@suse.de
-
-- update to 0.9.7f. The most significant changes are:
- o Several compilation issues fixed.
- o Many memory allocation failure checks added.
- o Improved comparison of X509 Name type.
- o Mandatory basic checks on certificates.
- o Performance improvements.
- (for a complete list see http://www.openssl.org/source/exp/CHANGES)
-- adjust openssl-0.9.7f-ppc64.diff
-- drop obsolete openssl-0.9.7d-crl-default_md.dif [#55435]
-
--------------------------------------------------------------------
-Tue Jan 4 16:47:02 CET 2005 - poeml@suse.de
-
-- update to 0.9.7e
- *) Avoid a race condition when CRLs are checked in a multi
- threaded environment. This would happen due to the reordering
- of the revoked entries during signature checking and serial
- number lookup. Now the encoding is cached and the serial
- number sort performed under a lock. Add new STACK function
- sk_is_sorted().
- *) Add Delta CRL to the extension code.
- *) Various fixes to s3_pkt.c so alerts are sent properly.
- *) Reduce the chances of duplicate issuer name and serial numbers
- (in violation of RFC3280) using the OpenSSL certificate
- creation utilities. This is done by creating a random 64 bit
- value for the initial serial number when a serial number file
- is created or when a self signed certificate is created using
- 'openssl req -x509'. The initial serial number file is created
- using 'openssl x509 -next_serial' in CA.pl rather than being
- initialized to 1.
-- remove obsolete patches
-- fix openssl-0.9.7d-padlock-glue.diff and ICA patch to patch
- Makefile, not Makefile.ssl
-- fixup for spaces in names of man pages not needed now
-- pack /usr/bin/openssl_fips_fingerprint
-- in rpm post/postun script, run /sbin/ldconfig directly (the macro
- is deprecated)
-
--------------------------------------------------------------------
-Mon Oct 18 15:03:28 CEST 2004 - poeml@suse.de
-
-- don't install openssl.doxy file [#45210]
-
--------------------------------------------------------------------
-Thu Jul 29 16:56:44 CEST 2004 - poeml@suse.de
-
-- apply patch from CVS to fix segfault in S/MIME encryption
- (http://cvs.openssl.org/chngview?cn=12081, regression in
- openssl-0.9.7d) [#43386]
-
--------------------------------------------------------------------
-Mon Jul 12 15:22:31 CEST 2004 - mludvig@suse.cz
-
-- Updated VIA PadLock engine.
-
--------------------------------------------------------------------
-Wed Jun 30 21:45:01 CEST 2004 - mludvig@suse.cz
-
-- Updated openssl-0.9.7d-padlock-engine.diff with support for
- AES192, AES256 and RNG.
-
--------------------------------------------------------------------
-Tue Jun 15 16:18:36 CEST 2004 - poeml@suse.de
-
-- update IBM ICA patch to last night's version. Fixes ibmca_init()
- to reset ibmca_dso=NULL after calling DSO_free(), if the device
- driver could not be loaded. The bug lead to a segfault triggered
- by stunnel, which does autoload available engines [#41874]
-- patch from CVS: make stack API more robust (return NULL for
- out-of-range indexes). Fixes another possible segfault during
- engine detection (could also triggered by stunnel)
-- add patch from Michal Ludvig for VIA PadLock support
-
--------------------------------------------------------------------
-Wed Jun 2 20:44:40 CEST 2004 - poeml@suse.de
-
-- add root certificate for the ICP-Brasil CA [#41546]
-
--------------------------------------------------------------------
-Thu May 13 19:53:48 CEST 2004 - poeml@suse.de
-
-- add patch to use default_md for CRLs too [#40435]
-
--------------------------------------------------------------------
-Tue May 4 20:45:19 CEST 2004 - poeml@suse.de
-
-- update ICA patch to apr292004 release [#39695]
-
--------------------------------------------------------------------
-Thu Mar 18 13:47:09 CET 2004 - poeml@suse.de
-
-- update to 0.9.7d
- o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
- (CAN-2004-0112)
- o Security: Fix null-pointer assignment in do_change_cipher_spec()
- (CAN-2004-0079)
- o Allow multiple active certificates with same subject in CA index
- o Multiple X590 verification fixes
- o Speed up HMAC and other operations
-- remove the hunk from openssl-0.9.6d.dif that added NO_IDEA around
- IDEA_128_CBC_WITH_MD5 in the global cipher list. Upstream now has
- OPENSSL_NO_IDEA around it
-- [#36386] fixed (broken generation of EVP_BytesToKey.3ssl from the
- pod file)
-- permissions of lib/pkgconfig fixed
-
--------------------------------------------------------------------
-Wed Feb 25 20:42:39 CET 2004 - poeml@suse.de
-
-- update to 0.9.7c
- *) Fix various bugs revealed by running the NISCC test suite:
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
- *) New -ignore_err option in ocsp application to stop the server
- exiting on the first error in a request.
