| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: libtls32 | Distribution: SUSE Linux Enterprise 16 | 
| Version: 4.1.0 | Vendor: openSUSE | 
| Release: bp160.1.1 | Build date: Mon Sep 1 15:13:02 2025 | 
| Group: System/Libraries | Build host: reproducible | 
| Size: 79928 | Source RPM: libressl-4.1.0-bp160.1.1.src.rpm | 
| Packager: https://bugs.opensuse.org | |
| Url: https://www.libressl.org/ | |
| Summary: A simplified interface for the OpenSSL/LibreSSL TLS protocol implementation | |
LibreSSL is an implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with refactorings. The libtls library provides a modern and simplified interface (of libssl) for secure client and server communications.
OpenSSL
* Mon Sep 01 2025 Jan Engelhardt <jengelh@inai.de>
  - Move default config to /etc/libressl.
* Thu Aug 14 2025 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.1.0
    * New: libtls has a new tls_peer_cert_common_name() API call to
      retrieve the peer's common name without having to inspect the
      PEM.
    * Bugfix: Again allow the magic values -1, -2 and -3 for the salt
      length of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str()
      interface.
* Sat Mar 08 2025 Jan Engelhardt <jengelh@inai.de>
  - Document absence of openssl3 APIs in descriptions and a
    symbol list text file in %_docdir.
* Tue Oct 15 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.0.0
    * Added CRLfile option to the cms command of openssl(1) to
      specify additional CRLs for use during verification.
    * Protocol parsing in libtls was changed. The unsupported
      TLSv1.1 and TLSv1.0 protocols are ignored and no longer
      enable or disable TLSv1.2 in surprising ways.
    * The dangerous EVP_PKEY*_check(3) family of functions was
      removed. The openssl(1) pkey and pkeyparam commands no longer
      support the -check and -pubcheck flags.
    * Support for Whirlpool was removed. Applications still using
      this should honor OPENSSL_NO_WHIRLPOOL.
    * Removed X509_REQ_{get,set}_extension_nids().
    * Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD,
      STORE, STORE_METHOD, and SSL_AEAD_CTX.
    * i2d_ASN1_OBJECT() now returns -1 on error like most other
      i2d_*.
    * SPKAC support was removed from openssl(1).
    * Added TLS1-PRF support to the EVP interface.
    * SSL_CTX_set1_cert_store() and
      SSL_CIPHER_get_handshake_digest() were added to libssl.
    * The OpenSSL pkcs12 command and PKCS12_create() no longer
      support setting the Microsoft-specific Local Key Set and
      Cryptographic Service Provider attributes.
* Thu May 16 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.9.2
    * A missing bounds check could lead to a crash due to
      dereferencing a zero-sized allocation.
* Sat Mar 30 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.9.1
    * Updated tests with expiring certificates
    * CET-related build fixes for Windows and macOS targets
    * update libtls linker script to include libssl and
      libcrypto again
* Fri Mar 15 2024 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.8.3:
    * Improved control-flow enforcement (CET) support.
* Tue Nov 14 2023 Jan Engelhardt <jengelh@inai.de>
  - Rework conflicts again
* Fri Nov 03 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.8.2
    * Added support for truncated SHA-2 and for SHA-3.
    * The BPSW primality test performs additional Miller-Rabin rounds
      with random bases to reduce the likelihood of composites passing.
    * Allow testing of ciphers and digests using badly aligned buffers
      in openssl speed.
    * Added a workaround for a poorly thought-out change in OpenSSL 3
      that broke privilege separation support in libtls.
    * Compatibility changes:
    * Removed most public symbols that were deprecated in OpenSSL
      0.9.8.
    * Security fixes:
    * Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no
      longer be selected for use.
* Tue Jun 20 2023 Otto Hollmann <otto.hollmann@suse.com>
  - Improve cross-package provides/conflicts [boo#1210313]
    * Remove explicit conflicts with other devel-libraries
    * Remove Obsoletes: ssl
* Mon May 29 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.7.3:
    * Bug fix: Hostflags in the verify parameters would not
      propagate from an SSL_CTX to newly created SSL.
    * Reliability fix: A double free or use after free could occur
      after SSL_clear(3).
* Sat Apr 08 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.7.2
    * Updates to the build system
* Sat Mar 18 2023 Jan Engelhardt <jengelh@inai.de>
  - Add more conflicts between openssl<>libressl
* Thu Mar 16 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.7.1
    * Added UI_null()
    * Added X509_STORE_*check_issued()
    * Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors
    * Added EVP_CIPHER_meth_*() setter API
* Mon Dec 12 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.7.0
    * New features:
    * Added Ed25519 support both as a primitive and via OpenSSL's
      EVP interfaces.
    * X25519 is now also supported via EVP.
    * The OpenSSL 1.1 raw public and private key API is available
      with support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and
      EVP_PKEY_X25519. Poly1305 is not currently supported via this
      interface.
