openssl

openssl 0.9.8r

Toolkit for SSL v2/v3 and TLS v1

http://www.openssl.org/

Packager: Gökçen Eraslan

License: as-is

Actions

Build files

Bug reports

Binary packages

openssl

Release history

ReleaseRelease dateVersionUpdaterComment
342011-03-280.9.8rGökçen EraslanUpdate CA list from Mozilla CVS against Comodo
certification issue.
332011-02-140.9.8rGökçen EraslanVersion bump to 0.9.8r:
*) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
[Neel Mehta, Adam Langley, Bodo Moeller (Google)]

*) Fix bug in string printing code: if *any* escaping is enabled we must
escape the escape character (backslash) or the resulting string is
ambiguous. [Steve Henson]
322010-12-110.9.8qGökçen EraslanVersion bump to 0.9.8q, #15522:
*) Disable code workaround for ancient and obsolete Netscape browsers
and servers: an attacker can use it in a ciphersuite downgrade attack. CVE-2010-4180

*) Fixed J-PAKE implementation error, originally discovered by
Sebastien Martini, further info and confirmation from Stefan
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
312010-11-180.9.8pGökçen Eraslan*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864

*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939

*) Don't reencode certificate when calculating signature: cache and use
the original encoding instead. This makes signature verification of
some broken encodings work correctly.

*) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
is also one of the inputs.

*) Don't repeatedly append PBE algorithms to table if they already exist.
Sort table on each new add. This effectively makes the table read only
after all algorithms are added and subsequent calls to PKCS12_pbe_add
etc are non-op
302010-10-260.9.8oGökçen Eraslan* Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
* Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
* VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
292010-08-120.9.8kEren Türkay- Fix double-free corruption in s3_clnt.c. (CVE-2010-2939, #13982)
282010-06-070.9.8kEren Türkay- Fix invalid asn1 module definition for cms (CVE-2010-0742)
272010-03-290.9.8kEren Türkay* Add patch to fix CVE-2010-0740, denial of service bug (#12513)
262010-01-190.9.8kEren Türkay* Add patch to fix CVE-2009-4355, denial of service bug via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function (#12014)
252009-11-150.9.8kEren Türkay* Add patch to completely disable renegotiation. (CVE-2009-3555, #11515). See: http://extendedsubset.com/?p=8
* NOTE: This fixes 90% of the cases. If renegotiation is needed, we can not do anything about it.
Now, TLS extension is being developed to solve the issue but it needs time. When extension is completed,
we will keep us updated as well..
* NOTE #2: With this commit, apache will also be fixed. There is no need to patch mod_ssl. The patch to mod_ssl is needed
with old version of openssl which does not reject renegotiating.
242009-09-270.9.8kPınar YanardağDisable MD2 to prevent a spoofing vulnerability (CVE-2009-2409), #10815
232009-09-250.9.8kGökçen EraslanFix for another DTLS Denial of Service vulnerability (CVE-2009-1387), #11218
222009-09-020.9.8kGökçen EraslanAdd new root certificates including KamuSM from Mozilla.
212009-05-200.9.8kGökçen EraslanFix for DTLS Denial of Service (CVE-2009-{1377,1378}), #9778
202009-03-310.9.8kGökçen Eraslan* Root CA certificates are updated.
* Issue 'make rehash' command.
192009-03-300.9.8kPınar YanardağVersion bump to fix multiple vulnerabilities CVE-2009-{0590,0591,0789} (bug#9462)
182009-02-120.9.8iBahadır Kandemir* Fixed ignoring CFLAGS and LDFLAGS
* Fixed test script trying to write /root/.rnd
172009-01-070.9.8iPınar YanardağVersion bump to fix CVE-2008-5077 (bug#8988)
162009-01-050.9.8hGökçen Eraslan* Newly included patch (by wpa_supplicant) adds support for TLS SessionTicket extension (RFC 5077) for the parts used by EAP-FAST (RFC 4851). Thanks to Furkan Duman.
* Command that inserts certificates from openssl removed, because there are no root certificates in openssl any longer.
152008-08-220.9.8hİşbaran Akçayırfix CVS-17196
142008-05-280.9.8hEren TürkayVersion bump to fix CVE-2008-{0891, 1672}. http://www.openssl.org/news/secadv_20080528.txt
132008-01-040.9.8gİsmail DönmezVersion bump
122007-11-070.9.7mİsmail DönmezFixup some valid warnings
112007-09-270.9.7mİsmail DönmezFix SSL_get_shared_ciphers() off-by-one buffer overflow
102007-08-030.9.7mİsmail DönmezFix CVE-2007-3108 and be strict about session ID context matching
92007-02-230.9.7mİsmail DönmezStable update
82006-10-090.9.7lİsmail DönmezFix patch for CVE-2006-2940
72006-09-280.9.7lİsmail DönmezVersion bump to fix CVE-2006-{2937,2940,3738,4343}
62006-09-050.9.7kİsmail DönmezVersion bump to fix CVE-2006-4339
52006-06-300.9.7iİsmail DönmezRemove conflicting manpage
42005-11-170.9.7iİsmail DönmezEnable no-executable-stack
32005-10-150.9.7iİsmail DönmezCompatibility fix
22005-10-120.9.7hİsmail DönmezUpdate to openssl-0.9.7h fixing security problems
12005-08-140.9.7eS.Çağlar OnurFirst release.

Patches

openssl-0.9.8i-tls-extensions.patch
openssl-0.9.8h-ldflags.patch