[ol7_developer_EPEL] openssl11-devel-1:1.1.1g-3.el7.aarch64

OpenSSL is a toolkit for supporting cryptography. The openssl-devel
package contains include files needed to develop applications which
support various cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

• Mon Mar 29 2021 Robert Scheck <robert@fedoraproject.org> 1.1.1g-3

  - backport from 1.1.1g-15: version bump
  - backport from 1.1.1g-14: CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
  - backport from 1.1.1g-13: Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing

• Wed Dec 16 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1g-2

  - backport from 1.1.1g-12: Fix CVE-2020-1971 ediparty null pointer dereference
  - backport from 1.1.1g-11.1: Implemented new FIPS requirements in regards to KDF and DH selftests
  - backport from 1.1.1g-11.1: Disallow certificates with explicit EC parameters

• Fri Nov 13 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1g-1

  - backport from 1.1.1g-11: Further changes for SP 800-56A rev3 requirements
  - backport from 1.1.1g-9: Rewire FIPS_drbg API to use the RAND_DRBG
  - backport from 1.1.1g-9: Use the well known DH groups in TLS even for 2048 and 1024 bit parameters
  - backport from 1.1.1g-7: Disallow dropping Extended Master Secret extension on renegotiation
  - backport from 1.1.1g-7: Return alert from s_server if ALPN protocol does not match
  - backport from 1.1.1g-7: SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration
  - backport from 1.1.1g-6: Add FIPS selftest for PBKDF2 and KBKDF
  - backport from 1.1.1g-5: Allow only well known DH groups in the FIPS mode
  - backport from 1.1.1g-1: update to the 1.1.1g release
  - backport from 1.1.1g-1: FIPS module installed state definition is modified

• Wed May 13 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1c-2

  - backport from 1.1.1c-15: add selftest of the RAND_DRBG implementation
  - backport from 1.1.1c-14: fix incorrect error return value from FIPS_selftest_dsa
  - backport from 1.1.1c-14: S390x: properly restore SIGILL signal handler
  - backport from 1.1.1c-12: additional fix for the edk2 build
  - backport from 1.1.1c-9: disallow use of SHA-1 signatures in TLS in FIPS mode
  - backport from 1.1.1c-8: fix CVE-2019-1547 - side-channel weak encryption vulnerability
  - backport from 1.1.1c-8: fix CVE-2019-1563 - padding oracle in CMS API
  - backport from 1.1.1c-8: fix CVE-2019-1549 - ensure fork safety of the DRBG
  - backport from 1.1.1c-8: fix handling of non-FIPS allowed EC curves in FIPS mode
  - backport from 1.1.1c-8: fix TLS compliance issues
  - backport from 1.1.1c-7: backported ARM performance fixes from master
  - backport from 1.1.1c-6: backport of S390x ECC CPACF enhancements from master
  - backport from 1.1.1c-6: FIPS mode: properly disable 1024 bit DSA key generation
  - backport from 1.1.1c-6: FIPS mode: skip ED25519 and ED448 algorithms in openssl speed
  - backport from 1.1.1c-6: FIPS mode: allow AES-CCM ciphersuites
  - backport from 1.1.1c-5: make the code suitable for edk2 build
  - backport from 1.1.1c-4: backport of SSKDF from master
  - backport from 1.1.1c-3: backport of KBKDF and KRB5KDF from master

• Sun Jan 19 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1c-1

  - transformed openssl-1.1.1c-2.el8 into openssl11 (#1792741)

• Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2

  - do not try to use EC groups disallowed in FIPS mode
    in TLS
  - fix Valgrind regression with constant-time code

• Mon Jun 03 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1

  - update to the 1.1.1c release

• Fri May 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-6

  - adjust the default cert pbe algorithm for pkcs12 -export
    in the FIPS mode

• Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-5

  - Fix small regressions related to the rebase

• Tue May 07 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-3

  - FIPS compliance fixes