    * Bug fixes:
    * Add EVP_chacha20_poly1305() to the list of all ciphers.
    * Avoid signed overflow in i2c_ASN1_BIT_STRING().
* Tue Nov 01 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.6.1
    * Custom verification callbacks could cause the X.509 verifier
      to fail to store errors resulting from leaf certificate
      verification.
    * Unbreak ASN.1 indefinite length encoding.
* Thu Oct 06 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.6.0
    * Avoid expensive RFC 3779 checks during cert verification.
    * The ASN.1 time parser has been refactored and rewritten using
      CBS. It has been made stricter in that it now enforces the
      rules from RFC 5280.
    * EVP API for HKDF ported from OpenSSL and subsequently cleaned
      up.
    * Add initial support for TS ESSCertIDv2 verification.
* Thu May 19 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.5.3
    * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in
      advancing the passed *der_in pointer incorrectly.
* Thu Apr 28 2022 Paolo Stivanin <info@paolostivanin.com>
  - Update to release 3.5.2:
    * New Features:
    * The RFC 3779 API was ported from OpenSSL. Many bugs were
      fixed, regression tests were added and the code was cleaned
      up.
    * Certificate Transparency was ported from OpenSSL. Many
      internal improvements were made, resulting in cleaner and
      safer code. Regress coverage was added. libssl does not yet
      make use of it.
    * Portable Improvements:
    * Fixed various POSIX compliance and other portability issues
      found by the port to the Sortix operating system.
    * Compatibility Changes:
    * Most structs that were previously defined in the following
      headers are now opaque as they are in OpenSSL 1.1: bio.h,
      bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
      x509.h, x509v3.h, x509_vfy.h
    * Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
      OpenSSL added the TLSv1.3 ciphersuites with "RFC names"
      instead of using something consistent with the previous
      naming. Various test suites expect these names (instead of
      checking for the much more sensible cipher numbers). The old
      names are still accepted as aliases.
    * Subject alternative names and name constraints are now
      validated when they are added to certificates. Various
      interoperability problems with stacks that validate
      certificates more strictly than OpenSSL can be avoided this
      way.
    * Attempt to opportunistically use the host name for SNI in
      s_client
  - Rebase des-fcrypt.diff
  - Rebase extra-symver.diff
* Wed Mar 16 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.4.3
    * A malicious certificate could cause an infinite loop in
      previous releases. [CVE-2022-0778]
* Thu Dec 30 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.4.2 [boo#1190853]
    * Add support for OpenSSL 1.1.1 TLSv1.3 APIs.
    * Enable the new x509 validator.
* Thu Dec 09 2021 Ferdinand Thiessen <rpm@fthiessen.de>
  - Update to release 3.3.5
    * Fixed: A stack overread could occur when checking X.509 name
      constraints.
    * Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
      This compensates for the expiry of the DST Root X3 certificate.
* Thu Aug 26 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.3.4
    * In LibreSSL, printing a certificate could result in a crash in
      X509_CERT_AUX_print(). This was fixed.
* Wed May 05 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.3.3
    * Support for DTLSv1.2.
    * Continued rewrite of the record layer for the legacy stack.
    * Numerous bugs and interoperability issues were fixed in the
      new verifier. A few bugs and incompatibilities remain, so
      this release uses the old verifier by default.
    * The OpenSSL 1.1 TLSv1.3 API is not yet available.
* Sun Mar 21 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.5
    * A TLS client using session resumption may have caused a
      use-after-free.
* Sat Feb 13 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.4
    * Switch back to certificate verification code from LibreSSL
      3.1.x. The new verifier is not bug compatible with the old
      verifier causing issues with applications expecting behavior
      of the old verifier.
    * Unbreak DTLS retransmissions for flights that include a CCS.
    * Implement autochain for the TLSv1.3 server.
    * Use the legacy verifier for autochain.
    * Implement exporter for TLSv1.3.
    * Plug leak in x509_verify_chain_dup().
* Thu Dec 10 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.3
    * Fixed: Malformed ASN.1 in a certificate revocation list or a
      timestamp response token could lead to a NULL pointer
      dereference.
* Wed Oct 21 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.2.2
    * New X509 certificate chain validator that correctly handles
      multiple paths through intermediate certificates.
    * New name constraints verification implementation.
    * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h.
    * Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash.
    * Avoid an out-of-bounds write in BN_rand().
    * Fix numerous leaks in the UI_dup_* functions.
    * Avoid an out-of-bounds write in BN_rand().
* Wed Aug 19 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.4
    * TLS 1.3 client improvements:
    * Improve client certificate selection to allow EC certificates
      instead of only RSA certificates.
    * Do not error out if a TLSv1.3 server requests an OCSP
      response as part of a certificate request.
    * Fix SSL_shutdown behavior to match the legacy stack. The
      previous behaviour could cause a hang.
    * Fix a memory leak and add a missing error check in the
      handling of the key update message.
