Compare commits
9 Commits
OpenSSL_0_
...
OpenSSL_0_
| Author | SHA1 | Date | |
|---|---|---|---|
|
e0c0203341 | ||
|
|
e1eec61e26 | ||
|
|
296fa128c9 | ||
|
|
6dde222aae | ||
|
|
391ac37018 | ||
|
|
8d038a08fb | ||
|
|
747c6ffda4 | ||
|
|
d4cddc54f0 | ||
|
|
eb7112c18e |
8
CHANGES
8
CHANGES
@@ -2,6 +2,14 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
|
||||
|
||||
*) The fix for CVE-2012-2110 did not take into account that the
|
||||
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
|
||||
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
|
||||
rejecting negative len parameter. (CVE-2012-2131)
|
||||
[Tomas Hoger <thoger@redhat.com>]
|
||||
|
||||
Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
|
||||
|
||||
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
|
||||
|
||||
22
FAQ
22
FAQ
@@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why aren't tools like 'autoconf' and 'libtool' used?
|
||||
* What is an 'engine' version?
|
||||
* How do I check the authenticity of the OpenSSL distribution?
|
||||
* How does the versioning scheme work?
|
||||
|
||||
[LEGAL] Legal questions
|
||||
|
||||
@@ -82,7 +83,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 1.0.0i was released on Apr 19th, 2012.
|
||||
OpenSSL 1.0.1a was released on Apr 19th, 2012.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@@ -108,7 +109,9 @@ In addition, you can read the most current versions at
|
||||
<URL: http://www.openssl.org/docs/>. Note that the online documents refer
|
||||
to the very latest development versions of OpenSSL and may include features
|
||||
not present in released versions. If in doubt refer to the documentation
|
||||
that came with the version of OpenSSL you are using.
|
||||
that came with the version of OpenSSL you are using. The pod format
|
||||
documentation is included in each OpenSSL distribution under the docs
|
||||
directory.
|
||||
|
||||
For information on parts of libcrypto that are not yet documented, you
|
||||
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
|
||||
@@ -173,6 +176,19 @@ just do:
|
||||
|
||||
pgp TARBALL.asc
|
||||
|
||||
* How does the versioning scheme work?
|
||||
|
||||
After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
|
||||
releases (e.g. 1.0.1a) can only contain bug and security fixes and no
|
||||
new features. Minor releases change the last number (e.g. 1.0.2) and
|
||||
can contain new features that retain binary compatibility. Changes to
|
||||
the middle number are considered major releases and neither source nor
|
||||
binary compatibility is guaranteed.
|
||||
|
||||
Therefore the answer to the common question "when will feature X be
|
||||
backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
|
||||
in the next minor release.
|
||||
|
||||
[LEGAL] =======================================================================
|
||||
|
||||
* Do I need patent licenses to use OpenSSL?
|
||||
@@ -284,7 +300,7 @@ current directory in this case, but this has changed with 0.9.6a.)
|
||||
Check out the CA.pl(1) manual page. This provides a simple wrapper round
|
||||
the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
|
||||
out the manual pages for the individual utilities and the certificate
|
||||
extensions documentation (currently in doc/openssl.txt).
|
||||
extensions documentation (in ca(1), req(1), x509v3_config(5) )
|
||||
|
||||
|
||||
* Why can't I create certificate requests?
|
||||
|
||||
4
NEWS
4
NEWS
@@ -5,6 +5,10 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
|
||||
|
||||
o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
|
||||
|
||||
Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
|
||||
|
||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.8v 19 Apr 2012
|
||||
OpenSSL 0.9.8w 23 Apr 2012
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
8
STATUS
8
STATUS
@@ -1,16 +1,22 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2012/04/19 11:39:02 $
|
||||
______________ $Date: 2012/04/23 21:03:04 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 1.1.0: Under development...
|
||||
o OpenSSL 1.0.1: Under development...
|
||||
o OpenSSL 1.0.0i: Released on April 19th, 2012
|
||||
o OpenSSL 1.0.0h: Released on March 12th, 2012
|
||||
o OpenSSL 1.0.0g: Released on January 18th, 2012
|
||||
o OpenSSL 1.0.0f: Released on January 4th, 2012
|
||||
o OpenSSL 1.0.0e: Released on September 6th, 2011
|
||||
o OpenSSL 1.0.0d: Released on February 8nd, 2011
|
||||
o OpenSSL 1.0.0c: Released on December 2nd, 2010
|
||||
o OpenSSL 1.0.0b: Released on November 16th, 2010
|
||||
o OpenSSL 1.0.0a: Released on June 1st, 2010
|
||||
o OpenSSL 1.0.0: Released on March 29th, 2010
|
||||
o OpenSSL 0.9.8w: Released on April 23rd, 2012
|
||||
o OpenSSL 0.9.8v: Released on April 19th, 2012
|
||||
o OpenSSL 0.9.8u: Released on March 12th, 2012
|
||||
o OpenSSL 0.9.8t: Released on January 18th, 2012
|
||||
|
||||
@@ -99,6 +99,11 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
|
||||
char *ret;
|
||||
unsigned int n;
|
||||
|
||||
if (len < 0)
|
||||
{
|
||||
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (str->length >= len)
|
||||
{
|
||||
str->length=len;
|
||||
@@ -141,6 +146,11 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
|
||||
char *ret;
|
||||
unsigned int n;
|
||||
|
||||
if (len < 0)
|
||||
{
|
||||
BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (str->length >= len)
|
||||
{
|
||||
memset(&str->data[len],0,str->length-len);
|
||||
@@ -156,7 +166,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
|
||||
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
|
||||
if (len > LIMIT_BEFORE_EXPANSION)
|
||||
{
|
||||
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
|
||||
BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
n=(len+3)/3*4;
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090816fL
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090817fL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8v-fips 19 Apr 2012"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8v 19 Apr 2012"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
%define libmaj 0
|
||||
%define libmin 9
|
||||
%define librel 8
|
||||
%define librev v
|
||||
%define librev w
|
||||
Release: 1
|
||||
|
||||
%define openssldir /var/ssl
|
||||
|
||||
Reference in New Issue
Block a user