[ol7_developer_EPEL] openssl11-1:1.1.1k-3.el7.x86_64

Name:	openssl11
Epoch:	1
Version:	1.1.1k
Release:	3.el7
Architecture:	x86_64
Group:	Unspecified
Size:	1066135
License:	OpenSSL and ASL 2.0
RPM:	openssl11-1.1.1k-3.el7.x86_64.rpm
Source RPM:	openssl11-1.1.1k-3.el7.src.rpm
Build Date:	Thu Apr 07 2022
Build Host:	build-ol7-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	Utilities from the general purpose cryptography library with TLS implementation
Description:	The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

Mon Mar 28 2022 Robert Scheck <robert@fedoraproject.org> 1.1.1k-3

- backport from 1.1.1k-6: CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  Resolves: rhbz#2067144

Wed Nov 17 2021 Robert Scheck <robert@fedoraproject.org> 1.1.1k-2

- backport from 1.1.1k-5: CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings.
  Resolves: rhbz#2005400

Tue Nov 09 2021 Robert Scheck <robert@fedoraproject.org> 1.1.1k-1

- backport from 1.1.1k-4: Fixes bugs in s390x AES code
- backport from 1.1.1k-4: Uses the first detected address family if IPv6 is not available
- backport from 1.1.1k-4: Reverts the changes in https://github.com/openssl/openssl/pull/13305
  as it introduces a regression if server has a DSA key pair, the handshake fails
  when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
  it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature
  will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
  known - https://trac.nginx.org/nginx/ticket/2071#comment:1
  As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could
  early callback instead of servername callback. Resolves: rhbz#197821, related: rhbz#1934534
- backport from 1.1.1k-3: Cleansup the peer point formats on renegotiation. Resolves rhbz#1965362
- backport from 1.1.1k-2: Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
- backport from 1.1.1k-2: Using safe primes for FIPS DH self-test
- backport from 1.1.1k-1: Update to version 1.1.1k
- backport from 1.1.1g-16: Use AI_ADDRCONFIG only when explicit host name is given
- backport from 1.1.1g-16: Allow only curves defined in RFC 8446 in TLS 1.3

Mon Mar 29 2021 Robert Scheck <robert@fedoraproject.org> 1.1.1g-3

- backport from 1.1.1g-15: version bump
- backport from 1.1.1g-14: CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
- backport from 1.1.1g-13: Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing

Wed Dec 16 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1g-2

- backport from 1.1.1g-12: Fix CVE-2020-1971 ediparty null pointer dereference
- backport from 1.1.1g-11.1: Implemented new FIPS requirements in regards to KDF and DH selftests
- backport from 1.1.1g-11.1: Disallow certificates with explicit EC parameters

Fri Nov 13 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1g-1

- backport from 1.1.1g-11: Further changes for SP 800-56A rev3 requirements
- backport from 1.1.1g-9: Rewire FIPS_drbg API to use the RAND_DRBG
- backport from 1.1.1g-9: Use the well known DH groups in TLS even for 2048 and 1024 bit parameters
- backport from 1.1.1g-7: Disallow dropping Extended Master Secret extension on renegotiation
- backport from 1.1.1g-7: Return alert from s_server if ALPN protocol does not match
- backport from 1.1.1g-7: SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration
- backport from 1.1.1g-6: Add FIPS selftest for PBKDF2 and KBKDF
- backport from 1.1.1g-5: Allow only well known DH groups in the FIPS mode
- backport from 1.1.1g-1: update to the 1.1.1g release
- backport from 1.1.1g-1: FIPS module installed state definition is modified

Wed May 13 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1c-2

- backport from 1.1.1c-15: add selftest of the RAND_DRBG implementation
- backport from 1.1.1c-14: fix incorrect error return value from FIPS_selftest_dsa
- backport from 1.1.1c-14: S390x: properly restore SIGILL signal handler
- backport from 1.1.1c-12: additional fix for the edk2 build
- backport from 1.1.1c-9: disallow use of SHA-1 signatures in TLS in FIPS mode
- backport from 1.1.1c-8: fix CVE-2019-1547 - side-channel weak encryption vulnerability
- backport from 1.1.1c-8: fix CVE-2019-1563 - padding oracle in CMS API
- backport from 1.1.1c-8: fix CVE-2019-1549 - ensure fork safety of the DRBG
- backport from 1.1.1c-8: fix handling of non-FIPS allowed EC curves in FIPS mode
- backport from 1.1.1c-8: fix TLS compliance issues
- backport from 1.1.1c-7: backported ARM performance fixes from master
- backport from 1.1.1c-6: backport of S390x ECC CPACF enhancements from master
- backport from 1.1.1c-6: FIPS mode: properly disable 1024 bit DSA key generation
- backport from 1.1.1c-6: FIPS mode: skip ED25519 and ED448 algorithms in openssl speed
- backport from 1.1.1c-6: FIPS mode: allow AES-CCM ciphersuites
- backport from 1.1.1c-5: make the code suitable for edk2 build
- backport from 1.1.1c-4: backport of SSKDF from master
- backport from 1.1.1c-3: backport of KBKDF and KRB5KDF from master

Sun Jan 19 2020 Robert Scheck <robert@fedoraproject.org> 1.1.1c-1
```
- transformed openssl-1.1.1c-2.el8 into openssl11 (#1792741)
```

Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2

- do not try to use EC groups disallowed in FIPS mode
  in TLS
- fix Valgrind regression with constant-time code

Mon Jun 03 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1
```
- update to the 1.1.1c release
```