| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: openssl-libs | Distribution: CentOS |
| Version: 3.5.0 | Vendor: CentOS |
| Release: 2.el9 | Build date: Wed May 14 22:00:16 2025 |
| Group: Unspecified | Build host: s390-06.stream.rdu2.redhat.com |
| Size: 7570442 | Source RPM: openssl-3.5.0-2.el9.src.rpm |
| Packager: builder@centos.org | |
| Url: http://www.openssl.org/ | |
| Summary: A general purpose cryptography library with TLS implementation | |
OpenSSL is a toolkit for supporting cryptography. The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols.
Apache-2.0
* Fri May 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
- OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
Resolves: RHEL-88910
- PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
Resolves: RHEL-88912
- Fix `openssl speed` running in FIPS mode
Resolves: RHEL-89860
- pkeyutl ecdsa signature with sha1 shouldn't work by default
Resolves: RHEL-89861
- Expose settable params for EVP_SKEY
Resolves: RHEL-89862
- Restore RHEL9-style indicators defines
Resolves: RHEL-89859
- Enable sslkeylog support
Resolves: RHEL-90854
* Wed Apr 16 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
- Rebasing OpenSSL to 3.5
Resolves: RHEL-80854
Resolves: RHEL-50208
Resolves: RHEL-50210
Resolves: RHEL-50211
Resolves: RHEL-85954
* Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
- RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
Resolves: RHEL-76756
* Thu Sep 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
- rebuilt
Related: RHEL-55339
* Wed Sep 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-5
- Fix CVE-2024-6119: Possible denial of service in X.509 name checks
Resolves: RHEL-55339
* Wed Aug 21 2024 Clemens Lang <cllang@redhat.com> - 1:3.2.2-4
- Fix CVE-2024-5535: SSL_select_next_proto buffer overread
Resolves: RHEL-45657
* Sat Jun 22 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
- Replace HKDF backward compatibility patch with the official one
Related: RHEL-40823
* Wed Jun 12 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-2
- Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
Resolves: RHEL-40823
* Wed Jun 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
- Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741,
and Minerva attack.
Resolves: RHEL-32148
Resolves: RHEL-36792
Resolves: RHEL-38514
Resolves: RHEL-39111
* Thu May 23 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-2
- Update RNG changing for FIPS purpose
Resolves: RHEL-35380
* Wed Apr 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-1
- Rebasing OpenSSL to 3.2.1
Resolves: RHEL-26271
* Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27
- Use certified FIPS module instead of freshly built one in Red Hat distribution
Related: RHEL-23474
* Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26
- Avoid implicit function declaration when building openssl
Related: RHEL-1780
- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
Resolves: RHEL-17104
- Add a directory for OpenSSL providers configuration
Resolves: RHEL-17193
- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
Resolves: RHEL-19515
- POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
Resolves: RHEL-21151
- Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
Resolves: RHEL-21654
- SSL ECDHE Kex fails when pkcs11 engine is set in config file
Resolves: RHEL-20249
- Denial of service via null dereference in PKCS#12
Resolves: RHEL-22486
- Use certified FIPS module instead of freshly built one in Red Hat distribution
Resolves: RHEL-23474
* Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
- Provide relevant diagnostics when FIPS checksum is corrupted
Resolves: RHEL-5317
- Don't limit using SHA1 in KDFs in non-FIPS mode.
Resolves: RHEL-5295
- Provide empty evp_properties section in main OpenSSL configuration file
Resolves: RHEL-11439
- Avoid implicit function declaration when building openssl
Resolves: RHEL-1780
- Forbid explicit curves when created via EVP_PKEY_fromdata
Resolves: RHEL-5304
- AES-SIV cipher implementation contains a bug that causes it to ignore empty
associated data entries (CVE-2023-2975)
Resolves: RHEL-5302
- Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Resolves: RHEL-5306
- Excessive time spent checking DH q parameter value (CVE-2023-3817)
Resolves: RHEL-5308
- Fix incorrect cipher key and IV length processing (CVE-2023-5363)
Resolves: RHEL-13251
- Switch explicit FIPS indicator for RSA-OAEP to approved following
clarification with CMVP
Resolves: RHEL-14083
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
Resolves: RHEL-14083
- Add missing ECDH Public Key Check in FIPS mode
Resolves: RHEL-15990
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
Resolves: RHEL-15954
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
- Make FIPS module configuration more crypto-policies friendly
Related: rhbz#2216256
* Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23
- Add a workaround for lack of EMS in FIPS mode
Resolves: rhbz#2216256
* Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22
- Remove unsupported curves from nist_curves.
Resolves: rhbz#2069336
* Mon Jun 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-21
- Remove the listing of brainpool curves in FIPS mode.
Related: rhbz#2188180
* Tue May 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-20
- Fix possible DoS translating ASN.1 object identifiers
Resolves: CVE-2023-2650
- Release the DRBG in global default libctx early
Resolves: rhbz#2211340
* Mon May 22 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-19
- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode
Resolves: rhbz#2169757
* Thu May 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-18
- Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode
Resolves: rhbz#2160797
* Tue May 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-17
- Enforce using EMS in FIPS mode - better alerts
Related: rhbz#2157951
/etc/pki/tls /etc/pki/tls/certs /etc/pki/tls/ct_log_list.cnf /etc/pki/tls/fips_local.cnf /etc/pki/tls/misc /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.d /etc/pki/tls/private /usr/lib/.build-id /usr/lib/.build-id/10 /usr/lib/.build-id/10/8c7a7e9d725b58b0b68396b7269cbf1cb418a4 /usr/lib/.build-id/45 /usr/lib/.build-id/45/f41d6fcd2d036c607ccba07ac067c03dda7136 /usr/lib/.build-id/50 /usr/lib/.build-id/50/a3a82a4585bc67a8f2961c3df4bacc704e878b /usr/lib/.build-id/b8 /usr/lib/.build-id/b8/fac0f4cbf4622b74b168d09b46772237b1b4d9 /usr/lib/.build-id/c9 /usr/lib/.build-id/c9/6e0d8271a957f617845d61e3c2138b20d7ed97 /usr/lib/.build-id/dc /usr/lib/.build-id/dc/0d820d6d64191b251c3ed45903a005fd7d8686 /usr/lib/.build-id/e5 /usr/lib/.build-id/e5/4d6677099867be2036c03c48e7bed907f269e3 /usr/lib/.build-id/f8 /usr/lib/.build-id/f8/a6d0410f9115aa7ec70c6c9315eaffd2bc1426 /usr/lib64/engines-3 /usr/lib64/engines-3/afalg.so /usr/lib64/engines-3/capi.so /usr/lib64/engines-3/loader_attic.so /usr/lib64/engines-3/padlock.so /usr/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3.5.0 /usr/lib64/libssl.so.3 /usr/lib64/libssl.so.3.5.0 /usr/lib64/ossl-modules /usr/lib64/ossl-modules/fips.so /usr/lib64/ossl-modules/legacy.so /usr/share/licenses/openssl-libs /usr/share/licenses/openssl-libs/LICENSE.txt
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed May 21 02:44:57 2025