2016/05/04 18:34  willy@wtap.local

	* released openssl-1.0.1t-flx2.1
	* updated to 1.0.1t
	* rebased default-ciphers
	* applied 100-openssl-1.0.1t-double-free from git

2016/04/05 11:45  willy@wtap.local

	* released openssl-1.0.1s-flx2.2
	* backported the following extra fixes from 1.0.1-stable :
	  101-openssl-check-pvk.patch
	  102-openssl-serial-number.patch
	  103-openssl-double-free-evp.patch
	  104-openssl-free-ticket.patch
	  105-openssl-failed-malloc.patch

2016/03/01 15:50  willy@wtap.local

	* released openssl-1.0.1s-flx2.1
	* updated to 1.0.1s

2016/02/25 10:47  willy@wtap.local

	* released openssl-1.0.1r-flx2.1
	* backported the following extra fixes from 1.0.1-stable :
	  - 0006-modes-ctr128.c-pay-attention-to-ecount_buf-alignment.patch
	  - 0007-Fix-double-free-in-DSA-private-key-parsing.patch
	  - 0008-GH714-missing-field-initialisation.patch
	* fixed a build.cfg issue causing a very late build error when FLXARCH
	  is not set (trying to build as generic_32 due to FLX_BITS).
	* merged the gentoo fix for parallel build :
	  - openssl-1.0.1p-parallel-build.patch
	* enabled automatic support for parallel build (FLXPMAKE) when possible

2015/12/03 20:07  willy@wtap.local

	* released openssl-1.0.1q-flx2.1
	* updated to 1.0.1q
	* fixes CVE-2015-3194/5
	* removed obsolete patches

2015/10/28 11:39  willy@wtap.local

	* released openssl-1.0.1p-flx2.2

2015/10/28 11:11  willy@wtap.local

	* added the following check for NULL deref :
	  - bn_wexpand.patch

2015/10/27 21:17  willy@wtap.local

	* added the pending fixes from 1.0.1-stable. These ones
	  fix a number of unchecked return values and null derefs :
	  - 1001-Sort-sstacklst-correctly.patch
	  - 1002-Exit-on-error-in-ecparam.patch
	  - 1013-Fix-SSL_set_session_ticket_ext-when-used-with-SSLv23.patch
	  - 1015-RT3774-double-free-in-DSA.patch
	  - 1016-use-X9.31-keygen-by-default-in-FIPS-mode.patch
	  - 1017-Clear-BN-mont-values-when-free-ing-it.patch
	  - 1018-GH336-Return-an-exit-code-if-report-fails.patch
	  - 1019-Fix-warning-when-compiling-with-no-ec2m.patch
	  - 1020-Fix-seg-fault-with-0-p-val-in-SKE.patch
	  - 1021-Check-for-0-modulus-in-BN_MONT_CTX_set.patch
	  - 1022-Fix-missing-return-value-checks-in-SCTP.patch
	  - 1023-Fix-make-test-seg-fault-with-SCTP-enabled.patch
	  - 1024-Err-isn-t-always-malloc-failure.patch
	  - 1025-Fix-memory-leak-if-setup-fails.patch
	  - 1026-Return-error-for-unsupported-modes.patch
	  - 1032-Fix-DTLS-session-ticket-renewal.patch
	  - 1034-Fixed-problem-with-multiple-load-unload-of-comp-zlib.patch
	  - 1036-bntest-don-t-dereference-the-d-array-for-a-zero-BIGN.patch
	  - 1040-BN_mod_exp_mont_consttime-check-for-zero-modulus.patch
	  - 1042-check-bn_new-return-value.patch
	  - 1044-RT-3493-fix-RSA-test.patch
	  - 1045-RT4002-check-for-NULL-cipher-in-p12_crpt.c.patch
	  - 1048-Fix-building-with-OPENSSL_NO_TLSEXT.patch
	  - 1049-Fix-session-resumption.patch
	  - 1050-RT3754-check-for-NULL-pointer.patch
	  - 1051-Use-default-field-separator.patch
	  - 1052-Check-for-FIPS-mode-after-loading-config.patch
	  - 1053-d2i-don-t-update-input-pointer-on-failure.patch
	  - 1056-Make-no-psk-compile-without-warnings.patch
	  - 1057-RT3757-base64-encoding-bugs.patch
	  - 1058-base64-decode-check-for-high-bit.patch
	  - 1059-Make-sure-OPENSSL_cleanse-checks-for-NULL.patch
	  - 1062-Handle-SSL_ERROR_WANT_X509_LOOKUP.patch
	  - 1063-Make-SRP-work-with-www.patch
	  - 1064-Fix-SRP-memory-leaks.patch
	  - 1065-RT3823-Improve-the-robustness-of-event-logging.patch
	  - 1066-RT3479-Add-UTF8-support-to-BIO_read_filename.patch
	  - 1068-Make-BUF_strndup-read-safe-on-arbitrary-inputs.patch
	  - 1069-BUF_strndup-tidy.patch
	  - 1073-SRP-memory-leak-fix.patch
	  - 1074-RT2772-accept-empty-SessionTicket.patch
	  - 1076-GH367-use-random-data-if-seed-too-short.patch
	  - 1078-Fix-more-d2i-cases-to-properly-update-the-input-poin.patch
	  - 1079-Validate-ClientHello-extension-field-length.patch
	  - 1080-Change-functions-to-pass-in-a-limit-rather-than-calc.patch
	  - 1081-Don-t-try-and-parse-boolean-type.patch
	  - 1082-Set-flags-to-0-before-calling-BN_with_flags.patch
	  - 1083-Move-BN_CTX_start-call-so-the-error-case-can-always-.patch
	  - 1084-When-ENGINE_add-finds-that-id-or-name-is-missing-act.patch
	  - 1085-Don-t-treat-a-bare-OCTETSTRING-as-DigestInfo-in-int_.patch
	  - 1087-Avoid-SHA1-weakness.patch
	  - 1088-Typo.patch
	  - 1090-Do-not-treat-0-return-value-from-BIO_get_fd-as-error.patch
	  - 1091-Replace-malloc-strlcpy-with-strdup.patch
	  - 1092-Fix-memory-leaks-and-other-mistakes-on-errors.patch
	  - 1093-Set-salt-length-after-the-malloc-has-succeeded.patch
	  - 1096-Check-memory-allocation.patch

