* [Buildroot] [PATCH] openssl: security bump to version 1.0.0j
@ 2012-05-11 15:45 Gustavo Zacarias
2012-05-14 12:36 ` Peter Korsgaard
2012-08-17 16:49 ` Thomas Petazzoni
0 siblings, 2 replies; 6+ messages in thread
From: Gustavo Zacarias @ 2012-05-11 15:45 UTC (permalink / raw)
To: buildroot
Bump to version 1.0.0j to fix CVE-2012-2333
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/openssl/openssl.mk | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 748252c..62861c5 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
#
#############################################################
-OPENSSL_VERSION = 1.0.0i
+OPENSSL_VERSION = 1.0.0j
OPENSSL_SITE = http://www.openssl.org/source
OPENSSL_INSTALL_STAGING = YES
OPENSSL_DEPENDENCIES = zlib
--
1.7.3.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.0j
2012-05-11 15:45 [Buildroot] [PATCH] openssl: security bump to version 1.0.0j Gustavo Zacarias
@ 2012-05-14 12:36 ` Peter Korsgaard
2012-08-17 16:49 ` Thomas Petazzoni
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2012-05-14 12:36 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
Gustavo> Bump to version 1.0.0j to fix CVE-2012-2333
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.0j
2012-05-11 15:45 [Buildroot] [PATCH] openssl: security bump to version 1.0.0j Gustavo Zacarias
2012-05-14 12:36 ` Peter Korsgaard
@ 2012-08-17 16:49 ` Thomas Petazzoni
2012-08-17 16:55 ` Gustavo Zacarias
1 sibling, 1 reply; 6+ messages in thread
From: Thomas Petazzoni @ 2012-08-17 16:49 UTC (permalink / raw)
To: buildroot
Hello Gustavo,
Le Fri, 11 May 2012 12:45:48 -0300,
Gustavo Zacarias <gustavo@zacarias.com.ar> a ?crit :
> Bump to version 1.0.0j to fix CVE-2012-2333
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
At http://patchwork.ozlabs.org/patch/148560/ we have a patch that has
been sitting for a long time, which bumps the version of openssl to
1.0.1. Looking at the OpenSSL website, I see that both the 1.0.0X
versions and 1.0.1X versions are maintained. Do you know what they
mean, and whether we should stay at 1.0.0 or move to 1.0.1?
I simply would like to know what to do with this patch in our
patchwork :)
Thanks!
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.0j
2012-08-17 16:49 ` Thomas Petazzoni
@ 2012-08-17 16:55 ` Gustavo Zacarias
2012-08-17 17:23 ` Thomas Petazzoni
2012-08-17 18:03 ` Stefan Fröberg
0 siblings, 2 replies; 6+ messages in thread
From: Gustavo Zacarias @ 2012-08-17 16:55 UTC (permalink / raw)
To: buildroot
On 08/17/12 13:49, Thomas Petazzoni wrote:
> At http://patchwork.ozlabs.org/patch/148560/ we have a patch that has
> been sitting for a long time, which bumps the version of openssl to
> 1.0.1. Looking at the OpenSSL website, I see that both the 1.0.0X
> versions and 1.0.1X versions are maintained. Do you know what they
> mean, and whether we should stay at 1.0.0 or move to 1.0.1?
>
> I simply would like to know what to do with this patch in our
> patchwork :)
>
> Thanks!
>
> Thomas
1.0.1 is security-vulnerable, so it can't be bumped as-is, the target
should be 1.0.1c at the moment.
The big difference between 1.0.0* and 1.0.1* is that the later has
initial support for TLSv1.1 and TLSv1.2 among other minor details.
Both are API compatible though not ABI (and we don't care).
I can give it a test during the weekend and give it a go for -next.
Regards.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.0j
2012-08-17 16:55 ` Gustavo Zacarias
@ 2012-08-17 17:23 ` Thomas Petazzoni
2012-08-17 18:03 ` Stefan Fröberg
1 sibling, 0 replies; 6+ messages in thread
From: Thomas Petazzoni @ 2012-08-17 17:23 UTC (permalink / raw)
To: buildroot
Le Fri, 17 Aug 2012 13:55:17 -0300,
Gustavo Zacarias <gustavo@zacarias.com.ar> a ?crit :
> 1.0.1 is security-vulnerable, so it can't be bumped as-is, the target
> should be 1.0.1c at the moment.
Yes, agreed. I was referring to 1.0.1 as a branch, not specifically to
1.0.1. The patch I mentioned did target 1.0.1 because this patch is
about 6 months old.
> The big difference between 1.0.0* and 1.0.1* is that the later has
> initial support for TLSv1.1 and TLSv1.2 among other minor details.
> Both are API compatible though not ABI (and we don't care).
> I can give it a test during the weekend and give it a go for -next.
Great, thanks!
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.0j
2012-08-17 16:55 ` Gustavo Zacarias
2012-08-17 17:23 ` Thomas Petazzoni
@ 2012-08-17 18:03 ` Stefan Fröberg
1 sibling, 0 replies; 6+ messages in thread
From: Stefan Fröberg @ 2012-08-17 18:03 UTC (permalink / raw)
To: buildroot
17.8.2012 19:55, Gustavo Zacarias kirjoitti:
> On 08/17/12 13:49, Thomas Petazzoni wrote:
>
>> At http://patchwork.ozlabs.org/patch/148560/ we have a patch that has
>> been sitting for a long time, which bumps the version of openssl to
>> 1.0.1. Looking at the OpenSSL website, I see that both the 1.0.0X
>> versions and 1.0.1X versions are maintained. Do you know what they
>> mean, and whether we should stay at 1.0.0 or move to 1.0.1?
>>
>> I simply would like to know what to do with this patch in our
>> patchwork :)
>>
>> Thanks!
>>
>> Thomas
> 1.0.1 is security-vulnerable, so it can't be bumped as-is, the target
> should be 1.0.1c at the moment.
> The big difference between 1.0.0* and 1.0.1* is that the later has
> initial support for TLSv1.1 and TLSv1.2 among other minor details.
> Both are API compatible though not ABI (and we don't care).
> I can give it a test during the weekend and give it a go for -next.
> Regards.
Don't know about 1.0.1c version (or greater) but what's it worth, I have
had version 1.0.1b sitting in my buildroot copy like ages
and so far have not noticed anything strange in my buildroot based home
distro.
Best regards
Stefan
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-08-17 18:03 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-05-11 15:45 [Buildroot] [PATCH] openssl: security bump to version 1.0.0j Gustavo Zacarias
2012-05-14 12:36 ` Peter Korsgaard
2012-08-17 16:49 ` Thomas Petazzoni
2012-08-17 16:55 ` Gustavo Zacarias
2012-08-17 17:23 ` Thomas Petazzoni
2012-08-17 18:03 ` Stefan Fröberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.