Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 254183 - dev-libs/openssl-0.9.8j version bump
Summary: dev-libs/openssl-0.9.8j version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo's Team for Core System packages
URL: http://www.openssl.org/news/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-08 01:46 UTC by Lars Wendler (Polynomial-C) (RETIRED)
Modified: 2009-01-08 11:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2009-01-08 01:46:07 UTC 
Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
  *) Properly check EVP_VerifyFinal() and similar return values
     (CVE-2008-5077).
     [Ben Laurie, Bodo Moeller, Google Security Team]
  *) Properly check EVP_VerifyFinal() and similar return values
     (CVE-2008-5077).
     [Ben Laurie, Bodo Moeller, Google Security Team]
  *) Enable TLS extensions by default.
     [Ben Laurie]
  *) Allow the CHIL engine to be loaded, whether the application is
     multithreaded or not. (This does not release the developer from the
     obligation to set up the dynamic locking callbacks.)
     [Sander Temme <sander@temme.net>]
  *) Use correct exit code if there is an error in dgst command.
     [Steve Henson; problem pointed out by Roland Dirlewanger]
  *) Tweak Configure so that you need to say "experimental-jpake" to enable
     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
     [Bodo Moeller]
  *) Add experimental JPAKE support, including demo authentication in
     s_client and s_server.
     [Ben Laurie]
  *) Set the comparison function in v3_addr_canonize().
     [Rob Austein <sra@hactrn.net>]
  *) Add support for XMPP STARTTLS in s_client.
     [Philip Paeps <philip@freebsd.org>]
  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
     to ensure that even with this option, only ciphersuites in the
     server's preference list will be accepted.  (Note that the option
     applies only when resuming a session, so the earlier behavior was
     just about the algorithm choice for symmetric cryptography.)
     [Bodo Moeller]

This release breaks parallel build again *sigh*
I tried to investigate this a bit but package's Makefiles are a mess IMO...

Reproducible: Always

Steps to Reproduce:
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2009-01-08 01:46:49 UTC 
Reassigning to base-system herd.
Comment 2 Dirkjan Ochtman (RETIRED) gentoo-dev 2009-01-08 09:16:21 UTC 
I'd like to request that this gets bumped to a higher severity/priority on account of security issues (CVE-2008-5077).
Comment 3 Peter Alfredsen (RETIRED) gentoo-dev 2009-01-08 11:46:58 UTC 
+*openssl-0.9.8j (08 Jan 2009)
+
+  08 Jan 2009; Peter Alfredsen <loki_val@gentoo.org>
+  +files/openssl-0.9.8j-parallel-build.patch, +openssl-0.9.8j.ebuild:
+  Bump, bug 254183 and CVE-2008-5077, bug 251346. Parallel build fails
+  horribly, forcing -j1. Since we don't install fips, sedded that part out
+  of the root makefile to get around a build failure.
+