File mingw64-openssl.changes of Package mingw64-openssl
------------------------------------------------------------------- Thu Feb 19 11:27:46 UTC 2026 - Ralf Habacker <ralf.habacker@freenet.de> - Update to 1.0.2u - Added patches: * 0001-kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-.patch * 0002-Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch * 0003-PKCS12_item_decrypt_d2i_ex-Check-oct-argument-for-NU.patch * 0004-Ensure-ASN1-types-are-checked-before-use.patch * 0005-Fix-timing-side-channel-in-ECDSA-signature-computati.patch * 0006-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch * 0007-Fix-Timing-Oracle-in-RSA-decryption.patch * 0008-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch * 0009-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch * 0010-Fix-Null-pointer-deref-in-X509_issuer_and_serial_has.patch * 0011-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch - Removed obsolete patches: * openssl-1.0.2a-apps-dgst.patch * openssl-1.0.2a-cc-reqs.patch * openssl-1.0.2a-chil-fixes.patch * openssl-1.0.2a-compat-symbols.patch * openssl-1.0.2a-dh-1024.patch * openssl-1.0.2a-dtls1-abi.patch * openssl-1.0.2a-enc-fail.patch * openssl-1.0.2a-env-zlib.patch * openssl-1.0.2a-fips-ctor.patch * openssl-1.0.2a-fips-md5-allow.patch * openssl-1.0.2a-ipv6-apps.patch * openssl-1.0.2a-issuer-hash.patch * openssl-1.0.2a-new-fips-reqs.patch * openssl-1.0.2a-test-use-localhost.patch * openssl-1.0.2a-no-md5-verify.patch * openssl-1.0.2a-padlock64.patch * openssl-1.0.2a-rsa-x931.patch * openssl-1.0.2a-secure-getenv.patch * openssl-1.0.2a-version-add-engines.patch * openssl-1.0.2a-version.patch * openssl-1.0.2a-weak-ciphers.patch * openssl-1.0.2a-wrap-pad.patch * openssl-1.0.2a-x509.patch * openssl-1.0.2c-ecc-suiteb.patch * openssl-1.0.2d-secp256k1.patch * openssl-1.0.2e-remove-nistp224.patch * openssl-1.0.2f-new-fips-reqs.patch * openssl-1.0.2g-disable-sslv2v3.patch * openssl-1.0.2h-fips.patch * openssl-1.0.2h-hobbled.tar.xz * openssl-1.0.2h-remove-ssl2.patch * openssl-1.0.2h-weak-ciphers.patch - Removed obsolete files: * ec_curve.c * ectest.c * hobble-openssl - Fixed security issues * CVE-2020-1971 * CVE-2021-3712 * CVE-2021-23841 * CVE-2022-0778 * CVE-2022-4304 * CVE-2023-0286 * CVE-2023-2650 * CVE‑2024‑13176 * CVE‑2025‑9230 * CVE‑2025‑68160 * CVE‑2025‑69421 * CVE‑2026‑22796 ------------------------------------------------------------------- Thu Mar 30 12:29:18 UTC 2023 - Ralf Habacker <ralf.habacker@freenet.de> - Fix "/usr/local/bin/perl" is not allowed as Requires ------------------------------------------------------------------- Sun May 5 15:53:41 UTC 2019 - ralf.habacker@freenet.de - Add 0001-Create-pkg-config-files-for-static-libraries.patch - Detect static zlib ------------------------------------------------------------------- Wed Apr 20 18:08:09 UTC 2016 - danimo@owncloud.com - Update to 1.0.2g ------------------------------------------------------------------- Thu Jan 28 15:19:18 UTC 2016 - danimo@owncloud.com - Update to 1.0.2f ------------------------------------------------------------------- Thu Jul 9 14:37:29 UTC 2015 - danimo@owncloud.com - Update to 1.0.2d with multiple security fixes ------------------------------------------------------------------- Sun Apr 26 18:42:31 UTC 2015 - danimo@owncloud.com - Update to 1.0.2a, add alternate certificate validation patches that unbreak a lot of sites that use weak / outdated root certs (lib only). See http://marc.info/?l=openssl-dev&m=142962988403529&w=2 for details