    * Fix a memory leak in tls13_record_layer_set_traffic_key.
    * Avoid calling freezero with a negative size if a server sends
      a malformed plaintext of all zeroes.
    * Ensure that only PSS may be used with RSA in TLSv1.3 in order
      to avoid using PKCS1-based signatures.
    * Add the P-521 curve to the list of curves supported by
      default in the client.
* Wed Jun 17 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.3
    * Fixed libcrypto failing to build a valid certificate chain
      due to expired untrusted issuer certificates.
* Sat May 23 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.2
    * A TLS client with peer verification disabled may crash when
      contacting a server that sends an empty certificate list.
* Sun May 10 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.1.1
    * Completed initial TLS 1.3 implementation with a completely
      new state machine and record layer. TLS 1.3 is now enabled by
      default for the client side, with the server side to be
      enabled in a future release. Note that the OpenSSL TLS 1.3
      API is not yet visible/available.
    * Improved cipher suite handling to automatically include
      TLSv1.3 cipher suites when they are not explicitly referred
      to in the cipher
      string.
    * Provided TLSv1.3 cipher suite aliases to match the names used
      in RFC 8446.
    * Added cms subcommand to openssl(1).
    * Added -addext option to openssl(1) req subcommand.
    * Added -groups option to openssl(1) s_server subcommand.
    * Added TLSv1.3 extension types to openssl(1) -tlsextdebug.
* Sun Oct 20 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to release 3.0.2
    * Use a valid curve when constructing an EC_KEY that looks like
      X25519. The recent EC group cofactor change results in
      stricter validation, which causes the EC_GROUP_set_generator()
      call to fail.
    * Fixed a padding oracle in PKCS7_dataDecode and
      CMS_decrypt_set1_pkey. (Note that the CMS code is currently
      disabled).
* Wed May 22 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.9.2
    * Fixed SRTP profile advertisement for DTLS servers.
* Tue Apr 23 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.9.1
    * Added the SM4 block cipher from the Chinese standard GB/T
      32907-2016.
    * Partial port of the OpenSSL EC_KEY_METHOD API for use by
      OpenSSH.
    * Implemented further missing OpenSSL 1.1 API.
    * Added support for XChaCha20 and XChaCha20-Poly1305.
    * Added support for AES key wrap constructions via the EVP
      interface.
* Sun Mar 31 2019 Jan Engelhardt <jengelh@inai.de>
  - Add openssl(cli) provides. Replace otherproviders conflict
    by normal Conflict+Provides. [boo#1210313]
* Thu Mar 14 2019 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.9.0
    * CRYPTO_LOCK is now automatically initialized, with the legacy
      callbacks stubbed for compatibility.
    * Added the SM3 hash function from the Chinese standard GB/T
      32905-2016.
    * Added more OPENSSL_NO_* macros for compatibility with
      OpenSSL.
    * Added the ability to use the RSA PSS algorithm for handshake
      signatures.
    * Added functionality to derive early, handshake, and
      application secrets as per RFC8446.
    * Added handshake state machine from RFC8446.
    * Added support for assembly optimizations on 32-bit ARM ELF
      targets.
    * Improved protection against timing side channels in ECDSA
      signature generation.
    * Coordinate blinding was added to some elliptic curves. This
      is the last bit of the work by Brumley et al. to protect
      against the Portsmash vulnerability.
* Mon Dec 24 2018 sean@suspend.net
  - Update to new upstream release 2.8.3
    * Fixed warnings about clock_gettime on Windows VS builds
    * Fixed CMake builds on systems where getpagesize is inline
    * Implemented coordinate blinding for EC_POINT for portsmash
    * Fixed a non-uniformity in getentropy(2) to discard zeroes
* Tue Oct 23 2018 Bernhard Wiedemann <bwiedemann@suse.com>
  - Update extra-symver.diff to fix build with -j1
* Fri Oct 19 2018 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.8.2
    * Added Wycheproof support for ECDH and ECDSA Web Crypto test
      vectors, along with test harness fixes.
* Sat Oct 13 2018 Jan Engelhardt <jengelh@inai.de>
  - Update to new upstream release 2.8.1
    * Simplified key exchange signature generation and verification.
    * Fixed a one-byte buffer overrun in callers of
    EVP_read_pw_string.
    * Modified signature of CRYPTO_mem_leaks_* to return -1. This
    function is a no-op in LibreSSL, so this function returns an
    error to not indicate the (non-)existence of memory leaks.
    * SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate,
    BIO_set_cipher, X509_OBJECT_up_ref_count now return an int for
    error handling, matching OpenSSL.
    * Converted a number of #defines into proper functions, matching
    OpenSSL's ABI.
    * Added X509_get0_serialNumber from OpenSSL.
    * Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while
    adding PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs,
    matching OpenSSL.
    * Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL.
    * Added new EVP_CIPHER_CTX_(get|set)_iv() API that allows the IV
    to be retrieved and set with appropriate validation.
