<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I just cloned the OpenSSL git repo at
git://git.openssl.org/openssl.git. Looking at the
OpenSSL_1_0_1-stable branch, the fix for CVE-2015-3197 still isn't
in the repo. The most recent commit is:<br>
<br>
foleyj@hobknob:~/gitsync/ossl/openssl$ git log<br>
commit 126ac21c80967ec00f802d356462c1b83fa0f54c<br>
Author: Richard Levitte <a class="moz-txt-link-rfc2396E" href="mailto:levitte@openssl.org"><levitte@openssl.org></a><br>
Date: Tue Jan 19 20:35:41 2016 +0100<br>
<br>
Fix BSD -rpath parameter<br>
<br>
For BSD systems, Configure adds a shared_ldflags including a
reference<br>
to the Makefile variable LIBRPATH, but since it must be passed
down to<br>
Makefile.shared, care must be taken so the value of LIBRPATH
doesn't<br>
get expanded too early, or it ends up giving an empty string.<br>
<br>
Reviewed-by: Viktor Dukhovni <a class="moz-txt-link-rfc2396E" href="mailto:viktor@openssl.org"><viktor@openssl.org></a><br>
(cherry picked from commit
c64879d3f3cc4c7f1c436a9fe3bd109847a23629)<br>
<br>
Did someone forgot to push the commit after generating the 1.0.1r
release today?<br>
<br>
<br>
<pre><code>
</code></pre>
<br>
<br>
<br>
</body>
</html>