- *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
- extra data after the compression methods not only for TLS 1.0
- but also for SSL 3.0 (as required by the specification).
- *) Change X509_certificate_type() to mark the key as exported/exportable
- when it's 512 *bits* long, not 512 bytes.
- *) Change AES_cbc_encrypt() so it outputs exact multiple of
- blocks during encryption.
- *) Various fixes to base64 BIO and non blocking I/O. On write
- flushes were not handled properly if the BIO retried. On read
- data was not being buffered properly and had various logic bugs.
- This also affects blocking I/O when the data being decoded is a
- certain size.
- *) Various S/MIME bugfixes and compatibility changes:
- output correct application/pkcs7 MIME type if
- PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
- Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
- of files as .eml work). Correctly handle very long lines in MIME
- parser.
-- update ICA patch
- quote: This version of the engine patch has updated error handling in
- the DES/SHA code, and turns RSA blinding off for hardware
- accelerated RSA ops.
-- filenames of some man pages contain spaces now. Replace them with
- underscores
-- fix compiler warnings in showciphers.c
-- fix permissions of /usr/%_lib/pkgconfig
-
--------------------------------------------------------------------
-Sat Jan 10 10:55:59 CET 2004 - adrian@suse.de
-
-- add %run_ldconfig
-- remove unneeded PreRequires
-
--------------------------------------------------------------------
-Tue Nov 18 14:07:53 CET 2003 - poeml@suse.de
-
-- ditch annoying mail to root about moved locations [#31969]
-
--------------------------------------------------------------------
-Wed Aug 13 22:30:13 CEST 2003 - poeml@suse.de
-
-- enable profile feedback based optimizations (except AES which
- becomes slower)
-- add -fno-strict-aliasing, due to warnings about code where
- dereferencing type-punned pointers will break strict aliasing
-- make a readlink function if readlink is not available
-
--------------------------------------------------------------------
-Mon Aug 4 16:16:57 CEST 2003 - ro@suse.de
-
-- fixed manpages symlinks
-
--------------------------------------------------------------------
-Wed Jul 30 15:37:37 CEST 2003 - meissner@suse.de
-
-- Fix Makefile to create pkgconfig file with lib64 on lib64 systems.
-
--------------------------------------------------------------------
-Sun Jul 27 15:51:04 CEST 2003 - poeml@suse.de
-
-- don't explicitely strip binaries since RPM handles it, and may
- keep the stripped information somewhere
-
--------------------------------------------------------------------
-Tue Jul 15 16:29:16 CEST 2003 - meissner@suse.de
-
-- -DMD32_REG_T=int for ppc64 and s390x.
-
--------------------------------------------------------------------
-Thu Jul 10 23:14:22 CEST 2003 - poeml@suse.de
-
-- update ibm ICA patch to 20030708 release (libica-1.3)
-
--------------------------------------------------------------------
-Mon May 12 23:27:07 CEST 2003 - poeml@suse.de
-
-- package the openssl.pc file for pkgconfig
-
--------------------------------------------------------------------
-Wed Apr 16 16:04:32 CEST 2003 - poeml@suse.de
-
-- update to 0.9.7b. The most significant changes are:
- o New library section OCSP.
