<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">I see no code change between 1.0.2q and 1.0.2r.</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">------</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"># diff -dup openssl-1.0.2q openssl-1.0.2r |& grep '^diff' | awk '{print $4}'<br>openssl-1.0.2r/CHANGES<br>openssl-1.0.2r/Makefile<br>openssl-1.0.2r/Makefile.org<br>openssl-1.0.2r/NEWS<br>openssl-1.0.2r/README<br>openssl-1.0.2r/openssl.spec<br>hongch@hongch_bldx:~/downloads> diff -dup openssl-1.0.2q openssl-1.0.2r | & grep '^Only'<br>Only in openssl-1.0.2q: Makefile.bak<br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">------</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">It's supposed have a fix for CVE-2019-1559? Am I missing something?<br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Hong.<br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 20, 2018 at 11:17 PM OpenSSL <<a href="mailto:openssl@openssl.org">openssl@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
<br>
OpenSSL version 1.0.2q released<br>
===============================<br>
<br>
OpenSSL - The Open Source toolkit for SSL/TLS<br>
<a href="https://www.openssl.org/" rel="noreferrer" target="_blank">https://www.openssl.org/</a><br>
<br>
The OpenSSL project team is pleased to announce the release of<br>
version 1.0.2q of our open source toolkit for SSL/TLS. For details<br>
of changes and known issues see the release notes at:<br>
<br>
<a href="https://www.openssl.org/news/openssl-1.0.2-notes.html" rel="noreferrer" target="_blank">https://www.openssl.org/news/openssl-1.0.2-notes.html</a><br>
<br>
OpenSSL 1.0.2q is available for download via HTTP and FTP from the<br>
following master locations (you can find the various FTP mirrors under<br>
<a href="https://www.openssl.org/source/mirror.html" rel="noreferrer" target="_blank">https://www.openssl.org/source/mirror.html</a>):<br>
<br>
* <a href="https://www.openssl.org/source/" rel="noreferrer" target="_blank">https://www.openssl.org/source/</a><br>
* <a href="ftp://ftp.openssl.org/source/" rel="noreferrer" target="_blank">ftp://ftp.openssl.org/source/</a><br>
<br>
The distribution file name is:<br>
<br>
o openssl-1.0.2q.tar.gz<br>
Size: 5345604<br>
SHA1 checksum: 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5<br>
SHA256 checksum: 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684<br>
<br>
The checksums were calculated using the following commands:<br>
<br>
openssl sha1 openssl-1.0.2q.tar.gz<br>
openssl sha256 openssl-1.0.2q.tar.gz<br>
<br>
Yours,<br>
<br>
The OpenSSL Project Team.<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
<br>
iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0D/MACgkQ2cTSbQ5g<br>
RJHZwQf/XVVXUUPD6ybAWXzWTAhb4kECMC7ahiEuLwO82IF8dafNNGLWVKU4qD5Q<br>
oHCBuHq8UUHPo1s+YeR+3phH0it8xZNUvpDw4BPFlLNkev16+yYJudl2YE9asVep<br>
1Hup97zhSVfF7YS3o4r3TFL6VeAeC0XLHNItIYznldZ7oiI4iCvSH3rZ3Sb3O6lL<br>
EpSu3CYqgpbUI09aSZDdwYaUwj7j2KGf3D+U8U+bHY7d47GdvykSk18l1Mt2m/0K<br>
63gDR4Nl+dgkLu6BALuqT79vhkRdiKWV4+e0GhvZPpjpoWBveYY1Q7nkfjy0Sh7j<br>
womsen61sS073bbdHZX6LoVuAsQbOw==<br>
=WXDE<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
openssl-project mailing list<br>
<a href="mailto:openssl-project@openssl.org" target="_blank">openssl-project@openssl.org</a><br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-project" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-project</a><br>
</blockquote></div>