openssl-libs-3.2.2-15.el10 RPM for x86_64

From CentOS Stream 10 BaseOS for x86_64

OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.

Provides

• openssl-libs
• config(openssl-libs)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libcrypto.so.3(OPENSSL_3.0.1)(64bit)
• libcrypto.so.3(OPENSSL_3.0.3)(64bit)
• libcrypto.so.3(OPENSSL_3.0.8)(64bit)
• libcrypto.so.3(OPENSSL_3.0.9)(64bit)
• libcrypto.so.3(OPENSSL_3.1.0)(64bit)
• libcrypto.so.3(OPENSSL_3.2.0)(64bit)
• libcrypto.so.3(OPENSSL_3.4.0)(64bit)
• libssl.so.3()(64bit)
• libssl.so.3(OPENSSL_3.0.0)(64bit)
• libssl.so.3(OPENSSL_3.2.0)(64bit)
• openssl-libs(x86-64)

Requires

• ca-certificates >= 2008-5
• config(openssl-libs) = 1:3.2.2-15.el10
• crypto-policies >= 20180730
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.12)(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.15)(64bit)
• libc.so.6(GLIBC_2.16)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_ABI_DT_RELR)(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libcrypto.so.3(OPENSSL_3.0.1)(64bit)
• libcrypto.so.3(OPENSSL_3.0.3)(64bit)
• libcrypto.so.3(OPENSSL_3.2.0)(64bit)
• libz.so.1()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

Apache-2.0

Changelog

* Thu Jan 02 2025 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-15
  - Fix providers no_cache behavior
    Resolves: RHEL-71903
  - Fix pkcs12 command line segfault
    Resolves: RHEL-70878
  - Print key exchange group for hybrid PQC
    Resolves: RHEL-66163
  - Ensure correct fips.so checksum calculation
    Resolves: RHEL-73170
  - Locally configured providers should not interfere with openssl build-time tests
    Resolves: RHEL-76182
  - Load system default cipher string from crypto-policies configuration file
    include /etc/crypto-policies/back-ends/opensslcnf.config and remove
    /etc/crypto-policies/back-ends/openssl.config.
    Resolves: RHEL-71132
* Tue Oct 29 2024 Troy Dawson <[email protected]> - 1:3.2.2-14
  - Bump release for October 2024 mass rebuild:
    Resolves: RHEL-64018
* Thu Oct 17 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-13
  - Ship dummy(empty) openssl/engine.h
    Resolves: RHEL-58178
* Wed Sep 04 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-12
  - Fix CVE-2024-6119: Possible denial of service in X.509 name checks
    Resolves: RHEL-55303
* Wed Aug 21 2024 Clemens Lang <[email protected]> - 1:3.2.2-11
  - Fix CVE-2024-5535: SSL_select_next_proto buffer overread
    Resolves: RHEL-45692
* Wed Aug 14 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-10
  - Use PBMAC1 by default when creating PKCS#12 files in FIPS mode
    Related: RHEL-36659
  - Support key encapsulation/decapsulation in openssl pkeyutl command
    Resolves: RHEL-54156
  - Fix typo in the patch numeration
    Related: RHEL-41261
  - Enable KTLS, temporary disable KTLS tests
    Related: RHEL-47335
  - Speedup SSL_add_{file,dir}_cert_subjects_to_stack
    Resolves: RHEL-54232
  - Resolve SAST package scan results
    Resolves: RHEL-37561
* Fri Aug 09 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-9
  - An interface to create PKCS #12 files in FIPS compliant way
    Related: RHEL-36659
* Wed Aug 07 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-8
  - An interface to create PKCS #12 files in FIPS compliant way
    Resolves: RHEL-36659
* Wed Jul 10 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-7
  - Disallow SHA1 at SECLEVEL2 in OpenSSL
    Resolves: RHEL-39962
  - SHA-1 signature shouldn't work in normal mode
    Resolves: RHEL-36677
* Mon Jul 01 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-6
  - Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
    Resolves: RHEL-45704
* Mon Jul 01 2024 Daiki Ueno <[email protected]> - 1:3.2.2-5
  - Replace HKDF backward compatibility patch with the official one
    Related: RHEL-41261
* Mon Jun 24 2024 Troy Dawson <[email protected]> - 1:3.2.2-4
  - Bump release for June 2024 mass rebuild
* Sat Jun 15 2024 Daiki Ueno <[email protected]> - 1:3.2.2-3
  - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
    Resolves: RHEL-41261
* Wed Jun 12 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-2
  - Build openssl with no-atexit
    Resolves: RHEL-40408
* Wed Jun 05 2024 Dmitry Belyavskiy <[email protected]> - 1:3.2.2-1
  - Rebase to OpenSSL 3.2.2.
    Related: RHEL-31762
* Mon Jun 03 2024 Sahana Prasad <[email protected]> - 1:3.2.1-4
  - Synchronize patches from c9s and Fedora
  - Resolves: RHEL-31762
* Tue Feb 13 2024 Sahana Prasad <[email protected]> - 1:3.2.1-3
  - Temporarily disable ktls to  unblock c10s builds
  - Resolves: RHEL-25259
* Fri Feb 09 2024 Sahana Prasad <[email protected]> - 1:3.2.1-2
  - Fix version aliasing issue
  - https://github.com/openssl/openssl/issues/23534
* Tue Feb 06 2024 Sahana Prasad <[email protected]> - 1:3.2.1-1
  - Rebase to upstream version 3.2.1
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 1:3.1.4-4
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 1:3.1.4-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 10 2024 Dmitry Belyavskiy <[email protected]> - 1:3.1.4-2
  - We don't want to ship openssl-pkcs11 in RHEL10/Centos 10
* Thu Oct 26 2023 Sahana Prasad <[email protected]> - 1:3.1.4-1
  - Rebase to upstream version 3.1.4
* Thu Oct 19 2023 Sahana Prasad <[email protected]> - 1:3.1.3-1
  - Rebase to upstream version 3.1.3
* Thu Aug 31 2023 Dmitry Belyavskiy <[email protected]> - 1:3.1.1-4
  - Drop duplicated patch and do some contamination
* Tue Aug 22 2023 Dmitry Belyavskiy <[email protected]> - 1:3.1.1-3
  - Integrate FIPS patches from CentOS
* Fri Aug 04 2023 Dmitry Belyavskiy <[email protected]> - 1:3.1.1-2
  - migrated to SPDX license
* Thu Jul 27 2023 Sahana Prasad <[email protected]> - 1:3.1.1-1
  - Rebase to upstream version 3.1.1
    Resolves: CVE-2023-0464
    Resolves: CVE-2023-0465
    Resolves: CVE-2023-0466
    Resolves: CVE-2023-1255
    Resolves: CVE-2023-2650
* Thu Jul 27 2023 Dmitry Belyavskiy <[email protected]> - 1:3.0.8-4
  - Forbid custom EC more completely
    Resolves: rhbz#2223953
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 1:3.0.8-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Mar 21 2023 Sahana Prasad <[email protected]> - 1:3.0.8-2
  - Upload new upstream sources without manually hobbling them.
  - Remove the hobbling script as it is redundant. It is now allowed to ship
    the sources of patented EC curves, however it is still made unavailable to use
    by compiling with the 'no-ec2m' Configure option. The additional forbidden
    curves such as P-160, P-192, wap-tls curves are manually removed by updating
    0011-Remove-EC-curves.patch.
  - Enable Brainpool curves.
  - Apply the changes to ec_curve.c and  ectest.c as a new patch
    0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
  - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
  - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
    Resolves: rhbz#2130618, rhbz#2141672
* Thu Feb 09 2023 Dmitry Belyavskiy <[email protected]> - 1:3.0.8-1
  - Rebase to upstream version 3.0.8
    Resolves: CVE-2022-4203
    Resolves: CVE-2022-4304
    Resolves: CVE-2022-4450
    Resolves: CVE-2023-0215
    Resolves: CVE-2023-0216
    Resolves: CVE-2023-0217
    Resolves: CVE-2023-0286
    Resolves: CVE-2023-0401
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 1:3.0.7-4
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jan 05 2023 Dmitry Belyavskiy <[email protected]> - 1:3.0.7-3
  - Backport implicit rejection for RSA PKCS#1 v1.5 encryption
    Resolves: rhbz#2153470
* Thu Jan 05 2023 Dmitry Belyavskiy <[email protected]> - 1:3.0.7-2
  - Refactor embedded mac verification in FIPS module
    Resolves: rhbz#2156045