- o Complete rewrite of ASN1 code.
- o CRL checking in verify code and openssl utility.
- o Extension copying in 'ca' utility.
- o Flexible display options in 'ca' utility.
- o Provisional support for international characters with UTF8.
- o Support for external crypto devices ('engine') is no longer
- a separate distribution.
- o New elliptic curve library section.
- o New AES (Rijndael) library section.
- o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
- Linux x86_64, Linux 64-bit on Sparc v9
- o Extended support for some platforms: VxWorks
- o Enhanced support for shared libraries.
- o Now only builds PIC code when shared library support is requested.
- o Support for pkg-config.
- o Lots of new manuals.
- o Makes symbolic links to or copies of manuals to cover all described
- functions.
- o Change DES API to clean up the namespace (some applications link also
- against libdes providing similar functions having the same name).
- Provide macros for backward compatibility (will be removed in the
- future).
- o Unify handling of cryptographic algorithms (software and engine)
- to be available via EVP routines for asymmetric and symmetric ciphers.
- o NCONF: new configuration handling routines.
- o Change API to use more 'const' modifiers to improve error checking
- and help optimizers.
- o Finally remove references to RSAref.
- o Reworked parts of the BIGNUM code.
- o Support for new engines: Broadcom ubsec, Accelerated Encryption
- Processing, IBM 4758.
- o A few new engines added in the demos area.
- o Extended and corrected OID (object identifier) table.
- o PRNG: query at more locations for a random device, automatic query for
- EGD style random sources at several locations.
- o SSL/TLS: allow optional cipher choice according to server's preference.
- o SSL/TLS: allow server to explicitly set new session ids.
- o SSL/TLS: support Kerberos cipher suites (RFC2712).
- Only supports MIT Kerberos for now.
- o SSL/TLS: allow more precise control of renegotiations and sessions.
- o SSL/TLS: add callback to retrieve SSL/TLS messages.
- o SSL/TLS: support AES cipher suites (RFC3268).
-- adapt the ibmca patch
-- remove openssl-nocrypt.diff, openssl's crypt() vanished
-- configuration syntax has changed ($sys_id added before $lflags)
-
--------------------------------------------------------------------
-Thu Feb 20 11:55:34 CET 2003 - poeml@suse.de
-
-- update to bugfix release 0.9.6i:
- - security fix: In ssl3_get_record (ssl/s3_pkt.c), minimize
- information leaked via timing by performing a MAC computation
- even if incorrrect block cipher padding has been found. This
- is a countermeasure against active attacks where the attacker
- has to distinguish between bad padding and a MAC verification
- error. (CAN-2003-0078)
- - a few more small bugfixes (mainly missing assertions)
-
--------------------------------------------------------------------
-Fri Dec 6 10:07:20 CET 2002 - poeml@suse.de
-
-- update to 0.9.6h (last release in the 0.9.6 series)
- o New configuration targets for Tandem OSS and A/UX.
- o New OIDs for Microsoft attributes.
- o Better handling of SSL session caching.
- o Better comparison of distinguished names.
- o Better handling of shared libraries in a mixed GNU/non-GNU environment.
- o Support assembler code with Borland C.
- o Fixes for length problems.
- o Fixes for uninitialised variables.
- o Fixes for memory leaks, some unusual crashes and some race conditions.
- o Fixes for smaller building problems.
- o Updates of manuals, FAQ and other instructive documents.
-- add a call to make depend
-- fix sed expression (lib -> lib64) to replace multiple occurences
- on one line
-
--------------------------------------------------------------------
-Mon Nov 4 13:16:09 CET 2002 - stepan@suse.de
-
-- fix openssl for alpha ev56 cpus
-
--------------------------------------------------------------------
-Thu Oct 24 12:57:36 CEST 2002 - poeml@suse.de
-
-- own the /usr/share/ssl directory [#20849]
-- openssl-hppa-config.diff can be applied on all architectures
-
--------------------------------------------------------------------
-Mon Sep 30 16:07:49 CEST 2002 - bg@suse.de
-
-- enable hppa distribution; use only pa1.1 architecture.
