openssl-libs-3.5.1-6.el9 RPM for x86_64

From CentOS Stream 9 BaseOS for x86_64

OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.

Provides

• openssl-libs
• config(openssl-libs)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libcrypto.so.3(OPENSSL_3.0.1)(64bit)
• libcrypto.so.3(OPENSSL_3.0.3)(64bit)
• libcrypto.so.3(OPENSSL_3.0.8)(64bit)
• libcrypto.so.3(OPENSSL_3.0.9)(64bit)
• libcrypto.so.3(OPENSSL_3.1.0)(64bit)
• libcrypto.so.3(OPENSSL_3.2.0)(64bit)
• libcrypto.so.3(OPENSSL_3.3.0)(64bit)
• libcrypto.so.3(OPENSSL_3.4.0)(64bit)
• libcrypto.so.3(OPENSSL_3.5.0)(64bit)
• libssl.so.3()(64bit)
• libssl.so.3(OPENSSL_3.0.0)(64bit)
• libssl.so.3(OPENSSL_3.2.0)(64bit)
• libssl.so.3(OPENSSL_3.3.0)(64bit)
• libssl.so.3(OPENSSL_3.4.0)(64bit)
• libssl.so.3(OPENSSL_3.5.0)(64bit)
• openssl-libs(x86-64)

Requires

• ca-certificates >= 2008-5
• config(openssl-libs) = 1:3.5.1-6.el9
• crypto-policies >= 20180730
• fips-provider-so
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.12)(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.16)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libcrypto.so.3(OPENSSL_3.0.1)(64bit)
• libcrypto.so.3(OPENSSL_3.0.3)(64bit)
• libcrypto.so.3(OPENSSL_3.2.0)(64bit)
• libcrypto.so.3(OPENSSL_3.3.0)(64bit)
• libcrypto.so.3(OPENSSL_3.4.0)(64bit)
• libz.so.1()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)

