openssl-0.9.8h-28.20.1<>,cMk/=„sOYT`9p` fn F8YTt"oؓNi;O|=k¿OCiQJV0<Ϭ$%'-iGgId>{,{;ݡ `ѫ{~AN0 jA2mT5rɈ^N#ް;Ml#%Nf)t?YӖwRoS=k! ceS?a_(J)iWhf1>6M?Mzd   EPT\`nw J J J 4J \J J 0JXJJ<\J(8 ,9,:H,FDGDJHE@JIFhJXFYF\FJ]GJ^KXbLYcLdMIeMNfMSkMUlMZzMjCopenssl0.9.8h28.20.1Secure Sockets and Transport Layer SecurityThe OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. Authors: -------- Mark J. Cox Ralf S. Engelschall Dr. Stephen Henson Ben Laurie Bodo Moeller Ulf Moeller Holger Reif Paul C. Sutton Lgjoplin9openSUSE 11.1openSUSEBSD 3-Clausehttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://www.openssl.org/linuxi586 rH$0:<Itx7d I,c+v VQ r&< h l N M o  r  # | 4(@ % ( 0 H/wpnAA큤A큤A큤AA큤AALfLfH]I"@HH}Ht@H`H=I@H4H @G@G/GGV@G@Fޚ@FFuFU~@F4F1F/BF,EWEEnEO#E#@E E[@D@gjhe@novell.comgjhe@novell.comgjhe@novell.comgjhe@novell.commeissner@suse.degjhe@novell.comgjhe@novell.comgjhe@suse.degjhe@suse.degjhe@suse.degjhe@suse.degjhe@suse.degjhe@suse.dejshi@suse.dexwhu@suse.dexwhu@suse.dexwhu@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.decthiel@suse.demkoenig@suse.dero@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.decoolo@suse.dewerner@suse.demkoenig@suse.dero@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.demkoenig@suse.depoeml@suse.depoeml@suse.depoeml@suse.deschwab@suse.depoeml@suse.de- fix bug [bnc#657663] CVE-2010-4180 for CVE-2010-4252,no patch is added(for the J-PAKE implementaion is not compiled in by default).- fix bug [bnc#651003] CVE-2010-3864- fix bug [bnc#608666]- fix bug [bnc#629905] CVE-2010-2939- disabled renegotiation disabling patch for CVE-2009-3555, merged stuff and more hunks into the enable-security-renegotiation.patch.- fix security bug [bnc#587379] CVE-2009-3245- fix security bug [bnc#584292] enable security renegotiation and add support for DTLS renegotiation.- fix bug [bnc#467437] this patch fix both bug [bnc#467437] and bug [bnc#430141], and backport patch func-parm-err.patch- fix security bug [bnc#566238] CVE-2009-4355- fix security bug [bnc#553641] CVE-2009-3555- fix security bug [bnc#509031] CVE-2009-1386 CVE-2009-1387- fix security bug [bnc#504687] CVE-2009-1377 CVE-2009-1378 CVE-2009-1379- fix security bug [bnc#489641] CVE-2009-0590 CVE-2009-0591 CVE-2009-0789- fix security bug [bnc#459468] CVE-2008-5077- Disable optimization for s390x- Disable optimization of ripemd [bnc#442740]- Passing string as struct cause openssl segment-fault [bnc#430141]- do not require openssl-certs, but rather recommend it to avoid dependency cycle [bnc#408865]- remove the certs subpackage from the openssl package and move the CA root certificates into a package of its own- update to version 0.9.8h - openssl does not ship CA root certificates anymore keep certificates that SuSE is already shipping - resolves bad array index (function has been removed) [bnc#356549] - removed patches openssl-0.9.8g-fix_dh_for_certain_moduli.patch openssl-CVE-2008-0891.patch openssl-CVE-2008-1672.patch- fix OpenSSL Server Name extension crash (CVE-2008-0891) and OpenSSL Omit Server Key Exchange message crash (CVE-2008-1672) [bnc#394317]- fix baselibs.conf- add -DMD32_REG_T=int for x86_64 and ia64 [bnc#381844]- added baselibs.conf file to build xxbit packages for multilib support- fix Diffie-Hellman failure with certain prime lengths- update to version 0.9.8g: * fix some bugs introduced with 0.9.8f- update to version 0.9.8f: * fixes CVE-2007-3108, CVE-2007-5135, CVE-2007-4995 - patches merged upstream: openssl-0.9.8-key_length.patch openssl-CVE-2007-3108-bug296511 openssl-CVE-2007-5135.patch openssl-gcc42.patch openssl-gcc42_b.patch openssl-s390-config.diff- fix buffer overflow CVE-2007-5135 [#329208]- fix another gcc 4.2 build problem [#307669]- provide the version obsoleted (#293401)- Add patch from CVS for RSA key reconstruction vulnerability (CVE-2007-3108, VU#724968, bug #296511)- fix build with gcc-4.2 openssl-gcc42.patch - do not install example scripts with executable permissions- adapt requires- Do not use dots in package name - explicitly build with gcc-4.1 because of currently unresolved failures with gcc-4.2- Split/rename package to follow library packaging policy [#260219] New package libopenssl0.9.8 containing shared libs openssl-devel package renamed to libopenssl-devel New