-
--------------------------------------------------------------------
-Tue Sep 17 17:13:46 CEST 2002 - froh@suse.de
-
-- update ibm-hardware-crypto-patch to ibmca.patch-0.96e-2 (#18953)
-
--------------------------------------------------------------------
-Mon Aug 12 18:34:58 CEST 2002 - poeml@suse.de
-
-- update to 0.9.6g and drop the now included ASN1 check patch.
- Other change:
- - Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()).
-
--------------------------------------------------------------------
-Fri Aug 9 19:49:59 CEST 2002 - kukuk@suse.de
-
-- Fix requires of openssl-devel subpackage
-
--------------------------------------------------------------------
-Tue Aug 6 15:18:59 MEST 2002 - draht@suse.de
-
-- Correction for changes in the ASN1 code, assembled in
- openssl-0.9.6e-cvs-20020802-asn1_lib.diff
-
--------------------------------------------------------------------
-Thu Aug 1 00:53:33 CEST 2002 - poeml@suse.de
-
-- update to 0.9.6e. Major changes:
- o Various security fixes (sanity checks to asn1_get_length(),
- various remote buffer overflows)
- o new option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, disabling the
- countermeasure against a vulnerability in the CBC ciphersuites
- in SSL 3.0/TLS 1.0 that was added in 0.9.6d which turned out to
- be incompatible with buggy SSL implementations
-- update ibmca crypto hardware patch (security issues fixed)
-- gcc 3.1 version detection is fixed, we can drop the patch
-- move the most used man pages from the -doc to the main package
- [#9913] and resolve man page conflicts by putting them into ssl
- sections [#17239]
-- spec file: use PreReq for %post script
-
--------------------------------------------------------------------
-Fri Jul 12 17:59:10 CEST 2002 - poeml@suse.de
-
-- update to 0.9.6d. Major changes:
- o Various SSL/TLS library bugfixes.
- o Fix DH parameter generation for 'non-standard' generators.
- Complete Changelog: http://www.openssl.org/news/changelog.html
-- supposed to fix a session caching failure occuring with postfix
-- simplify local configuration for the architectures
-- there's a new config variable: $shared_ldflag
-- use RPM_OPT_FLAGS in favor of predifined cflags by appending them
- at the end
-- validate config data (config --check-sanity)
-- resolve file conflict of /usr/share/man/man1/openssl.1.gz [#15982]
-- move configuration to /etc/ssl [#14387]
-- mark openssl.cnf %config (noreplace)
-
--------------------------------------------------------------------
-Sat Jul 6 20:28:56 CEST 2002 - schwab@suse.de
-
-- Include <crypt.h> to get crypt prototype.
-
--------------------------------------------------------------------
-Fri Jul 5 08:51:16 CEST 2002 - kukuk@suse.de
-
-- Remove crypt prototype from des.h header file, too.