* Wed Aug 08 2018 jengelh@inai.de
  - Update to new upstream release 2.8.0
    * Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry.
    * Tighten up checks for various X509_VERIFY_PARAM functions,
      'poisoning' parameters so that an unverified certificate
      cannot be used if it fails verification.
    * Fixed a potential memory leak on failure in ASN1_item_digest.
    * Fixed a potential memory alignment crash in
      asn1_item_combine_free.
    * Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and
      SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO
      paths.
    * Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds.
    * Added const annotations to many existing APIs from OpenSSL,
      making interoperability easier for downstream applications.
    * Added a missing bounds check in c2i_ASN1_BIT_STRING.
    * Removed three remaining single DES cipher suites.
    * Fixed a potential leak/incorrect return value in DSA
      signature generation.
    * Added a blinding value when generating DSA and ECDSA
      signatures, in order to reduce the possibility of a
      side-channel attack leaking the private key.
    * Added ECC constant time scalar multiplication support.
    * Revised the implementation of RSASSA-PKCS1-v1_5 to match the
      specification in RFC 8017.
    * Changes from 2.7.4:
    * Avoid a timing side-channel leak when generating DSA and ECDSA
      signatures. [CVE-2018-12434, boo#1097779]
    * Reject excessively large primes in DH key generation.
* Mon May 07 2018 jengelh@inai.de
  - Update to new upstream release 2.7.3
    * Removed incorrect NULL checks in DH_set0_key().
    * Limited tls_config_clear_keys() to only clear private keys.
* Mon Apr 02 2018 jengelh@inai.de
  - Update to new upstream release 2.7.2
    * Updated and added extensive new HISTORY sections to
      the API manuals.
* Mon Mar 26 2018 jengelh@inai.de
  - Update to new upstream release 2.7.1
    * Fixed a bug in int_x509_param_set_hosts, calling strlen() if
      name length provided is 0 to match the OpenSSL behaviour.
      [CVE-2018-8970, boo#1086778]
* Fri Mar 23 2018 jengelh@inai.de
  - Update to new upstream release 2.7.0
    * Added support for many OpenSSL 1.0.2 and 1.1 APIs.
    * Added support for automatic library initialization in
      libcrypto, libssl, and libtls.
    * Converted more packet handling methods to CBB, which improves
      resiliency when generating TLS messages.
    * Completed TLS extension handling rewrite, improving consistency
      of checks for malformed and duplicate extensions.
    * Rewrote ASN1_TYPE_ get,set _octetstring() using templated
      ASN.1. This removes the last remaining use of the old M_ASN1_
      macros (asn1_mac.h) from API that needs to continue to exist.
    * Added support for client-side session resumption in libtls.
    * A libtls client can specify a session file descriptor (a
      regular file with appropriate ownership and permissions) and
      libtls will manage reading and writing of session data across
      TLS handshakes.
    * Merged more DTLS support into the regular TLS code path.
* Thu Dec 21 2017 jengelh@inai.de
  - Update to new upstream release 2.6.4
    * Make tls_config_parse_protocols() work correctly when passed
      a NULL pointer for a protocol string.
    * Correct TLS extensions handling when no extensions are
      present.
* Mon Dec 04 2017 jengelh@inai.de
  - Add extra-symver.diff
* Tue Nov 07 2017 jengelh@inai.de
  - Update to new upstream release 2.6.3
    * Added support for providing CRLs to libtls - once a CRL is
      provided via tls_config_set_crl_file(3) or
      tls_config_set_crl_mem(3), CRL checking is enabled and
      required for the full certificate chain.
    * Reworked TLS certificate name verification code to more
      strictly follow RFC 6125.
    * Relaxed SNI validation to allow non-RFC-compliant clients
      using literal IP addresses with SNI to connect to a
      libtls-based TLS server.
    * Added tls_peer_cert_chain_pem() to libtls, useful in private
      certificate validation callbacks such as those in relayd.
    * Added SSL{,_CTX}_set_{min,max}_proto_version(3) functions.
    * Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
    * Dropped cipher suites using DSS authentication.
    * Removed support for DSS/DSA from libssl.
    * Distinguish between self-issued certificates and self-signed
      certificates. The certificate verification code has special
      cases for self-signed certificates and without this change,
      self-issued certificates (which it seems are common place
      with openvpn/easyrsa) were also being included in this
      category.
    * Removed NPN support - NPN was never standardised and the last
      draft expired in October 2012.
    * Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
      CryptoPro clients.
    * Removed support for the TLS padding extension, which was
      added as a workaround for an old bug in F5's TLS termination.
    * Added ability to clamp notafter values in certificates for
      systems with 32-bit time_t. This is necessary to conform to
      RFC 5280 §4.1.2.5.
    * Removed the original (pre-IETF) chacha20-poly1305 cipher
      suites.
    * Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
  - Add des-fcrypt.diff [boo#1065363]
* Mon Oct 02 2017 jengelh@inai.de
  - Update to new upstream release 2.6.2
    * Provide a useful error with libtls if there are no OCSP URLs
      in a peer certificate.
    * Keep track of which keypair is in use by a TLS context,
      fixing a bug where a TLS server with SNI would only return
      the OCSP staple for the default keypair.
  - Update to new upstream release 2.6.1
    * Added tls_config_set_ecdhecurves() to libtls, which allows
      the names of the eliptical curves that may be used during
      client and server key exchange to be specified.
    * Removed support for DSS/DSA, since we removed the cipher
      suites a while back.
    * Removed NPN support. NPN was never standardised and the last
      draft expired in October 2012. ALPN was standardised.
    * Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
      CryptoPro clients.
    * Removed support for the TLS padding extension, which was
      added as a workaround for an old bug in F5's TLS
      termintation.
    * Added ability to clamp notafter values in certificates for
      systems with 32-bit time_t. This is necessary to conform to
      RFC 5280 §4.1.2.5.
    * Implemented the SSL_CTX_set_min_proto_version(3) API.
    * Removed the original (pre-IETF) chacha20-poly1305 cipher
      suites.
    * Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
* Fri Sep 01 2017 jengelh@inai.de
  - Update to new upstream release 2.6.0
    * Added support for providing CRLs to libtls. Once a CRL is
      provided, we enable CRL checking for the full certificate
      chain.
    * Allow non-compliant clients using IP literal addresses with
      SNI to connect to a server using libtls.
    * Avoid a potential NULL pointer dereference in
      d2i_ECPrivateKey().
    * Added definitions for three OIDs used in EV certificates.
    * Plugged a memory leak in tls_ocsp_free.
    * Added tls_peer_cert_chain_pem, tls_cert_hash, and
      tls_hex_string to libtls, useful in private certificate
      validation callbacks.
    * Reworked TLS certificate name verification code to more
      strictly follow RFC 6125.
    * Added tls_keypair_clear_key for clearing key material.
    * Removed inconsistent IPv6 handling from
      BIO_get_accept_socket, simplified BIO_get_host_ip and
      BIO_accept.
    * Fixed the openssl(1) ca command so that is generates
      certificates with RFC 5280-conformant time.
    * Added ASN1_TIME_set_tm to set an asn1 from a struct tm *.
    * Added SSL{,_CTX}_set_{min,max}_proto_version() functions.
    * Added HKDF (HMAC Key Derivation Function) from BoringSSL
    * Providea a tls_unload_file() function that frees the memory
      returned from a tls_load_file() call, ensuring that it the
      contents become inaccessible. This is specifically needed on
      platforms where the library allocators may be different from
      the application allocator.
    * Perform reference counting for tls_config. This allows
      tls_config_free() to be called as soon as it has been passed
      to the final tls_configure() call, simplifying lifetime
      tracking for the application.
    * Moved internal state of SSL and other structures to be
      opaque.
    * Dropped cipher suites with DSS authentication.
* Thu Aug 24 2017 jengelh@inai.de
  - Update to new upstream release 2.5.5
    * Distinguish between self-issued certificates and self-signed
      certificates. The certificate verification code has special
      cases for self-signed certificates and without this change,
      self-issued certificates (which it seems are common place
      with openvpn/easyrsa) were also being included in this
      category.
* Tue May 09 2017 tchvatal@suse.com
  - Add conflict between libressl and the main versioned packages too
* Fri May 05 2017 tchvatal@suse.com
  - Add conflict for split openssl packages
* Thu May 04 2017 jengelh@inai.de
  - Update to new upstream release 2.5.4
    * Reverted a previous change that forced consistency between
      return value and error code when specifing a certificate
      verification callback, since this breaks the documented API.
    * Switched Linux getrandom() usage to non-blocking mode,
      continuing to use fallback mechanims if unsuccessful.
    * Fixed a bug caused by the return value being set early to
      signal successful DTLS cookie validation.
* Wed Apr 12 2017 jengelh@inai.de
  - Update to new upstream release 2.5.1
    * Avoid a side-channel cache-timing attack that can leak the ECDSA
      private keys when signing. [bnc#1019334]
    * Detect zero-length encrypted session data early
    * Curve25519 Key Exchange support.
    * Support for alternate chains for certificate verification.
  - Update to new upstream release 2.5.2
    * Added EVP interface for MD5+SHA1 hashes
    * Fixed DTLS client failures when the server sends a certificate
      request.
    * Corrected handling of padding when upgrading an SSLv2 challenge
      into an SSLv3/TLS connection.
    * Allowed protocols and ciphers to be set on a TLS config object
      in libtls.