package openssl-certs containing certificates - add zlib-devel to Requires of devel package - remove old Obsoletes and Conflicts openssls (Last used Nov 2000) ssleay (Last used 6.2)- Fix key length [#254905,#262477]- update to version 0.9.8e: * patches merged upstream: openssl-CVE-2006-2940-fixup.patch openssl-0.9.8d-padlock-static.patch- fix PadLock support [#230823]- enable fix for CVE-2006-2940 [#223040], SWAMP-ID 7198- configure with 'zlib' instead of 'zlib-dynamic'. Build with the latter, there are problems opening the libz when running on the Via Epia or vmware platforms. [#213305]- add patch for the CVE-2006-2940 fix: the newly introduced limit on DH modulus size could lead to a crash when exerted. [#208971] Discovered and fixed after the 0.9.8d release.- update to 0.9.8d * ) Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) * ) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) * ) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) * ) Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) * ) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites match only those. Before that, "AES256-SHA" would be interpreted as a pattern and match "AES128-SHA" too (since AES128-SHA got the same strength classification in 0.9.7h) as we currently only have a single AES bit in the ciphersuite description bitmap. That change, however, also applied to ciphersuite strings such as "RC4-MD5" that intentionally matched multiple ciphersuites -- namely, SSL 2.0 ciphersuites in addition to the more common ones from SSL 3.0/TLS 1.0. So we change the selection algorithm again: Naming an explicit ciphersuite selects this one ciphersuite, and any other similar ciphersuite (same bitmap) from *other* protocol versions. Thus, "RC4-MD5" again will properly select both the SSL 2.0 ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. Since SSL 2.0 does not have any ciphersuites for which the 128/256 bit distinction would be relevant, this works for now. The proper fix will be to use different bits for AES128 and AES256, which would have avoided the problems from the beginning; however, bits are scarce, so we can only do this in a new release (not just a patchlevel) when we can change the SSL_CIPHER definition to split the single 'unsigned long mask' bitmap into multiple values to extend the available space. - not in mentioned in CHANGES: patch for CVE-2006-4339 corrected [openssl.org #1397]- Fix inverted logic.- update to 0.9.8c Changes between 0.9.8b and 0.9.8c [05 Sep 2006] * ) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher (CVE-2006-4339) [Ben Laurie and Google Security Team] * ) Add AES IGE and biIGE modes. [Ben Laurie] * ) Change the Unix randomness entropy gathering to use poll() when possible instead of select(), since the latter has some undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller] * ) Disable "ECCdraft" ciphersuites more thoroughly. Now special treatment in ssl/ssl_ciph.s makes sure that these ciphersuites cannot be implicitly activated as part of, e.g., the "AES" alias. However, please upgrade to OpenSSL 0.9.9[-dev] for non-experimental use of the ECC ciphersuites to get TLS extension support, which is required for curve and point format negotiation to avoid potential handshake problems. [Bodo Moeller] * ) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] * ) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] * ) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key versions), which is now available for royalty-free use (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). Also, add Camellia TLS ciphersuites from RFC 4132. To minimize changes between patchlevels in the OpenSSL 0.9.8 series, Camellia remains excluded from compilation unless OpenSSL is configured with 'enable-camellia'. [NTT] * ) Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not necessarily true if compresssion is enabled and can result in false positives causing handshake failure. The actual bug test is ancient code so it is hoped that implementations will either have fixed it by now or any which still have the bug do not support compression. [Steve Henson] Changes between 0.9.8a and 0.9.8b [04 May 2006] * ) When applying a cipher rule check to see if string match is an