FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 09-15-2008, 05:28 PM
Pierre Schmitz
 
Default openssl 0.9.8i-1

Changes between 0.9.8h and 0.9.8i [15 Sep 2008]

*) Fix a state transitition in s3_srvr.c and d1_srvr.c
(was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
[Nagendra Modadugu]

*) The fix in 0.9.8c that supposedly got rid of unsafe
double-checked locking was incomplete for RSA blinding,
addressing just one layer of what turns out to have been
doubly unsafe triple-checked locking.

So now fix this for real by retiring the MONT_HELPER macro
in crypto/rsa/rsa_eay.c.

[Bodo Moeller; problem pointed out by Marius Schilder]

*) Various precautionary measures:

- Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).

- Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
(NB: This would require knowledge of the secret session ticket key
to exploit, in which case you'd be SOL either way.)

- Change bn_nist.c so that it will properly handle input BIGNUMs
outside the expected range.

- Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
builds.

[Neel Mehta, Bodo Moeller]

*) Add support for Local Machine Keyset attribute in PKCS#12 files.
[Steve Henson]

*) Fix BN_GF2m_mod_arr() top-bit cleanup code.
[Huang Ying]

*) Expand ENGINE to support engine supplied SSL client certificate functions.

This work was sponsored by Logica.
[Steve Henson]

*) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
keystores. Support for SSL/TLS client authentication too.
Not compiled unless enable-capieng specified to Configure.

This work was sponsored by Logica.
[Steve Henson]

*) Allow engines to be "soft loaded" - i.e. optionally don't die if
the load fails. Useful for distros.
[Ben Laurie and the FreeBSD team]

--

Pierre Schmitz


Clemens-August-Straße 76
53115 Bonn

Telefon 0228 9716608
Mobil 0160 95269831
Jabber pierre@jabber.archlinux.de
WWW http://www.archlinux.de
 
Old 09-19-2008, 01:51 PM
Pierre Schmitz
 
Default openssl 0.9.8i-1

Am Montag 15 September 2008 19:28:28 schrieb Pierre Schmitz:
> *Changes between 0.9.8h and 0.9.8i *[15 Sep 2008]

...just a reminder to test this package and sign-off.

--

Pierre Schmitz


Clemens-August-Straße 76
53115 Bonn

Telefon 0228 9716608
Mobil 0160 95269831
Jabber pierre@jabber.archlinux.de
WWW http://www.archlinux.de
 
Old 09-21-2008, 12:20 PM
Pierre Schmitz
 
Default openssl 0.9.8i-1

Am Freitag 19 September 2008 15:51:08 schrieb Pierre Schmitz:
> Am Montag 15 September 2008 19:28:28 schrieb Pierre Schmitz:
> > *Changes between 0.9.8h and 0.9.8i *[15 Sep 2008]
>
> ...just a reminder to test this package and sign-off.

Could please someone tell me if ssl is still working? People statr to annoy me
about this update.

--

Pierre Schmitz


Clemens-August-Straße 76
53115 Bonn

Telefon 0228 9716608
Mobil 0160 95269831
Jabber pierre@jabber.archlinux.de
WWW http://www.archlinux.de
 
Old 09-21-2008, 12:54 PM
Allan McRae
 
Default openssl 0.9.8i-1

Pierre Schmitz wrote:

Am Freitag 19 September 2008 15:51:08 schrieb Pierre Schmitz:


Am Montag 15 September 2008 19:28:28 schrieb Pierre Schmitz:


Changes between 0.9.8h and 0.9.8i [15 Sep 2008]


...just a reminder to test this package and sign-off.



Could please someone tell me if ssl is still working? People statr to annoy me
about this update.



Seems fine here. Signoff i686.


Allan
 
Old 09-21-2008, 12:57 PM
Tobias Powalowski
 
Default openssl 0.9.8i-1

Am Sonntag 21 September 2008 schrieb Pierre Schmitz:
> Am Freitag 19 September 2008 15:51:08 schrieb Pierre Schmitz:
> > Am Montag 15 September 2008 19:28:28 schrieb Pierre Schmitz:
> > > *Changes between 0.9.8h and 0.9.8i *[15 Sep 2008]
> >
> > ...just a reminder to test this package and sign-off.
>
> Could please someone tell me if ssl is still working? People statr to annoy
> me about this update.
didn't experience issues here
signoff for x86_64

--
Tobias Powalowski
Archlinux Developer & Package Maintainer (tpowa)
http://www.archlinux.org
tpowa@archlinux.org
 
Old 09-21-2008, 01:10 PM
"Ronald van Haren"
 
Default openssl 0.9.8i-1

On Sun, Sep 21, 2008 at 2:20 PM, Pierre Schmitz <pierre@archlinux.de> wrote:
> Am Freitag 19 September 2008 15:51:08 schrieb Pierre Schmitz:
>> Am Montag 15 September 2008 19:28:28 schrieb Pierre Schmitz:
>> > Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
>>
>> ...just a reminder to test this package and sign-off.
>
> Could please someone tell me if ssl is still working? People statr to annoy me
> about this update.
>
> --
>
> Pierre Schmitz
>
>
> Clemens-August-Straße 76
> 53115 Bonn
>
> Telefon 0228 9716608
> Mobil 0160 95269831
> Jabber pierre@jabber.archlinux.de
> WWW http://www.archlinux.de
>
>

yes still seems to work on both architectures.
Tested creating a certificate, extracting information from it and
signing a S/MIME message.

Ronald
 
Old 11-22-2008, 12:05 AM
"Aaron Griffin"
 
Default openssl 0.9.8i-1

On Sun, Sep 21, 2008 at 7:10 AM, Ronald van Haren <pressh@gmail.com> wrote:
> On Sun, Sep 21, 2008 at 2:20 PM, Pierre Schmitz <pierre@archlinux.de> wrote:
>> Am Freitag 19 September 2008 15:51:08 schrieb Pierre Schmitz:
>>> Am Montag 15 September 2008 19:28:28 schrieb Pierre Schmitz:
>>> > Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
>>>
>>> ...just a reminder to test this package and sign-off.
>>
>> Could please someone tell me if ssl is still working? People statr to annoy me
>> about this update.

Still in testing. Going to move this to test a db-move bug 8)

Also, signoff i686
 

Thread Tools




All times are GMT. The time now is 10:08 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org