106876 – Update OpenSSL library

Issue 106876 - Update OpenSSL library

Summary: Update OpenSSL library

Status:	CLOSED FIXED

Alias:	None

Product:	ucb
Classification:	Code
Component:	code (show other issues)
Version:	OOo 1.0.0
Hardware:	All All

Importance:	P2 Trivial (vote)
Target Milestone:	OOo 3.2
Assignee:	thorsten.martens
QA Contact:	issues@ucb

URL:
Keywords:

Depends on:
Blocks:	99999
	Show dependency tree

Reported:	2009-11-13 07:55 UTC by tkr
Modified:	2017-05-20 09:23 UTC (History)
CC List:	1 user (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
neon patch (793 bytes, patch) 2009-11-13 08:37 UTC, caolanm	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description tkr 2009-11-13 07:55:53 UTC

The currently in OOo used OpenSSL version 0.9.8k is effected by the TLS/SSL
renegotiation issue (CVE-2009-3555). The OpenSSL version 0.9.8l fixes this
vulnerability. Please update.

Comment 1 tkr 2009-11-13 08:08:29 UTC

Set target milestone OOo 3.2

Comment 2 mdxonefour 2009-11-13 08:32:48 UTC

adding to stopper meta issue

Comment 3 caolanm 2009-11-13 08:37:39 UTC

Created attachment 66086 [details]
neon patch

Comment 4 caolanm 2009-11-13 08:38:50 UTC

I don't think you'll need the above patch to neon for openssl 0.9.8l, I think
its only needed for openssl 1.0.0. But just in case you get a link error in neon
after upgrading openssl, then the above is the upstream fix for it.

Comment 5 tkr 2009-11-16 09:00:36 UTC

fixed in tkr30

Comment 6 tkr 2009-11-19 09:12:21 UTC

TKR->TM: Please verify on all platforms. To verify: Open a HTTPS connection.

Comment 7 thorsten.martens 2009-11-23 10:37:37 UTC

Checked and verified in cws tkr30 -> OK !