explicit cipher suite and only match that one cipher suite if it is. [Steve Henson] * ) Link in manifests for VC++ if needed. [Austin Ziegler ] * ) Update support for ECC-based TLS ciphersuites according to draft-ietf-tls-ecc-12.txt with proposed changes (but without TLS extensions, which are supported starting with the 0.9.9 branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila] * ) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support opaque EVP_CIPHER_CTX handling. [Steve Henson] * ) Fixes and enhancements to zlib compression code. We now only use "zlib1.dll" and use the default __cdecl calling convention on Win32 to conform with the standards mentioned here: http://www.zlib.net/DLL_FAQ.txt Static zlib linking now works on Windows and the new --with-zlib-include - -with-zlib-lib options to Configure can be used to supply the location of the headers and library. Gracefully handle case where zlib library can't be loaded. [Steve Henson] * ) Several fixes and enhancements to the OID generation code. The old code sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't handle numbers larger than ULONG_MAX, truncated printing and had a non standard OBJ_obj2txt() behaviour. [Steve Henson] * ) Add support for building of engines under engine/ as shared libraries under VC++ build system. [Steve Henson] * ) Corrected the numerous bugs in the Win32 path splitter in DSO. Hopefully, we will not see any false combination of paths any more. [Richard Levitte] - enable Camellia cipher. There is a royalty free license to the patents, see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html. NOTE: the license forbids patches to the cipher. - build with zlib-dynamic and add zlib-devel to BuildRequires. Allows compression of data in TLS, although few application would actually use it since there is no standard for negotiating the compression method. The only one I know if is stunnel.joplin 1291740951                                                                          **************0*|**}*~****************l****}*****q**t*p**********~***y*z*|*r**-*1*********0.9.8h-28.20.1 sslcertsREADME.RootCertsdemoca-cert.pemdsa-ca.pemdsa-pca.pempca-cert.pemexpiredICE.crlopenssl.cnfprivatec_rehashopensslopensslAVAILABLE_CIPHERSCHANGESCHANGES.SSLeayINSTALLINSTALL.DJGPPINSTALL.MacOSINSTALL.NWINSTALL.OS2INSTALL.VMSINSTALL.W32INSTALL.W64INSTALL.WCELICENSENEWSREADMEREADME.SuSEasn1parse.1ssl.gzca.1ssl.gzcrl.1ssl.gzcrl2pkcs7.1ssl.gzdgst.1ssl.gzdhparam.1ssl.gzdsa.1ssl.gzdsaparam.1ssl.gzenc.1ssl.gzgendsa.1ssl.gzgenrsa.1ssl.gznseq.1ssl.gzopenssl.1ssl.gzpasswd.1ssl.gzpkcs12.1ssl.gzpkcs7.1ssl.gzpkcs8.1ssl.gzrand.1ssl.gzreq.1ssl.gzrsa.1ssl.gzrsautl.1ssl.gzs_client.1ssl.gzs_server.1ssl.gzsmime.1ssl.gzspkac.1ssl.gzverify.1ssl.gzversion.1ssl.gzx509.1ssl.gzcrypto.3ssl.gzdsa.3ssl.gzrand.3ssl.gzrsa.3ssl.gzssl.3ssl.gzx509.3ssl.gzconfig.5ssl.gzsslmiscCA.plCA.shc_hashc_infoc_issuerc_name/etc//etc/ssl//etc/ssl/certs//etc/ssl/certs/demo//etc/ssl/certs/expired//usr/bin//usr/share/doc/packages//usr/share/doc/packages/openssl//usr/share/man/man1//usr/share/man/man3//usr/share/man/man5//usr/share//usr/share/ssl//usr/share/ssl/misc/-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.suse.de/SUSE:openSUSE:11.1:Update:Test/standard/9e28e2e263ed285f255b76b81df9ea30-opensslcpiolzma2i586i586-suse-linux\<5?]"k%f6.?cLi{T:ɣ3ˀp)>w>Z/n ڇ/Sdmombc (M,p׈P[rz .%YhEJ:y`"(VH-:vX, [7X*S MP+**Е F9Wp}9Ǵ9JO:%/UE#L @dNŷ'5>yBgv-sd ӘՌ4Q)Amhh'%ZI≯v&p@7z@.N;QyѿUN ]N|"v!&^Dдn͟&VDmoXOl ɽT-uHypDD ? 1Z"6kl+]h\ML0}RF *1qxVgvfVݭkyUA"fAЌA%G\SE N~+`pa-aQ?ljy +\ZLV;ϕ6bp!K]gSU6aP+T^,GGQ6eJx[M#'lw#`xPvho2>ĨB0*f&Kh1%ʶLUq-dSPHpy%BOCZt~k2RLt5ZUq ChHMe'I^^BD_H;!P97 $ \9ePN>] /  y\`9w!S5͏|u)QPg{ WBSz1<8gFvw| 8/3YZ{!{ws,⛝ۄ\(yg<1MMV\@_40A\<16A?[zR7o 'UyVvWa[ŜF5Lf_۪Ru"k4W_ebK|_8 ua?=#sX cųڞGk %n3,HCL&jcM 1t>SgS+A$iRڟys20G4R;-b+,"3^[G*[c`D ϩ}h؉;#2J4L/ܜ_bC/\i.Z۽yʄ" Xu-O7":t fQ&&.gB6N4rF'RȠ!៏9'R j,]Saֈ! <4AjMZw3 pnSJ2XA(:-'bz&߿^<W-_5lFKz-:JQWe0 쮵?&B q$!K.:_M0[{7L&ng>TӞkKse*47|?c&l;ϱ Lwxh5 1y|֓Ʋdf+Mf?liyt1̒~>C/Z~΍ֆuƣb,ZQ~O$ӞǍ[paekϏzPw#LC YSq6rfu10,(C۬*歼!p%nN#*uLȂ`HKK?89x@Sn,eXUSR@XзȆ$TvVG j}$P%ҷͮKhMvʥs JoaaX{MT2-t)ƐTXNPM|p?RDxL,Ufu@<} ڻ5ۡAnjO2w8t וgF^ Fh!`gKXm.-G "&\'o|NIr%<3PI/hCfF Kq+mS+wx4CSP/:+1C?Qb_EQjs.utΓ($[tyDnC .Įl&D ;Wu]{˙sXls4@6'}I(l%XmnwAڑ1S,_jFp%lh UM@n