OpenSSL CHANGES
_______________
- Changes between 0.9.8q and 0.9.8r [xx XXX xxxx]
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+ [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
*) Fix bug in string printing code: if *any* escaping is enabled we must
escape the escape character (backslash) or the resulting string is
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
+OpenSSL 1.0.0d was released on Feb 8th, 2011.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
---------------
/* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+
+ o Fix for security issue CVE-2011-0014
+
Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
o Fix for security issue CVE-2010-4180
- OpenSSL 0.9.8r-dev
+ OpenSSL 0.9.8r
- Copyright (c) 1998-2009 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
OpenSSL STATUS Last modified at
- ______________ $Date: 2010/12/02 18:53:51 $
+ ______________ $Date: 2011/02/08 17:10:45 $
DEVELOPMENT STATE
o OpenSSL 1.1.0: Under development...
+ o OpenSSL 1.0.1: Under development...
+ o OpenSSL 1.0.0d: Released on February 8nd, 2011
+ o OpenSSL 1.0.0c: Released on December 2nd, 2010
o OpenSSL 1.0.0b: Released on November 16th, 2010
o OpenSSL 1.0.0a: Released on June 1st, 2010
o OpenSSL 1.0.0: Released on March 29th, 2010
+ o OpenSSL 0.9.8r: Released on February 8nd, 2011
o OpenSSL 0.9.8q: Released on December 2nd, 2010
o OpenSSL 0.9.8p: Released on November 16th, 2010
o OpenSSL 0.9.8o: Released on June 1st, 2010
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x00908120L
+#define OPENSSL_VERSION_NUMBER 0x0090812fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r-fips 8 Feb 2011"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r 8 Feb 2011"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
} else {
push @out,
"/* ====================================================================\n",
-" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n",
+" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
" *\n",
" * Redistribution and use in source and binary forms, with or without\n",
" * modification, are permitted provided that the following conditions\n",
projects / oweals / openssl.git / commitdiff