Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openssl-perl-3.2.2-6.el9_5.1 RPM for s390x

From AlmaLinux 9.6 AppStream for s390x

Name: openssl-perl Distribution: AlmaLinux
Version: 3.2.2 Vendor: AlmaLinux
Release: 6.el9_5.1 Build date: Tue Feb 11 23:05:37 2025
Group: Unspecified Build host: s390x-builder02.almalinux.org
Size: 30252 Source RPM: openssl-3.2.2-6.el9_5.1.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: http://www.openssl.org/
Summary: Perl scripts provided with OpenSSL
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

Provides

Requires

License

ASL 2.0

Changelog

* Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6.1
  - RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
    Resolves: RHEL-76755
* Thu Sep 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
  - rebuilt
    Related: RHEL-55339
* Wed Sep 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-5
  - Fix CVE-2024-6119: Possible denial of service in X.509 name checks
    Resolves: RHEL-55339
* Wed Aug 21 2024 Clemens Lang <cllang@redhat.com> - 1:3.2.2-4
  - Fix CVE-2024-5535: SSL_select_next_proto buffer overread
    Resolves: RHEL-45657
* Sat Jun 22 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
  - Replace HKDF backward compatibility patch with the official one
    Related: RHEL-40823
* Wed Jun 12 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-2
  - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
    Resolves: RHEL-40823
* Wed Jun 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
  - Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741,
    and Minerva attack.
    Resolves: RHEL-32148
    Resolves: RHEL-36792
    Resolves: RHEL-38514
    Resolves: RHEL-39111
* Thu May 23 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-2
  - Update RNG changing for FIPS purpose
    Resolves: RHEL-35380
* Wed Apr 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-1
  - Rebasing OpenSSL to 3.2.1
    Resolves: RHEL-26271
* Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Related: RHEL-23474
* Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26
  - Avoid implicit function declaration when building openssl
    Related: RHEL-1780
  - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
    Resolves: RHEL-17104
  - Add a directory for OpenSSL providers configuration
    Resolves: RHEL-17193
  - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
    Resolves: RHEL-19515
  - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
    Resolves: RHEL-21151
  - Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
    Resolves: RHEL-21654
  - SSL ECDHE Kex fails when pkcs11 engine is set in config file
    Resolves: RHEL-20249
  - Denial of service via null dereference in PKCS#12
    Resolves: RHEL-22486
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Resolves: RHEL-23474
* Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
  - Provide relevant diagnostics when FIPS checksum is corrupted
    Resolves: RHEL-5317
  - Don't limit using SHA1 in KDFs in non-FIPS mode.
    Resolves: RHEL-5295
  - Provide empty evp_properties section in main OpenSSL configuration file
    Resolves: RHEL-11439
  - Avoid implicit function declaration when building openssl
    Resolves: RHEL-1780
  - Forbid explicit curves when created via EVP_PKEY_fromdata
    Resolves: RHEL-5304
  - AES-SIV cipher implementation contains a bug that causes it to ignore empty
    associated data entries (CVE-2023-2975)
    Resolves: RHEL-5302
  - Excessive time spent checking DH keys and parameters (CVE-2023-3446)
    Resolves: RHEL-5306
  - Excessive time spent checking DH q parameter value (CVE-2023-3817)
    Resolves: RHEL-5308
  - Fix incorrect cipher key and IV length processing (CVE-2023-5363)
    Resolves: RHEL-13251
  - Switch explicit FIPS indicator for RSA-OAEP to approved following
    clarification with CMVP
    Resolves: RHEL-14083
  - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
    Resolves: RHEL-14083
  - Add missing ECDH Public Key Check in FIPS mode
    Resolves: RHEL-15990
  - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
    Resolves: RHEL-15954
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
  - Make FIPS module configuration more crypto-policies friendly
    Related: rhbz#2216256
* Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23
  - Add a workaround for lack of EMS in FIPS mode
    Resolves: rhbz#2216256
* Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22
  - Remove unsupported curves from nist_curves.
    Resolves: rhbz#2069336
* Mon Jun 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-21
  - Remove the listing of brainpool curves in FIPS mode.
    Related: rhbz#2188180
* Tue May 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-20
  - Fix possible DoS translating ASN.1 object identifiers
    Resolves: CVE-2023-2650
  - Release the DRBG in global default libctx early
    Resolves: rhbz#2211340
