* Fri Jan 16 2026 Dmitry Belyavskiy - 1:3.5.1-7 - Fix CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 Resolves: RHEL-142068 Resolves: RHEL-142002 Resolves: RHEL-142055 Resolves: RHEL-142051 Resolves: RHEL-142047 Resolves: RHEL-142043 Resolves: RHEL-142039 Resolves: RHEL-142035 Resolves: RHEL-142031 Resolves: RHEL-142011 Resolves: RHEL-142027 Resolves: RHEL-142023 * Wed Jan 07 2026 Dmitry Belyavskiy - 1:3.5.1-6 - Fix AES/GCM ppc64le encrypt/decrypt Resolves: RHEL-139131 * Thu Dec 11 2025 Pavol Žáčik - 1:3.5.1-5 - Do not make key share choice in tls1_set_groups() Resolves: RHEL-131010 * Thu Oct 23 2025 Pavol Žáčik - 1:3.5.1-4 - Fix CVE-2025-9230 Resolves: RHEL-115929 * Thu Jul 17 2025 Simo Sorce - 1:3.5.1-3 - Add custom define to disable symbol versioning in downstream patched code Also add stricter Suggests for openssl-fips-provider Resolves: RHEL-104236 - Fix Requires/Provider to fix default install of fips providers Resolves: RHEL-104856 * Wed Jul 16 2025 Simo Sorce - 1:3.5.1-2 - Move fips.so to a seprate subpackage Reverts FIPS self test for SLH-DSA Add Suggests to try to prefer the openssl-fips-provider package over the fips-provider-next package by default Revolves: RHEL-102408 Related: RHEL-80854 * Tue Jul 01 2025 Dmitry Belyavskiy - 1:3.5.1-1 - Rebasing to OpenSSL 3.5.1 Resolves: RHEL-97797 Resolves: RHEL-98723 Resolves: RHEL-99352 * Mon Jun 02 2025 Dmitry Belyavskiy - 1:3.5.0-4 - Compact patches for better maintainability Related: RHEL-80854 - Make hybrid MLKEM work with our FIPS provider (3.0.7) Resolves: RHEL-95239 * Thu May 22 2025 Dmitry Belyavskiy - 1:3.5.0-3 - Fix regressions caused by rebase to OpenSSL 3.5 Related: RHEL-80854 * Fri May 02 2025 Dmitry Belyavskiy - 1:3.5.0-2 - OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9 Resolves: RHEL-88910 - PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9 Resolves: RHEL-88912 - Fix `openssl speed` running in FIPS mode Resolves: RHEL-89860 - pkeyutl ecdsa signature with sha1 shouldn't work by default Resolves: RHEL-89861 - Expose settable params for EVP_SKEY Resolves: RHEL-89862 - Restore RHEL9-style indicators defines Resolves: RHEL-89859 - Enable sslkeylog support Resolves: RHEL-90854 * Wed Apr 16 2025 Dmitry Belyavskiy - 1:3.5.0-1 - Rebasing OpenSSL to 3.5 Resolves: RHEL-80854 Resolves: RHEL-50208 Resolves: RHEL-50210 Resolves: RHEL-50211 Resolves: RHEL-85954 * Wed Jan 29 2025 Dmitry Belyavskiy - 1:3.2.2-7 - RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797) Resolves: RHEL-76756 * Thu Sep 05 2024 Dmitry Belyavskiy - 1:3.2.2-6 - rebuilt Related: RHEL-55339 * Wed Sep 04 2024 Dmitry Belyavskiy - 1:3.2.2-5 - Fix CVE-2024-6119: Possible denial of service in X.509 name checks Resolves: RHEL-55339 * Wed Aug 21 2024 Clemens Lang - 1:3.2.2-4 - Fix CVE-2024-5535: SSL_select_next_proto buffer overread Resolves: RHEL-45657 * Sat Jun 22 2024 Daiki Ueno - 1:3.2.2-3 - Replace HKDF backward compatibility patch with the official one Related: RHEL-40823 * Wed Jun 12 2024 Daiki Ueno - 1:3.2.2-2 - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers Resolves: RHEL-40823 * Wed Jun 05 2024 Dmitry Belyavskiy - 1:3.2.2-1 - Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, and Minerva attack. Resolves: RHEL-32148 Resolves: RHEL-36792 Resolves: RHEL-38514 Resolves: RHEL-39111 * Thu May 23 2024 Dmitry Belyavskiy - 1:3.2.1-2 - Update RNG changing for FIPS purpose Resolves: RHEL-35380 * Wed Apr 03 2024 Dmitry Belyavskiy - 1:3.2.1-1 - Rebasing OpenSSL to 3.2.1 Resolves: RHEL-26271 * Wed Feb 21 2024 Dmitry Belyavskiy - 1:3.0.7-27 - Use certified FIPS module instead of freshly built one in Red Hat distribution Related: RHEL-23474