2015/10/27 21:15  willy@wtap.local

	* added the following fixes to fix two crashes :
	  openssl-1.0.1p-ssl_new-error-handling.diff
	  openssl-1.0.1p-ssl3_free-null-deref.diff

2015/07/10 12:05  emeric@ebr-laptop

	* released openssl-1.0.1p-flx2.1
	* fix vulnerabilities

2015/06/23 17:54  emeric@ebr-laptop

	* released openssl-1.0.1o-flx2.1

2015/04/07 14:33  emeric@ebr-laptop

	* released openssl-1.0.1m-flx2.1
	* Remove cryptodev
	* Re-align all patches with mainline 1.0.1m

2015/02/11 14:40  willy@wtap.local

	* released openssl-1.0.1l-flx2.3
	* removed accidental enable-ec_nistp_64_gcc_128 which remained in
	  the default build options and broke 32-bit build

2015/02/04 18:02  emeric@ebr-desktop

	* released openssl-1.0.1l-flx2.2
	* add option enable-ec_nistp_64_gcc_128 to enhance ECHDE performances 

2015/02/02 14:29  willy@wtap.local

	* released openssl-1.0.1l-flx2.1
	* upgraded to 1.0.1l
	* updated the small-records patch to remove changes to test files
	* removed fix-segfault-in-verify-param.diff

2014/11/13 14:41  willy@wtap.local

	* released openssl-1.0.1j-flx2.2
	* add the following fixes to handle OOM situations :
	  - 0001-no-wbuf-during-handshake.diff
	  - 0002-release-rbuf-during-handshake.diff
	  - fix-md-init-return-not-checked-cause-null-deref.diff
	  - fix-segfault-in-verify-param.diff
	  - small-records-1.0.1j.patch

2014/10/16 16:06  emeric@ebr-desktop

	* released openssl-1.0.1j-flx2.1
	Fix for CVE-2014-3513
	Fix for CVE-2014-3567
	Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
	Fix for CVE-2014-3568

2014/09/11 21:38  willy@wtap.local

	* released openssl-1.0.1i-flx2.1

2014/09/11 21:25  willy@wtap.local

	* upgraded to openssl-1.0.1i
	* fixed build issue for non-x86 archs : linux-elf is 586 for openssl !!!

