[ol6_addons] openssl-fips-static-1.0.1j-2.0.2.el6.x86_64

Name:	openssl-fips-static
Version:	1.0.1j
Release:	2.0.2.el6
Architecture:	x86_64
Group:	Development/Libraries
Size:	5229958
License:	OpenSSL
RPM:	openssl-fips-static-1.0.1j-2.0.2.el6.x86_64.rpm
Source RPM:	openssl-fips-1.0.1j-2.0.2.el6.src.rpm
Build Date:	Mon Nov 03 2014
Build Host:	ca-build44.us.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	Libraries for static linking of applications which will use OpenSSL
Description:	OpenSSL is a toolkit for supporting cryptography. The openssl-static package contains static libraries needed for static linking of applications which support various cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

Fri Oct 31 2014 Dwight Engen <dwight.engen@oracle.com> 1.0.1j-2.0.2
```
- update README.FIPS with step-by-step install instructions
```

Mon Oct 20 2014 Dwight Engen <dwight.engen@oracle.com> 1.0.1j-2.0.1

- update to upstream 1.0.1j
- change name to openssl-fips
- change Obsoletes: openssl to Conflicts: openssl
- add Provides: openssl

Tue Sep 30 2014 Dwight Engen <dwight.engen@oracle.com> 1.0.1i-2.0.3.fips

- update to fips canister 2.0.8 to remove Dual EC DRBG
- run gcc -v so the gcc build version is captured in the build log

Fri Sep 12 2014 Dwight Engen <dwight.engen@oracle.com> 1.0.1i-2.0.2.fips

- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg

Wed Aug 13 2014 Dwight Engen <dwight.engen@oracle.com> 1.0.1i-2.0.1.fips

- build against upstream 1.0.1i
- build against fips validated canister 2.0.7
- add patch to support fips=1
- rename pkg to openssl-fips and Obsolete openssl

Mon Jun 02 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.14

- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH

Mon Apr 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.7

- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

Tue Jan 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.4
```
- fix CVE-2013-4353 - Invalid TLS handshake crash
```
Mon Jan 06 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.3
```
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
```

Fri Dec 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.2

- fix CVE-2013-6449 - crash when version in SSL structure is incorrect