Issue 127117

Summary:

Update OpenSSL in the stable branch to version 0.9.8zh

Product:

General

Reporter:

Pedro Giffuni <pfg>

Component:

code

Assignee:

AOO issues mailing list <issues>

Status:

CLOSED FIXED

QA Contact:

Severity:

Normal

Priority:

P5 (lowest)

CC:

mseidel, pats, petko

Version:

4.1.2

Flags:

pats: 4.1.3_release_blocker-
arielch: 4.1.4_release_blocker-
petko: 4.1.6_release_blocker+

Target Milestone:

4.1.6

Hardware:

All

OS:

All

Issue Type:

PATCH

Latest Confirmation in:

4.1.5

Developer Difficulty:

---

Attachments:

Description	Flags
Minor update patch	none

Description Pedro Giffuni 2016-09-15 21:58:22 UTC

AOO 4.1.2 included a very old version of OpenSSL which has known vulenrabilities. For a minor release it is inconvenient to bring the newer major release but we should at least bring version 0.9.8zh.

For this we would need to merge r1722228, r1722238, and r1722239 to the release branch.

Comment 1 orcmid 2016-09-15 23:01:11 UTC

Taken by the Security Team

Comment 2 orcmid 2016-09-15 23:02:09 UTC

Taken by security team

Comment 3 orcmid 2016-09-16 16:33:18 UTC

Restored as a non-security matter.  The assignment to security was mistaken.

Comment 4 Pedro Giffuni 2016-09-16 18:29:13 UTC

Created attachment 85675 [details]
Minor update patch

This would be the change in patch form.
While here: the URL for old versions has changed in the OpenSSL site so set a new one that works.

Comment 5 Ariel Constenla-Haile 2017-02-01 17:01:48 UTC

Not suitable for 4.1.4

Comment 6 Matthias Seidel 2018-09-13 20:33:41 UTC

Committed to branch AOO 4.1.6 with:

 - r1839347
 - r1839357
 - r1839422

Comment 7 Peter 2018-09-16 09:21:03 UTC

Accepted for 4.1.6

Comment 8 Matthias Seidel 2018-09-16 18:22:04 UTC

Already fixed, but I can't set Target Milestone to 4.1.6.

Comment 9 Marcus 2018-09-16 18:52:11 UTC

Target 4.1.6 is now available