2014/06/05 17:11  emeric@ebr-desktop

	* released openssl-1.0.1h-flx2.1
	* CVE-2014-0224 fix

2014/05/20 12:00  roberto@pierot

	* released openssl-1.0.1g-flx2.4 :
	  0001-Extension-checking-fixes.patch
	  0002-Fix-double-frees.patch
	  0003-Fix-use-after-free.patch
	  0004-Fix-eckey_priv_encode.patch
	  0005-Double-free-in-i2o_ECPublicKey.patch
	  0006-fix-coverity-issues-966593-966596.patch
	  0007-Set-Enveloped-data-version-to-2-if-ktri-version-not-.patch
	  0008-Initialize-num-properly.patch
	  0009-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
	  0010-evp-prevent-underflow-in-base64-decoding.patch
	  0011-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
	  0012-fix-coverity-issue-966597-error-line-is-not-always-i.patch
	  0013-PR-3342-fix-resource-leak-coverity-issue-966577.patch
	  0014-coverity-966576-close-socket-in-error-path.patch
	  0015-Return-an-error-if-no-recipient-type-matches.patch
	  0016-safety-check-to-ensure-we-dont-send-out-beyond-the-u.patch
	  0017-Fix-infinite-loop.-PR-3347.patch
	  0018-Avoid-out-of-bounds-write-in-SSL_get_shared_ciphers.patch
	  0019-dgram_sctp_ctrl-authkey-memory-leak.patch
	  0020-Set-authkey-to-NULL-and-check-malloc-return-value.patch
	  0021-Replace-manual-ASN1-decoder-with-ASN1_get_object.patch
	  0022-Correct-the-return-type-on-the-signature-for-X509_ST.patch
	  0023-Check-sk_SSL_CIPHER_num-after-assigning-sk.patch
	  0024-Enc-doesn-t-support-AEAD-ciphers.patch
	  0025-Fix-signed-unsigned-warning.patch
	  0026-Allow-the-maximum-value.patch
	  0027-Fix-a-wrong-parameter-count-ERR_add_error_data.patch

2014/05/19 14:57  roberto@pierot

	* released openssl-1.0.1g-flx2.3
	* CVE-2014-0198 openssl bugfix

2014/04/20 15:45  willy@wtap.local

	* released openssl-1.0.1g-flx2.2
	* update to 1.0.1g to fix CVE-2014-0160

2014/02/01 10:02  willy@wtap.local

	* update to 1.0.1f
	* use $PKGVER in the download URL

2013/10/09 11:54  roberto@pierot

	* released openssl-1.0.1e-flx2.1

2013/01/21 15:50  willy@pcw.home.local

	* released openssl-1.0.1c-flx2.4
	* fix build for any arm* platform

2013/01/14 14:08  willy@wtap

	* released openssl-1.0.1c-flx2.3

2012/12/31 11:33  willy@wtap

	* restored correct optimizations ; previous patch removed
	  -O3 in favor of -Os which is slower (-2% measured)
	* removed obsolete flag -DSSL_ALLOW_ADH added by previous patch and
	  which was removed in 0.9.5 in 2000 !
	* removed forced options that are wrong on some platforms. The correct
	  optimization options are already implied by the target OS.
	* added again support for ARM and SPARC which benefit from assembly code
	* added some error control in do_compile_only()

2012/10/08 10:26  emeric@ebr-laptop

	* released openssl-1.0.1c-flx2.2
	* Fix missing optims and cipher patch.

2012/06/01 11:00  djc@wks-ddc.exosec.local

	* released openssl-1.0.1c-flx2.1

2011/10/07 11:34  willy@wtap

	* released openssl-0.9.8r-flx2.2
	* use the arch-specific objdump utility
	* default architecture is not necessarily x86

2011/07/11 13:05  wlallemand@wlallemand-desktop

	* released openssl-0.9.8r-flx1.1
	* upgrade to 0.9.8r
	* i586 and x86_64 packages

2010/11/30 15:32  emeric@ebr-laptop

	* released openssl-0.9.8p-flx1.1