Issue 106876 - Update OpenSSL library
Summary: Update OpenSSL library
Alias: None
Product: ucb
Classification: Code
Component: code (show other issues)
Version: OOo 1.0.0
Hardware: All All
: P2 Trivial (vote)
Target Milestone: OOo 3.2
Assignee: thorsten.martens
QA Contact: issues@ucb
Depends on:
Blocks: 99999
  Show dependency tree
Reported: 2009-11-13 07:55 UTC by tkr
Modified: 2017-05-20 09:23 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

neon patch (793 bytes, patch)
2009-11-13 08:37 UTC, caolanm
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this issue.
Description tkr 2009-11-13 07:55:53 UTC
The currently in OOo used OpenSSL version 0.9.8k is effected by the TLS/SSL
renegotiation issue (CVE-2009-3555). The OpenSSL version 0.9.8l fixes this
vulnerability. Please update.
Comment 1 tkr 2009-11-13 08:08:29 UTC
Set target milestone OOo 3.2
Comment 2 mdxonefour 2009-11-13 08:32:48 UTC
adding to stopper meta issue
Comment 3 caolanm 2009-11-13 08:37:39 UTC
Created attachment 66086 [details]
neon patch
Comment 4 caolanm 2009-11-13 08:38:50 UTC
I don't think you'll need the above patch to neon for openssl 0.9.8l, I think
its only needed for openssl 1.0.0. But just in case you get a link error in neon
after upgrading openssl, then the above is the upstream fix for it.
Comment 5 tkr 2009-11-16 09:00:36 UTC
fixed in tkr30
Comment 6 tkr 2009-11-19 09:12:21 UTC
TKR->TM: Please verify on all platforms. To verify: Open a HTTPS connection.
Comment 7 thorsten.martens 2009-11-23 10:37:37 UTC
Checked and verified in cws tkr30 -> OK !