License

Apache-2.0

Changelog

* Thu Oct 23 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-6
  - Fix CVE-2025-9230
    Resolves: RHEL-115928
* Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
  - Fix globally disabled LTO
    Related: RHEL-111633
* Thu Aug 28 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-4
  - Make openssl speed test signatures without errors
    Resolves: RHEL-95502
  - Build tests in check and without LTO
    Resolves: RHEL-111633
* Thu Jul 17 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-3
  - Add custom define to disable symbol versioning in downstream patched code
    Also add stricter Suggests for openssl-fips-provider
    Resolves: RHEL-104236
  - Fix Requires/Provider to fix default install of fips providers
    Resolves: RHEL-104856
* Wed Jul 16 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-2
  - Move fips.so to a seprate subpackage
    Reverts FIPS self test for SLH-DSA
    Add Suggests to try to prefer the openssl-fips-provider package
    over the fips-provider-next package by default
    Revolves: RHEL-102408
    Related: RHEL-80854
* Tue Jul 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.1-1
  - Rebasing to OpenSSL 3.5.1
    Resolves: RHEL-97797
    Resolves: RHEL-98723
    Resolves: RHEL-99352
* Mon Jun 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-4
  - Compact patches for better maintainability
    Related: RHEL-80854
  - Make hybrid MLKEM work with our FIPS provider (3.0.7)
    Resolves: RHEL-95239
* Thu May 22 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-3
  - Fix regressions caused by rebase to OpenSSL 3.5
    Related: RHEL-80854
* Fri May 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
  - OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
    Resolves: RHEL-88910
  - PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
    Resolves: RHEL-88912
  - Fix `openssl speed` running in FIPS mode
    Resolves: RHEL-89860
  - pkeyutl ecdsa signature with sha1 shouldn't work by default
    Resolves: RHEL-89861
  - Expose settable params for EVP_SKEY
    Resolves: RHEL-89862
  - Restore RHEL9-style indicators defines
    Resolves: RHEL-89859
  - Enable sslkeylog support
    Resolves: RHEL-90854
* Wed Apr 16 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
  - Rebasing OpenSSL to 3.5
    Resolves: RHEL-80854
    Resolves: RHEL-50208
    Resolves: RHEL-50210
    Resolves: RHEL-50211
    Resolves: RHEL-85954
* Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
  - RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
    Resolves: RHEL-76756
* Thu Sep 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
  - rebuilt
    Related: RHEL-55339
* Wed Sep 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-5
  - Fix CVE-2024-6119: Possible denial of service in X.509 name checks
    Resolves: RHEL-55339
* Wed Aug 21 2024 Clemens Lang <cllang@redhat.com> - 1:3.2.2-4
  - Fix CVE-2024-5535: SSL_select_next_proto buffer overread
    Resolves: RHEL-45657
* Sat Jun 22 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
  - Replace HKDF backward compatibility patch with the official one
    Related: RHEL-40823
* Wed Jun 12 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-2
  - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
    Resolves: RHEL-40823
* Wed Jun 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
  - Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741,
    and Minerva attack.
    Resolves: RHEL-32148
    Resolves: RHEL-36792
    Resolves: RHEL-38514
    Resolves: RHEL-39111
* Thu May 23 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-2
  - Update RNG changing for FIPS purpose
    Resolves: RHEL-35380
* Wed Apr 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.1-1
  - Rebasing OpenSSL to 3.2.1
    Resolves: RHEL-26271
* Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Related: RHEL-23474
* Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26
  - Avoid implicit function declaration when building openssl
    Related: RHEL-1780
  - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
    Resolves: RHEL-17104
  - Add a directory for OpenSSL providers configuration
    Resolves: RHEL-17193
  - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
    Resolves: RHEL-19515
  - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
    Resolves: RHEL-21151
  - Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
    Resolves: RHEL-21654
  - SSL ECDHE Kex fails when pkcs11 engine is set in config file
    Resolves: RHEL-20249
  - Denial of service via null dereference in PKCS#12
    Resolves: RHEL-22486
  - Use certified FIPS module instead of freshly built one in Red Hat distribution
    Resolves: RHEL-23474

Files

/etc/pki/tls
/etc/pki/tls/certs
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/fips_local.cnf
/etc/pki/tls/misc
/etc/pki/tls/openssl.cnf
/etc/pki/tls/openssl.d
/etc/pki/tls/private
/usr/lib/.build-id
/usr/lib/.build-id/05
/usr/lib/.build-id/05/4af0ec16ca0b4a2f9f49a5d62b4b5557385e6a
/usr/lib/.build-id/3a
/usr/lib/.build-id/3a/3112f16e6dd08fcd26f6c24881a924436df143
/usr/lib/.build-id/73
/usr/lib/.build-id/73/5eaf3a7164f77ad3ddcfe6cf9d157b94d63aaf
/usr/lib/.build-id/a8
/usr/lib/.build-id/a8/370b7017a4d0b60d90998ba74651d5e37af367
/usr/lib/.build-id/a8/4aff46399c2bfc4a474eb445b8f17585d490ff
/usr/lib/.build-id/ae
/usr/lib/.build-id/ae/7ab14725f86bf2f431694b2c785c1c2bc29a61
/usr/lib/.build-id/af
/usr/lib/.build-id/af/2e3c15145e7e51ec58f7f0a3b9d5fd1d576ba8
/usr/lib64/engines-3
/usr/lib64/engines-3/afalg.so
/usr/lib64/engines-3/capi.so
/usr/lib64/engines-3/loader_attic.so
/usr/lib64/engines-3/padlock.so
/usr/lib64/libcrypto.so.3
/usr/lib64/libcrypto.so.3.5.1
/usr/lib64/libssl.so.3
/usr/lib64/libssl.so.3.5.1
/usr/lib64/ossl-modules/legacy.so
/usr/share/licenses/openssl-libs
/usr/share/licenses/openssl-libs/LICENSE.txt

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 4 07:44:47 2025