  - Update to new upstream release 2.5.3
    * Documentation updates
  - Remove ecs.diff (merged)
* Mon Jan 23 2017 jengelh@inai.de
  - Add ecs.diff [bnc#1019334]
* Thu Sep 29 2016 jengelh@inai.de
  - Update to new upstream release 2.5.0
    * libtls now supports ALPN and SNI
    * libtls adds a new callback interface for integrating custom IO
    functions.
    * libtls now handles 4 cipher suite groups: "secure"
    (TLSv1.2+AEAD+PFS), "compat" (HIGH:!aNULL), "legacy"
    (HIGH:MEDIUM:!aNULL), "insecure" (ALL:!aNULL:!eNULL). This
    allows for flexibility and finer grained control, rather than
    having two extremes.
    * libtls now always loads CA, key and certificate files at the
    time the configuration function is called.
    * Add support for OCSP intermediate certificates.
    * Added functions used by stunnel and exim from BoringSSL - this
    brings in X509_check_host, X509_check_email, X509_check_ip, and
    X509_check_ip_asc.
    * Improved behavior of arc4random on Windows when using memory
    leak analysis software.
    * Correctly handle an EOF that occurs prior to the TLS handshake
    completing.
    * Limit the support of the "backward compatible" ssl2 handshake
    to only be used if TLS 1.0 is enabled.
    * Fix incorrect results in certain cases on 64-bit systems when
    BN_mod_word() can return incorrect results. BN_mod_word() now
    can return an error condition.
    * Added constant-time updates to address CVE-2016-0702
    * Fixed undefined behavior in BN_GF2m_mod_arr()
    * Removed unused Cryptographic Message Support (CMS)
    * More conversions of long long idioms to time_t
    * Reverted change that cleans up the EVP cipher context in
    EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies
    on the previous behaviour.
    * Avoid unbounded memory growth in libssl, which can be triggered
    by a TLS client repeatedly renegotiating and sending OCSP
    Status Request TLS extensions.
    * Avoid falling back to a weak digest for (EC)DH when using SNI
    with libssl.
* Wed Aug 03 2016 jengelh@inai.de
  - Update to new upstream release 2.4.2
    * Ensured OSCP only uses and compares GENERALIZEDTIME values as
    per RFC6960. Also added fixes for OCSP to work with
    intermediate certificates provided in responses.
    * Fixed incorrect results from BN_mod_word() when the modulus is
    too large.
    * Correctly handle an EOF prior to completing the TLS handshake
    in libtls.
    * Removed flags for disabling constant-time operations. This
    removes support for DSA_FLAG_NO_EXP_CONSTTIME,
    DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags,
    making all of these operations unconditionally constant-time.
* Wed Aug 03 2016 jengelh@inai.de
  - Update to new upstream release 2.4.2
    * Ensured OSCP only uses and compares GENERALIZEDTIME values as
    per RFC6960. Also added fixes for OCSP to work with
    intermediate certificates provided in responses.
    * Fixed incorrect results from BN_mod_word() when the modulus is
    too large.
    * Correctly handle an EOF prior to completing the TLS handshake
    in libtls.
* Fri Jun 10 2016 jengelh@inai.de
  - Update to new upstream release 2.4.1
    * Correct a problem that prevents the DSA signing algorithm from
    running in constant time even if the flag BN_FLG_CONSTTIME is
    set.
* Thu Jun 02 2016 jengelh@inai.de
  - Update to new upstream release 2.4.0
    * Added missing error handling around bn_wexpand() calls.
    * Added explicit_bzero calls for freed ASN.1 objects.
    * Fixed X509_*set_object functions to return 0 on allocation
    failure.
    * Implemented the IETF ChaCha20-Poly1305 cipher suites.
    * Changed default EVP_aead_chacha20_poly1305() implementation to
    the IETF version, which is now the default.
    * Fixed password prompts from openssl(1) to properly handle ^C.
    * Reworked error handling in libtls so that configuration errors
    are visible.
    * Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
* Wed May 04 2016 jengelh@inai.de
  - Update to new upstream release 2.3.4 [boo#978492, boo#977584]
    * Fix multiple vulnerabilities in libcrypto relating to ASN.1 and
    encoding.
* Wed Mar 23 2016 jengelh@inai.de
  - Update to new upstream release 2.3.3
    * cert.pem has been reorganized and synced with Mozilla's
    certificate store
* Tue Feb 02 2016 jengelh@inai.de
  - Update to new upstream release 2.3.2
    * Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
    construction introduced in RFC 7539, which is different than
    that already used in TLS with EVP_aead_chacha20_poly1305().
    * Avoid a potential undefined C99+ behavior due to shift overflow
    in AES_decrypt.
  - Remove 0001-Fix-for-OpenSSL-CVE-2015-3194.patch,
    0001-Fix-for-OpenSSL-CVE-2015-3195.patch (included)
* Fri Dec 11 2015 jengelh@inai.de
  - Add 0001-Fix-for-OpenSSL-CVE-2015-3194.patch,
    0001-Fix-for-OpenSSL-CVE-2015-3195.patch [boo#958768]
* Wed Nov 04 2015 jengelh@inai.de
  - Update to new upstream release 2.3.1
    * ASN.1 cleanups and RFC5280 compliance fixes.