-
--------------------------------------------------------------------
-Mon Jun 10 11:38:16 CEST 2002 - meissner@suse.de
-
-- enhanced ppc64 support (needs seperate config), reenabled make check
-
--------------------------------------------------------------------
-Fri May 31 14:54:06 CEST 2002 - olh@suse.de
-
-- add ppc64 support, temporary disable make check
-
--------------------------------------------------------------------
-Thu Apr 18 16:30:01 CEST 2002 - meissner@suse.de
-
-- fixed x86_64 build, added bc to needed_for_build (used by tests)
-
--------------------------------------------------------------------
-Wed Apr 17 16:56:34 CEST 2002 - ro@suse.de
-
-- fixed gcc version determination
-- drop sun4c support/always use sparcv8
-- ignore return code from showciphers
-
--------------------------------------------------------------------
-Fri Mar 15 16:54:44 CET 2002 - poeml@suse.de
-
-- add settings for sparc to build shared objects. Note that all
- sparcs (sun4[mdu]) are recognized as linux-sparcv7
-
--------------------------------------------------------------------
-Wed Feb 6 14:23:44 CET 2002 - kukuk@suse.de
-
-- Remove crypt function from libcrypto.so.0 [Bug #13056]
-
--------------------------------------------------------------------
-Sun Feb 3 22:32:16 CET 2002 - poeml@suse.de
-
-- add settings for mips to build shared objects
-- print out all settings to the build log
-
--------------------------------------------------------------------
-Tue Jan 29 12:42:58 CET 2002 - poeml@suse.de
-
-- update to 0.9.6c:
- o bug fixes
- o support for hardware crypto devices (Cryptographic Appliances,
- Broadcom, and Accelerated Encryption Processing)
-- add IBMCA patch for IBM eServer Cryptographic Accelerator Device
- Driver (#12565) (forward ported from 0.9.6b)
- (http://www-124.ibm.com/developerworks/projects/libica/)
-- tell Configure how to build shared libs for s390 and s390x
-- tweak Makefile.org to use %_libdir
-- clean up spec file
-- add README.SuSE as source file instead of in a patch
-
--------------------------------------------------------------------
-Wed Dec 5 10:59:59 CET 2001 - uli@suse.de
-
-- disabled "make test" for ARM (destest segfaults, the other tests
- seem to succeed)
-
--------------------------------------------------------------------
-Wed Dec 5 02:39:16 CET 2001 - ro@suse.de
-
-- removed subpackage src
-
--------------------------------------------------------------------
-Wed Nov 28 13:28:42 CET 2001 - uli@suse.de
-
-- needs -ldl on ARM, too
-
--------------------------------------------------------------------
-Mon Nov 19 17:48:31 MET 2001 - mls@suse.de
-
-- made mips big endian, fixed shared library creation for mips
-
--------------------------------------------------------------------
-Fri Aug 31 11:19:46 CEST 2001 - rolf@suse.de
-
-- added root certificates [BUG#9913]
-- move from /usr/ssh to /usr/share/ssl
-
--------------------------------------------------------------------
-Wed Jul 18 10:27:54 CEST 2001 - rolf@suse.de
-
-- update to 0.9.6b
-- switch to engine version of openssl, which supports hardware
- encryption for a few popular devices
-- check wether shared libraries have been generated
-
--------------------------------------------------------------------
-Thu Jul 5 15:06:03 CEST 2001 - rolf@suse.de
-
-- appliy PRNG security patch
-
--------------------------------------------------------------------
-Tue Jun 12 10:52:34 EDT 2001 - bk@suse.de
-
-- added support for s390x
-
--------------------------------------------------------------------
-Mon May 7 21:02:30 CEST 2001 - kukuk@suse.de
-
-- Fix building of shared libraries on SPARC, too.
-
--------------------------------------------------------------------
-Mon May 7 11:36:53 MEST 2001 - rolf@suse.de
-
-- Fix ppc and s390 shared library builds
-- resolved conflict in manpage naming:
- rand.3 is now sslrand.3 [BUG#7643]
-
--------------------------------------------------------------------
-Tue May 1 22:32:48 CEST 2001 - schwab@suse.de
-
-- Fix ia64 configuration.
-- Fix link command.
