Fedora Packages

openssl11-devel-1.1.1k-2.el7 in EPEL 7

↵ Return to the main page of openssl11-devel
View build
Search for updates

Package Info (Data from x86_64 build)
🠗 Changelog
🠗 Dependencies
🠗 Provides
🠗 Files

Changelog

Date Author Change
2021-11-17 Robert Scheck <robert at fedoraproject dot org> 1.1.1k-2 - backport from 1.1.1k-5: CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings. Resolves: rhbz#2005400
2021-11-09 Robert Scheck <robert at fedoraproject dot org> 1.1.1k-1 - backport from 1.1.1k-4: Fixes bugs in s390x AES code - backport from 1.1.1k-4: Uses the first detected address family if IPv6 is not available - backport from 1.1.1k-4: Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted, it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already known - https://trac.nginx.org/nginx/ticket/2071#comment:1 As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could early callback instead of servername callback. Resolves: rhbz#197821, related: rhbz#1934534 - backport from 1.1.1k-3: Cleansup the peer point formats on renegotiation. Resolves rhbz#1965362 - backport from 1.1.1k-2: Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085 - backport from 1.1.1k-2: Using safe primes for FIPS DH self-test - backport from 1.1.1k-1: Update to version 1.1.1k - backport from 1.1.1g-16: Use AI_ADDRCONFIG only when explicit host name is given - backport from 1.1.1g-16: Allow only curves defined in RFC 8446 in TLS 1.3
2021-03-29 Robert Scheck <robert at fedoraproject dot org> 1.1.1g-3 - backport from 1.1.1g-15: version bump - backport from 1.1.1g-14: CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT - backport from 1.1.1g-13: Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing
2020-12-16 Robert Scheck <robert at fedoraproject dot org> 1.1.1g-2 - backport from 1.1.1g-12: Fix CVE-2020-1971 ediparty null pointer dereference - backport from 1.1.1g-11.1: Implemented new FIPS requirements in regards to KDF and DH selftests - backport from 1.1.1g-11.1: Disallow certificates with explicit EC parameters
2020-11-13 Robert Scheck <robert at fedoraproject dot org> 1.1.1g-1 - backport from 1.1.1g-11: Further changes for SP 800-56A rev3 requirements - backport from 1.1.1g-9: Rewire FIPS_drbg API to use the RAND_DRBG - backport from 1.1.1g-9: Use the well known DH groups in TLS even for 2048 and 1024 bit parameters - backport from 1.1.1g-7: Disallow dropping Extended Master Secret extension on renegotiation - backport from 1.1.1g-7: Return alert from s_server if ALPN protocol does not match - backport from 1.1.1g-7: SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration - backport from 1.1.1g-6: Add FIPS selftest for PBKDF2 and KBKDF - backport from 1.1.1g-5: Allow only well known DH groups in the FIPS mode - backport from 1.1.1g-1: update to the 1.1.1g release - backport from 1.1.1g-1: FIPS module installed state definition is modified
2020-05-13 Robert Scheck <robert at fedoraproject dot org> 1.1.1c-2 - backport from 1.1.1c-15: add selftest of the RAND_DRBG implementation - backport from 1.1.1c-14: fix incorrect error return value from FIPS_selftest_dsa - backport from 1.1.1c-14: S390x: properly restore SIGILL signal handler - backport from 1.1.1c-12: additional fix for the edk2 build - backport from 1.1.1c-9: disallow use of SHA-1 signatures in TLS in FIPS mode - backport from 1.1.1c-8: fix CVE-2019-1547 - side-channel weak encryption vulnerability - backport from 1.1.1c-8: fix CVE-2019-1563 - padding oracle in CMS API - backport from 1.1.1c-8: fix CVE-2019-1549 - ensure fork safety of the DRBG - backport from 1.1.1c-8: fix handling of non-FIPS allowed EC curves in FIPS mode - backport from 1.1.1c-8: fix TLS compliance issues - backport from 1.1.1c-7: backported ARM performance fixes from master - backport from 1.1.1c-6: backport of S390x ECC CPACF enhancements from master - backport from 1.1.1c-6: FIPS mode: properly disable 1024 bit DSA key generation - backport from 1.1.1c-6: FIPS mode: skip ED25519 and ED448 algorithms in openssl speed - backport from 1.1.1c-6: FIPS mode: allow AES-CCM ciphersuites - backport from 1.1.1c-5: make the code suitable for edk2 build - backport from 1.1.1c-4: backport of SSKDF from master - backport from 1.1.1c-3: backport of KBKDF and KRB5KDF from master
2020-01-19 Robert Scheck <robert at fedoraproject dot org> 1.1.1c-1 - transformed openssl-1.1.1c-2.el8 into openssl11 (#1792741)
2019-06-24 Tomáš Mráz <tmraz at redhat dot com> 1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code
2019-06-03 Tomáš Mráz <tmraz at redhat dot com> 1.1.1c-1 - update to the 1.1.1c release
2019-05-24 Tomáš Mráz <tmraz at redhat dot com> 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode

Provides

  • openssl11-devel
  • openssl11-devel(x86-64)
  • pkgconfig(libcrypto11)
  • pkgconfig(libssl11)
  • pkgconfig(openssl11)

Files


Sources on Pagure