openssl 0.9.8k
Toolkit for SSL v2/v3 and TLS v1
Packager: Gökçen Eraslan
License: as-is
Actions
Binary packages
Release history
| Release | Release date | Version | Updater | Comment |
|---|---|---|---|---|
| 26 | 2010-03-29 | 0.9.8k | Eren Türkay | * Add patch to fix CVE-2010-0740, denial of service bug (#12513) |
| 25 | 2010-02-03 | 0.9.8k | Eren Türkay | * Update MD2 patch which was added to prevent spoofind vulnerability. (CVE-2009-2409) It failed on self-signed certificates and prevented konqueror from making SSL connections. |
| 24 | 2010-01-19 | 0.9.8k | Eren Türkay | * Add patch to fix CVE-2009-4355, denial of service bug via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function (#12014) * Add patch to completely disable renegotiation. (CVE-2009-3555, #11515). See: http://extendedsubset.com/?p=8 * Disable MD2 to prevent a spoofing vulnerability (CVE-2009-2409), #10815 |
| 23 | 2009-09-25 | 0.9.8k | Gökçen Eraslan | Fix for another DTLS Denial of Service vulnerability (CVE-2009-1387), #11218 |
| 22 | 2009-09-18 | 0.9.8k | Gökçen Eraslan | Add updated certificate list from Mozilla, also script to update certificate list is added. |
| 21 | 2009-05-20 | 0.9.8k | Gökçen Eraslan | Fix for DTLS Denial of Service (CVE-2009-{1377,1378}), #9778 |
| 20 | 2009-03-31 | 0.9.8k | Gökçen Eraslan | * Root CA certificates are updated. * Issue 'make rehash' command. |
| 19 | 2009-03-30 | 0.9.8k | Pınar Yanardağ | Version bump to fix multiple vulnerabilities CVE-2009-{0590,0591,0789} (bug#9462) |
| 18 | 2009-02-12 | 0.9.8i | Bahadır Kandemir | * Fixed ignoring CFLAGS and LDFLAGS * Fixed test script trying to write /root/.rnd |
| 17 | 2009-01-07 | 0.9.8i | Pınar Yanardağ | Version bump to fix CVE-2008-5077 (bug#8988) |
| 16 | 2009-01-05 | 0.9.8h | Gökçen Eraslan | * Newly included patch (by wpa_supplicant) adds support for TLS SessionTicket extension (RFC 5077) for the parts used by EAP-FAST (RFC 4851). Thanks to Furkan Duman. * Command that inserts certificates from openssl removed, because there are no root certificates in openssl any longer. |
| 15 | 2008-08-22 | 0.9.8h | İşbaran Akçayır | fix CVS-17196 |
| 14 | 2008-05-28 | 0.9.8h | Eren Türkay | Version bump to fix CVE-2008-{0891, 1672}. http://www.openssl.org/news/secadv_20080528.txt |
| 13 | 2008-01-04 | 0.9.8g | İsmail Dönmez | Version bump |
| 12 | 2007-11-07 | 0.9.7m | İsmail Dönmez | Fixup some valid warnings |
| 11 | 2007-09-27 | 0.9.7m | İsmail Dönmez | Fix SSL_get_shared_ciphers() off-by-one buffer overflow |
| 10 | 2007-08-03 | 0.9.7m | İsmail Dönmez | Fix CVE-2007-3108 and be strict about session ID context matching |
| 9 | 2007-02-23 | 0.9.7m | İsmail Dönmez | Stable update |
| 8 | 2006-10-09 | 0.9.7l | İsmail Dönmez | Fix patch for CVE-2006-2940 |
| 7 | 2006-09-28 | 0.9.7l | İsmail Dönmez | Version bump to fix CVE-2006-{2937,2940,3738,4343} |
| 6 | 2006-09-05 | 0.9.7k | İsmail Dönmez | Version bump to fix CVE-2006-4339 |
| 5 | 2006-06-30 | 0.9.7i | İsmail Dönmez | Remove conflicting manpage |
| 4 | 2005-11-17 | 0.9.7i | İsmail Dönmez | Enable no-executable-stack |
| 3 | 2005-10-15 | 0.9.7i | İsmail Dönmez | Compatibility fix |
| 2 | 2005-10-12 | 0.9.7h | İsmail Dönmez | Update to openssl-0.9.7h fixing security problems |
| 1 | 2005-08-14 | 0.9.7e | S.Çağlar Onur | First release. |
Patches
openssl-0.9.8i-tls-extensions.patchopenssl-0.9.8h-ldflags.patch
openssl-0.9.8k-toolchain.patch
openssl-0.9.8-CVE-2009-1377.patch
openssl-0.9.8-CVE-2009-1378.patch
CVE-2009-1387.diff
CVE-2009-2409.patch
CVE-2009-3555-no-renegotiation.patch
CVE-2009-4355.patch
CVE-2010-0740-record-of-death.patch