-
--------------------------------------------------------------------
-Thu Apr 26 03:17:52 CEST 2001 - bjacke@suse.de
-
-- updated to 0.96a
-
--------------------------------------------------------------------
-Wed Apr 18 12:56:48 CEST 2001 - kkaempf@suse.de
-
-- provide .so files in -devel package only
-
--------------------------------------------------------------------
-Tue Apr 17 02:45:36 CEST 2001 - bjacke@suse.de
-
-- resolve file name conflict (#6966)
-
--------------------------------------------------------------------
-Wed Mar 21 10:12:59 MET 2001 - rolf@suse.de
-
-- new subpackage openssl-src [BUG#6383]
-- added README.SuSE which explains where to find the man pages [BUG#6717]
-
--------------------------------------------------------------------
-Fri Dec 15 18:09:16 CET 2000 - sf@suse.de
-
-- changed CFLAG to -O1 to make the tests run successfully
-
--------------------------------------------------------------------
-Mon Dec 11 13:33:55 CET 2000 - rolf@suse.de
-
-- build openssl with no-idea and no-rc5 to meet US & RSA regulations
-- build with -fPIC on all platforms (especially IA64)
-
--------------------------------------------------------------------
-Wed Nov 22 11:27:39 MET 2000 - rolf@suse.de
-
-- rename openssls to openssl-devel and add shared libs and header files
-- new subpackge openssl-doc for manpages and documentation
-- use BuildRoot
-
--------------------------------------------------------------------
-Fri Oct 27 16:53:45 CEST 2000 - schwab@suse.de
-
-- Add link-time links for libcrypto and libssl.
-- Make sure that LD_LIBRARY_PATH is passed down to sub-makes.
-
--------------------------------------------------------------------
-Mon Oct 2 17:33:07 MEST 2000 - rolf@suse.de
-
-- update to 0.9.6
-
--------------------------------------------------------------------
-Mon Apr 10 23:04:15 CEST 2000 - bk@suse.de
-
-- fix support for s390-linux
-
--------------------------------------------------------------------
-Mon Apr 10 18:01:46 MEST 2000 - rolf@suse.de
-
-- new version 0.9.5a
-
--------------------------------------------------------------------
-Sun Apr 9 02:51:42 CEST 2000 - bk@suse.de
-
-- add support for s390-linux
-
--------------------------------------------------------------------
-Mon Mar 27 19:25:25 CEST 2000 - kukuk@suse.de
-
-- Use sparcv7 for SPARC
-
--------------------------------------------------------------------
-Wed Mar 1 16:42:00 MET 2000 - rolf@suse.de
-
-- move manpages back, as too many conflict with system manuals
-
--------------------------------------------------------------------
-Wed Mar 1 11:23:21 MET 2000 - rolf@suse.de
-
-- move manpages to %{_mandir}
-- include static libraries
-
--------------------------------------------------------------------
-Wed Mar 1 02:52:17 CET 2000 - bk@suse.de
-
-- added subpackage source openssls, needed for ppp_ssl
-
--------------------------------------------------------------------
-Tue Feb 29 12:50:48 MET 2000 - rolf@suse.de
-
-- new version 0.9.5
-
--------------------------------------------------------------------
-Thu Feb 24 15:43:38 CET 2000 - schwab@suse.de
-
-- add support for ia64-linux
-
--------------------------------------------------------------------
-Mon Jan 31 13:05:59 CET 2000 - kukuk@suse.de
-
-- Create and add libcrypto.so.0 and libssl.so.0
-
--------------------------------------------------------------------
-Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
-
-- ran old prepare_spec on spec file to switch to new prepare_spec.
-
--------------------------------------------------------------------
-Wed Sep 1 12:30:08 MEST 1999 - rolf@suse.de
-
-- new version 0.9.4
-
--------------------------------------------------------------------
-Wed May 26 16:26:49 MEST 1999 - rolf@suse.de
-
-- new version 0.9.3 with new layout
-- alpha asm disabled by default now, no patch needed
-
--------------------------------------------------------------------
-Thu May 20 09:38:09 MEST 1999 - ro@suse.de
-
-- disable asm for alpha: seems incomplete
-
--------------------------------------------------------------------
-Mon May 17 17:43:34 MEST 1999 - rolf@suse.de
-
-- don't use -DNO_IDEA
-
--------------------------------------------------------------------
-Wed May 12 16:10:03 MEST 1999 - rolf@suse.de
-
-- first version 0.9.2b
projects / platform / upstream / openssl.git / blobdiff