* Mon May 22 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-19
  - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode
    Resolves: rhbz#2169757
* Thu May 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-18
  - Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
    Resolves: rhbz#2160797
* Tue May 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-17
  - Enforce using EMS in FIPS mode - better alerts
    Related: rhbz#2157951
* Tue May 02 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-16
  - Upload new upstream sources without manually hobbling them.
  - Remove the hobbling script as it is redundant. It is now allowed to ship
    the sources of patented EC curves, however it is still made unavailable to use
    by compiling with the 'no-ec2m' Configure option. The additional forbidden
    curves such as P-160, P-192, wap-tls curves are manually removed by updating
    0011-Remove-EC-curves.patch.
  - Enable Brainpool curves.
  - Apply the changes to ec_curve.c and  ectest.c as a new patch
    0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
  - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
  - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
    Resolves: rhbz#2130618, rhbz#2188180
* Fri Apr 28 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-15
  - Backport implicit rejection for RSA PKCS#1 v1.5 encryption
    Resolves: rhbz#2153471
* Fri Apr 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-14
  - Input buffer over-read in AES-XTS implementation on 64 bit ARM
    Resolves: rhbz#2188554
* Tue Apr 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-13
  - Enforce using EMS in FIPS mode
    Resolves: rhbz#2157951
  - Fix excessive resource usage in verifying X509 policy constraints
    Resolves: rhbz#2186661
  - Fix invalid certificate policies in leaf certificates check
    Resolves: rhbz#2187429
  - Certificate policy check not enabled
    Resolves: rhbz#2187431
  - OpenSSL rsa_verify_recover key length checks in FIPS mode
    Resolves: rhbz#2186819
* Fri Mar 24 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-12
  - Change explicit FIPS indicator for RSA decryption to unapproved
    Resolves: rhbz#2179379
* Mon Mar 20 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-11
  - Add missing reference to patchfile to add explicit FIPS indicator to RSA
    encryption and RSASVE and fix the gettable parameter list for the RSA
    asymmetric cipher implementation.
    Resolves: rhbz#2179379
* Fri Mar 17 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-10
  - Add explicit FIPS indicator to RSA encryption and RSASVE
    Resolves: rhbz#2179379
* Thu Mar 16 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-9
  - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes
    Resolves: rhbz#2175864
* Thu Mar 16 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-8
  - Fix Wpointer-sign compiler warning 
    Resolves: rhbz#2178034
* Tue Mar 14 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-7
  - Add explicit FIPS indicators to key derivation functions
    Resolves: rhbz#2175860 rhbz#2175864
  - Zeroize FIPS module integrity check MAC after check
    Resolves: rhbz#2175873
  - Add explicit FIPS indicator for IV generation in AES-GCM
    Resolves: rhbz#2175868
  - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant
    salt in PBKDF2 FIPS self-test
    Resolves: rhbz#2178137
  - Limit RSA_NO_PADDING for encryption and signature in FIPS mode
    Resolves: rhbz#2178029
  - Pairwise consistency tests should use Digest+Sign/Verify
    Resolves: rhbz#2178034
  - Forbid DHX keys import in FIPS mode
    Resolves: rhbz#2178030
  - DH PCT should abort on failure
    Resolves: rhbz#2178039
  - Increase RNG seeding buffer size to 32
    Related: rhbz#2168224
* Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
  - Fixes RNG slowdown in FIPS mode
    Resolves: rhbz#2168224
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5
  - Fixed X.509 Name Constraints Read Buffer Overflow
    Resolves: CVE-2022-4203
  - Fixed Timing Oracle in RSA Decryption
    Resolves: CVE-2022-4304
  - Fixed Double free after calling PEM_read_bio_ex
    Resolves: CVE-2022-4450
  - Fixed Use-after-free following BIO_new_NDEF
    Resolves: CVE-2023-0215
  - Fixed Invalid pointer dereference in d2i_PKCS7 functions
    Resolves: CVE-2023-0216
  - Fixed NULL dereference validating DSA public key
    Resolves: CVE-2023-0217
  - Fixed X.400 address type confusion in X.509 GeneralName
    Resolves: CVE-2023-0286
  - Fixed NULL dereference during PKCS7 data verification
    Resolves: CVE-2023-0401

Files

/etc/pki/CA
/etc/pki/CA/certs
/etc/pki/CA/crl
/etc/pki/CA/newcerts
/etc/pki/CA/private
/usr/bin/CA.pl
/usr/bin/c_rehash
/usr/bin/tsget
/usr/bin/tsget.pl
/usr/share/man/man1/CA.pl.1ossl.gz
/usr/share/man/man1/tsget.1ossl.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 06:17:00 2025