Files

/etc/pki/tls
/etc/pki/tls/certs
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/fips_local.cnf
/etc/pki/tls/misc
/etc/pki/tls/openssl.cnf
/etc/pki/tls/openssl.d
/etc/pki/tls/private
/usr/lib/.build-id
/usr/lib/.build-id/2f
/usr/lib/.build-id/2f/37005597fc08202f04272698a8e32ecab4d0ad
/usr/lib/.build-id/40
/usr/lib/.build-id/40/6267991e37993c92f9138e61e694a5ee7c231a
/usr/lib/.build-id/47
/usr/lib/.build-id/47/3bafbc3b5ac04dc3a1634c683c5c8973800226
/usr/lib/.build-id/62
/usr/lib/.build-id/62/c5905d44229669b3379eb9a8de06d778563faf
/usr/lib/.build-id/78
/usr/lib/.build-id/78/e5d73157e37e0aed26d8b7bc393f207e99b5b8
/usr/lib/.build-id/95
/usr/lib/.build-id/95/5363f74aeb2cca1067881556d8e9af02137182
/usr/lib/.build-id/e0
/usr/lib/.build-id/e0/882d923b5cb420d4fb6f9255f6f28ec276a2e4
/usr/lib/.build-id/f7
/usr/lib/.build-id/f7/5b78f66a7837e2f9027592ccdb59daf4fac0a3
/usr/lib64/engines-3
/usr/lib64/engines-3/afalg.so
/usr/lib64/engines-3/capi.so
/usr/lib64/engines-3/loader_attic.so
/usr/lib64/engines-3/padlock.so
/usr/lib64/libcrypto.so.3
/usr/lib64/libcrypto.so.3.2.2
/usr/lib64/libssl.so.3
/usr/lib64/libssl.so.3.2.2
/usr/lib64/ossl-modules
/usr/lib64/ossl-modules/fips.so
/usr/lib64/ossl-modules/legacy.so
/usr/share/licenses/openssl-libs
/usr/share/licenses/openssl-libs/LICENSE.txt

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Feb 27 06:11:04 2025