    * Time representations switched from "unsigned long" to "time_t".
    LibreSSL now checks if the host OS supports 64-bit time_t.
    * Changed tls_connect_servername to use the first address that
    resolves with getaddrinfo().
    * Fixed a memory leak and out-of-bounds access in OBJ_obj2txt,
    * Fixed an up-to 7 byte overflow in RC4 when len is not a multiple
    of sizeof(RC4_CHUNK).
  - Drop CVE-2015-5333_CVE-2015-5334.patch (merged)
* Fri Oct 16 2015 astieger@suse.com
  - Security update for libressl:
    * CVE-2015-5333: Memory Leak [boo#950707]
    * CVE-2015-5334: Buffer Overflow [boo#950708]
  - adding CVE-2015-5333_CVE-2015-5334.patch
* Thu Sep 24 2015 jengelh@inai.de
  - Update to new upstream release 2.3.0
    * SSLv3 is now permanently removed from the tree.
    * libtls API: The read/write functions work correctly with external
    event libraries. See the tls_init man page for examples of using
    libtls correctly in asynchronous mode.
    * When using tls_connect_fds, tls_connect_socket or tls_accept_fds,
    libtls no longer implicitly closes the passed in sockets. The
    caller is responsible for closing them in this case.
    * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are
    no longer supported.
    * SHA-0 is removed, which was withdrawn shortly after publication
    20 years ago.
* Sun Aug 30 2015 jengelh@inai.de
  - Update to new upstream release 2.2.3
    * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do
    not include TLS extensions, resulting in such handshakes being
    aborted. This release corrects the handling of such messages.
* Mon Aug 17 2015 jengelh@inai.de
  - drop /etc/ssl/cert.pem
* Mon Aug 17 2015 jengelh@inai.de
  - Avoid file conflict with ca-certificates by dropping
    /etc/ssl/certs
* Sun Aug 09 2015 jengelh@inai.de
  - Update to new upstream release 2.2.2
    * Incorporated fix for OpenSSL issue #3683
    [malformed private key via command line segfaults openssl]
    * Removed workarounds for TLS client padding bugs, removed
    SSLv3 support from openssl(1), removed IE 6 SSLv3 workarounds,
    removed RSAX engine.
    * Modified tls_write in libtls to allow partial writes, clarified with
    examples in the documentation.
    * Building a program that intentionally uses SSLv3 will result in
    a linker warning.
    * Added TLS_method, TLS_client_method and TLS_server_method as a
    replacement for the SSLv23_*method calls.
    * Switched `openssl dhparam` default from 512 to 2048 bits
    * Fixed `openssl pkeyutl -verify` to exit with a 0 on success
    * Fixed dozens of Coverity issues including dead code, memory leaks,
    logic errors and more.
* Mon Jul 13 2015 astieger@suse.com
  - Update to new upstream release 2.2.1 [bnc#937891]
    * Protocol parsing conversions to BoringSSL's CRYPTO ByteString
    (CBS) API
    * Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL
    * Removed Dynamic Engine support
    * Removed unused and obsolete MDC-2DES cipher
    * Removed workarounds for obsolete SSL implementations
    * Fixes and changes for plaforms other than GNU/Linux
* Fri Jun 12 2015 jengelh@inai.de
  - Update to new upstream release 2.2.0
    * Removal of OPENSSL_issetugid and all library getenv calls.
    Applications can and should no longer rely on environment
    variables for changing library behavior.
    OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1)
    command.
    * libtls API and documentation additions
    * fixed:
    * CVE-2015-1788: Malformed ECParameters causes infinite loop
    * CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time
    * CVE-2015-1792: CMS verify infinite loop with unknown hash
    function (this code is not enabled by default)
    * already fixed earlier, or not found in LibreSSL:
    * CVE-2015-4000: DHE man-in-the-middle protection (Logjam)
    * CVE-2015-1790: PKCS7 crash with missing EnvelopedContent
    * CVE-2014-8176: Invalid free in DTLS
* Wed Mar 25 2015 jengelh@inai.de
  - Ship pkgconfig files again
* Thu Mar 19 2015 jengelh@inai.de
  - Update to new upstream release 2.1.6
    * Reject server ephemeral DH keys smaller than 1024 bits
    * Fixed CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
    * Fixed CVE-2015-0287 - ASN.1 structure reuse memory corruption
    * Fixed CVE-2015-0289 - PKCS7 NULL pointer dereferences
    * Fixed CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
    * Fixed CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
* Fri Mar 06 2015 sor.alexei@meowr.ru
  - Update to 2.1.4:
    * Improvements to libtls:
    - a new API for loading CA chains directly from memory instead
      of a file, allowing verification with privilege separation in
      a chroot without direct access to CA certificate files.
