openssl 0.9.8r
Toolkit for SSL v2/v3 and TLS v1
Packager: Gökçen Eraslan
License: as-is
Actions
Binary packages
Release history
Release | Release date | Version | Updater | Comment |
---|---|---|---|---|
34 | 2011-03-28 | 0.9.8r | Gökçen Eraslan | Update CA list from Mozilla CVS against Comodo certification issue. |
33 | 2011-02-14 | 0.9.8r | Gökçen Eraslan | Version bump to 0.9.8r: *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must escape the escape character (backslash) or the resulting string is ambiguous. [Steve Henson] |
32 | 2010-12-11 | 0.9.8q | Gökçen Eraslan | Version bump to 0.9.8q, #15522: *) Disable code workaround for ancient and obsolete Netscape browsers and servers: an attacker can use it in a ciphersuite downgrade attack. CVE-2010-4180 *) Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 |
31 | 2010-11-18 | 0.9.8p | Gökçen Eraslan | *) Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can be shared by multiple threads. CVE-2010-3864 *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 *) Don't reencode certificate when calculating signature: cache and use the original encoding instead. This makes signature verification of some broken encodings work correctly. *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT is also one of the inputs. *) Don't repeatedly append PBE algorithms to table if they already exist. Sort table on each new add. This effectively makes the table read only after all algorithms are added and subsequent calls to PKCS12_pbe_add etc are non-op |
30 | 2010-10-26 | 0.9.8o | Gökçen Eraslan | * Correct a typo in the CMS ASN1 module which can result in invalid memory access or freeing data twice (CVE-2010-0742) * Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more common in certificates and some applications which only call SSL_library_init and not OpenSSL_add_all_algorithms() will fail. * VMS fixes: Reduce copying into .apps and .test in makevms.com Don't try to use blank CA certificate in CA.com Allow use of C files from original directories in maketests.com |
29 | 2010-08-12 | 0.9.8k | Eren Türkay | - Fix double-free corruption in s3_clnt.c. (CVE-2010-2939, #13982) |
28 | 2010-06-07 | 0.9.8k | Eren Türkay | - Fix invalid asn1 module definition for cms (CVE-2010-0742) |
27 | 2010-03-29 | 0.9.8k | Eren Türkay | * Add patch to fix CVE-2010-0740, denial of service bug (#12513) |
26 | 2010-01-19 | 0.9.8k | Eren Türkay | * Add patch to fix CVE-2009-4355, denial of service bug via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function (#12014) |
25 | 2009-11-15 | 0.9.8k | Eren Türkay | * Add patch to completely disable renegotiation. (CVE-2009-3555, #11515). See: http://extendedsubset.com/?p=8 * NOTE: This fixes 90% of the cases. If renegotiation is needed, we can not do anything about it. Now, TLS extension is being developed to solve the issue but it needs time. When extension is completed, we will keep us updated as well.. * NOTE #2: With this commit, apache will also be fixed. There is no need to patch mod_ssl. The patch to mod_ssl is needed with old version of openssl which does not reject renegotiating. |
24 | 2009-09-27 | 0.9.8k | Pınar Yanardağ | Disable MD2 to prevent a spoofing vulnerability (CVE-2009-2409), #10815 |
23 | 2009-09-25 | 0.9.8k | Gökçen Eraslan | Fix for another DTLS Denial of Service vulnerability (CVE-2009-1387), #11218 |
22 | 2009-09-02 | 0.9.8k | Gökçen Eraslan | Add new root certificates including KamuSM from Mozilla. |
21 | 2009-05-20 | 0.9.8k | Gökçen Eraslan | Fix for DTLS Denial of Service (CVE-2009-{1377,1378}), #9778 |
20 | 2009-03-31 | 0.9.8k | Gökçen Eraslan | * Root CA certificates are updated. * Issue 'make rehash' command. |
19 | 2009-03-30 | 0.9.8k | Pınar Yanardağ | Version bump to fix multiple vulnerabilities CVE-2009-{0590,0591,0789} (bug#9462) |
18 | 2009-02-12 | 0.9.8i | Bahadır Kandemir | * Fixed ignoring CFLAGS and LDFLAGS * Fixed test script trying to write /root/.rnd |
17 | 2009-01-07 | 0.9.8i | Pınar Yanardağ | Version bump to fix CVE-2008-5077 (bug#8988) |
16 | 2009-01-05 | 0.9.8h | Gökçen Eraslan | * Newly included patch (by wpa_supplicant) adds support for TLS SessionTicket extension (RFC 5077) for the parts used by EAP-FAST (RFC 4851). Thanks to Furkan Duman. * Command that inserts certificates from openssl removed, because there are no root certificates in openssl any longer. |
15 | 2008-08-22 | 0.9.8h | İşbaran Akçayır | fix CVS-17196 |
14 | 2008-05-28 | 0.9.8h | Eren Türkay | Version bump to fix CVE-2008-{0891, 1672}. http://www.openssl.org/news/secadv_20080528.txt |
13 | 2008-01-04 | 0.9.8g | İsmail Dönmez | Version bump |
12 | 2007-11-07 | 0.9.7m | İsmail Dönmez | Fixup some valid warnings |
11 | 2007-09-27 | 0.9.7m | İsmail Dönmez | Fix SSL_get_shared_ciphers() off-by-one buffer overflow |
10 | 2007-08-03 | 0.9.7m | İsmail Dönmez | Fix CVE-2007-3108 and be strict about session ID context matching |
9 | 2007-02-23 | 0.9.7m | İsmail Dönmez | Stable update |
8 | 2006-10-09 | 0.9.7l | İsmail Dönmez | Fix patch for CVE-2006-2940 |
7 | 2006-09-28 | 0.9.7l | İsmail Dönmez | Version bump to fix CVE-2006-{2937,2940,3738,4343} |
6 | 2006-09-05 | 0.9.7k | İsmail Dönmez | Version bump to fix CVE-2006-4339 |
5 | 2006-06-30 | 0.9.7i | İsmail Dönmez | Remove conflicting manpage |
4 | 2005-11-17 | 0.9.7i | İsmail Dönmez | Enable no-executable-stack |
3 | 2005-10-15 | 0.9.7i | İsmail Dönmez | Compatibility fix |
2 | 2005-10-12 | 0.9.7h | İsmail Dönmez | Update to openssl-0.9.7h fixing security problems |
1 | 2005-08-14 | 0.9.7e | S.Çağlar Onur | First release. |
Patches
openssl-0.9.8i-tls-extensions.patchopenssl-0.9.8h-ldflags.patch