Changes between 0.9.8i and 0.9.8j [07 Jan 2009] *) Properly check EVP_VerifyFinal() and similar return values (CVE-2008-5077). [Ben Laurie, Bodo Moeller, Google Security Team] *) Properly check EVP_VerifyFinal() and similar return values (CVE-2008-5077). [Ben Laurie, Bodo Moeller, Google Security Team] *) Enable TLS extensions by default. [Ben Laurie] *) Allow the CHIL engine to be loaded, whether the application is multithreaded or not. (This does not release the developer from the obligation to set up the dynamic locking callbacks.) [Sander Temme <sander@temme.net>] *) Use correct exit code if there is an error in dgst command. [Steve Henson; problem pointed out by Roland Dirlewanger] *) Tweak Configure so that you need to say "experimental-jpake" to enable JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. [Bodo Moeller] *) Add experimental JPAKE support, including demo authentication in s_client and s_server. [Ben Laurie] *) Set the comparison function in v3_addr_canonize(). [Rob Austein <sra@hactrn.net>] *) Add support for XMPP STARTTLS in s_client. [Philip Paeps <philip@freebsd.org>] *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior to ensure that even with this option, only ciphersuites in the server's preference list will be accepted. (Note that the option applies only when resuming a session, so the earlier behavior was just about the algorithm choice for symmetric cryptography.) [Bodo Moeller] This release breaks parallel build again *sigh* I tried to investigate this a bit but package's Makefiles are a mess IMO... Reproducible: Always Steps to Reproduce:
Reassigning to base-system herd.
I'd like to request that this gets bumped to a higher severity/priority on account of security issues (CVE-2008-5077).
+*openssl-0.9.8j (08 Jan 2009) + + 08 Jan 2009; Peter Alfredsen <loki_val@gentoo.org> + +files/openssl-0.9.8j-parallel-build.patch, +openssl-0.9.8j.ebuild: + Bump, bug 254183 and CVE-2008-5077, bug 251346. Parallel build fails + horribly, forcing -j1. Since we don't install fips, sedded that part out + of the root makefile to get around a build failure. +