    - Ciphers default to TLSv1.2 with AEAD and PFS.
    - Improved error handling and message generation.
    - New APIs and improved documentation.
    * Add X509_STORE_load_mem API for loading certificates from memory.
      This facilitates accessing certificates from a chrooted
      environment.
    * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
      using 'TLSv1.2+AEAD' as the cipher selection string.
    * New openssl(1) command 'certhash' replaces the c_rehash script.
    * Server-side support for TLS_FALLBACK_SCSV for compatibility
      with various auditor and vulnerability scanners.
    * Dead and disabled code removal including MD5, Netscape
      workarounds, non-POSIX IO, SCTP, RFC 3779 support,
      "#if 0" sections, and more.
    * The ASN1 macros are expanded to aid readability and
      maintainability.
    * Various NULL pointer asserts removed in favor of letting the
      OS/signal handler catch them.
    * Refactored argument handling in openssl(1) for consistency and
      maintainability.
    * Support for building with OPENSSL_NO_DEPRECATED.
    * Dozens of issues found with the Coverity scanner fixed.
    * Fix a minor information leak that was introduced in t1_lib.c
      r1.71, whereby an additional 28 bytes of .rodata (or .data) is
      provided to the network. In most cases this is a non-issue
      since the memory content is already public.
    * Fixes for the following low-severity issues were integrated
      into LibreSSL from OpenSSL 1.0.1k:
    - CVE-2015-0205 - DH client certificates accepted without
      verification.
    - CVE-2014-3570 - Bignum squaring may produce incorrect results.
    - CVE-2014-8275 - Certificate fingerprints can be modified.
    - CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client].
* Wed Jan 28 2015 jengelh@inai.de
  - Add package signatures
* Sat Jan 24 2015 jengelh@inai.de
  - Update to new upstream release 2.1.3
    * Fixes for various memory leaks in DTLS, including those for
    CVE-2015-0206.
    * Application-Layer Protocol Negotiation (ALPN) support.
    * Simplfied and refactored SSL/DTLS handshake code.
    * SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
    * Ensure the stack is marked non-executable for assembly sections.
* Fri Dec 12 2014 jengelh@inai.de
  - Update to new upstream release 2.1.2
    * The two cipher suites GOST and Camellia have been reworked or
    reenabled, providing better interoperability with systems around
    the world.
    * The libtls library, a modern and simplified interface for secure
    client and server communications, is now packaged.
    * Assembly acceleration of various algorithms (most importantly
    AES, MD5, SHA1, SHA256, SHA512) are enabled for AMD64.
  - Remove libressl-no-punning.diff (file to patch is gone)
* Wed Dec 03 2014 jengelh@inai.de
  - Update to new upstream release 2.1.1
    * Address POODLE attack by disabling SSLv3 by default
    * Fix Eliptical Curve cipher selection bug
* Sat Aug 09 2014 jengelh@inai.de
  - Update to new upstream release 2.0.5
    * This version forward-ports security fixes from OpenSSL 1.0.1i:
    CVE-2014-3506, CVE-2014-3507, CVE-2014-3508 (partially
    vulnerable), CVE-2014-3509, CVE-2014-3510, CVE-2014-3511.
    (LibreSSL was found not to be vulnerable to
    CVE-2014-3502, CVE-2014-3512, CVE-2014-5139)
* Wed Aug 06 2014 jengelh@inai.de
  - Update to new upstream release 2.0.4
    * This version includes more portability changes, as well as other
    work. most noticable may be the deletion of the of the SRP code
    (which has not been enabled in any LibreSSL release).
  - Remove pkg-config files so "pkgconfig(libcrypto)" remains
    unambiguous in the distro
* Tue Jul 22 2014 jengelh@inai.de
  - Update to new upstream release 2.0.3
    * This release includes a number of portability fixes, and also
    includes some improvements to the fork detection support.
  - Remove libressl-auxdal.diff, libressl-asn1test.diff
    (solved upstream)
* Wed Jul 16 2014 jengelh@inai.de
  - Update to new upstream release 2.0.2
    * This release addresses the Linux forking and pid wrap issue
    reported recently.
  - Add libressl-auxval.diff (fix compile error),
    libressl-asn1test.diff (fix testsuite failure)
* Sun Jul 13 2014 jengelh@inai.de
  - Update to new upstream release 2.0.1
    * This release includes a number of portability fixes based on
    the initial feedback received. A few hardcoded compiler options
    that were problematic on some systems as well as -Werror have
    been removed. This release also includes pkg-config support.
  - Remove libressl-rt.diff (solved differently upstream)
* Sat Jul 12 2014 jengelh@inai.de
  - Initial package (version 2.0.0) for build.opensuse.org
  - Add libressl-no-punning.diff, libressl-rt.diff to fix build
    errors
/usr/lib64/libtls.so.32 /usr/lib64/libtls.so.32.0.1
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:45:42 2025