From openssl at openssl.org Mon Jan 5 14:13:38 2015 From: openssl at openssl.org (OpenSSL) Date: Mon, 5 Jan 2015 15:13:38 +0100 Subject: [openssl-announce] Forthcoming OpenSSL releases Message-ID: <20150105141338.GA19261@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forthcoming OpenSSL releases ============================ The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.1k, 1.0.0p and 0.9.8zd. These releases will be made available on 8th January. They will fix a number of security defects. Since these security defects are considered as moderate severity or less no further details or patches will be made available in advance of the release. Yours The OpenSSL Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUqpq7AAoJENnE0m0OYESRCeQH/3i7C8kpk+n6cqwaEedjt5Mo eU0F+d8OrxPMqzEo4qftGe+7ygvwJBdA8tb0/4fQuqmg9wBSbJMa7qku20qOpKF9 daYfOPQCXgdGUjomp5GYz86/7Aq7aND8qQLnCcWWdwBv+8ypP0Hgywilr1LW+nnv xBNNbQSBERPayGcSIqFI0xYd2r8Q8vUp9BMKnkHoR5ty3nO43/nGQnPwEX5O3tJc XZzWVVxrKhp/wMiAueWz44vc0juO8LdfkuWUtjJj3F9cL9qLOG877ho4cM/t9WX/ jheVNun1Cd9Z0wIn0nHYgtJUn/eVyTc9LckoVKt9pg4+HhsJd4cTC8X92HQbB6E= =fM80 -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 8 15:37:53 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 8 Jan 2015 16:37:53 +0100 Subject: [openssl-announce] OpenSSL version 0.9.8zd released Message-ID: <20150108153753.GA29145@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 0.9.8zd released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8zd of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-0.9.8-notes.html OpenSSL 0.9.8zd is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.8zd.tar.gz Size: 3737538 MD5 checksum: e9b9ee12f2911e1a378e2458d9bfff77 SHA1 checksum: b9a6356d5385e0bd6b8af660576bfdef7b45666e The checksums were calculated using the following commands: openssl md5 openssl-0.9.8zd.tar.gz openssl sha1 openssl-0.9.8zd.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUrpVNAAoJENnE0m0OYESRDe0H/3AKK345ct3rR0QEQ1YN6d33 T4upEE2CKGaDhhqfPl0iHPDVxec+st98JxF3Yg5wQxWO7DxMe5bbKCYl/hM0ZSQd zTzeECDH5WtzlyXTCp5TZdLMwpPL3kkW0Q7D4q/RXZ6DE3fNVLDsxJOiVa4cWtHL JnuJCCqwSC5a5CfhcyAu5Tqt2/0xoFxcai8NmmhIWe806pfrwsN9PoD0YW9ARlLC hySrcCLy4MHtZYie4dv7JIOtVb1PPyX6qNsoKriGdpwb+drPvRtQFxSkbif+2gkf Y7YkDs8nKCdLwJvgonprl6HgcHh4eeBNpxOgfwMo/Vnw02HZvm7na2t4jxvmm+E= =+Z6j -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 8 15:38:58 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 8 Jan 2015 16:38:58 +0100 Subject: [openssl-announce] OpenSSL version 1.0.0p released Message-ID: <20150108153858.GA29225@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.0p released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0p of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.0-notes.html OpenSSL 1.0.0p is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0p.tar.gz Size: 4008663 MD5 checksum: f66da50ff3624aeaf292948f27d8ae7d SHA1 checksum: 04dd495c47c7a11f7f311747121b6b77e08abb5b The checksums were calculated using the following commands: openssl md5 openssl-1.0.0p.tar.gz openssl sha1 openssl-1.0.0p.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUrpJ5AAoJENnE0m0OYESRXL4IAJ66ZB4N5/nhxPCYV0vGMjCE A6jBTMPNfcF+CX26rFr3nWTX85zvmAFW9r+nIddlvnLSsWtDKtOpZsyWiFzFSrtK gp7xPhI3B//Di1bkDk0zkhUcAT/7DU/8yp8Nm5J0XMu71H+3Uxh/QP6ZpyW1ZSJ7 eWeZGr+PoVaC0gcRR2HBPtaArL0fhbgGI7HggRslvNupiwBqJ42Z0wDY12ONaA38 Be6jiUBElRQqr5VmjPOSdezX0ZTErI7NZ5It1DCtsLuglbVsmrim57PSpOkWwVh0 FRi39qNR7T4/2SEcUN01EX7VENarqZaxIxJuYCIx6v8DXYQQ8NloUudBe6icmE8= =9lIN -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 8 15:39:33 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 8 Jan 2015 16:39:33 +0100 Subject: [openssl-announce] OpenSSL version 1.0.1k released Message-ID: <20150108153933.GA29291@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.1k released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1k of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1k is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1k.tar.gz Size: 4434910 MD5 checksum: d4f002bd22a56881340105028842ae1f SHA1 checksum: 19d818e202558c212a9583fcdaf876995a633ddf The checksums were calculated using the following commands: openssl md5 openssl-1.0.1k.tar.gz openssl sha1 openssl-1.0.1k.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUro4+AAoJENnE0m0OYESRxuQH/2TFznmtvL92IMO6rjeCClYM bBqxvIaVs/l7sflcsENo67HNCn0/RmblmfULVY96Pvoin7z19wMyEFL+3NSM1w8v HkX2mRz23V8PEDxn23f3i1ltCCZgc+aQyKoOf6Rbo4WHxgIHKXdKqm8dhyVj6ODw s2Go3TvaUNtG1BoW6AJtr1ZHosq+WKaOjq5yiRdFb1o/00GipSOb6gRsT2qJHEXS NpFEJm1CRguJ7qe3SPgu7gGyQ34MVl9jO1onRlMqsE4anvZBtm5sK97YXRrc4fqK 0E/SO1sW+mz359fHJMYmYnefG0hs1+KNnA1ydEfLLrf1Bc8Lqft37rN0cVfKdzg= =oLV9 -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 8 15:44:33 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 8 Jan 2015 16:44:33 +0100 Subject: [openssl-announce] OpenSSL Security Advisory Message-ID: <20150108154433.GA30257@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL Security Advisory [08 Jan 2015] ======================================= DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) =========================================================== Severity: Moderate A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team. DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) ======================================================= Severity: Moderate A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. This issue affects OpenSSL versions: 1.0.1 and 1.0.0. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch. no-ssl3 configuration sets method to NULL (CVE-2014-3569) ========================================================= Severity: Low When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx. ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) ========================================================== Severity: Low An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) ============================================================== Severity: Low An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. DH client certificates accepted without verification [Server] (CVE-2015-0205) ============================================================================= Severity: Low An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. This issue affects OpenSSL versions: 1.0.1 and 1.0.0. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. Certificate fingerprints can be modified (CVE-2014-8275) ======================================================== Severity: Low OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team. Bignum squaring may produce incorrect results (CVE-2014-3570) ============================================================= Severity: Low Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined: *) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. *) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. *) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. *) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team. [1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUrpY9AAoJENnE0m0OYESReyMH/1e6o6yRRKVKUUV7wvkoGreO rqdvmG0dRmtPFKvuWlDO6+6nLtBorj5B/Ebqkd+oPfQhZ9is2xyrCIRT1jwqiHPA w35fwEWMD8P1Fpq/hqBVE4QF3zSflS13GIuOBc1Q8dR7JO9TN+xXYy3TkLXzyDOR jSRtqUq2QaHevlpZU2e9olErpQX9mvcOd31JHs8aFyt/hbWsxiY1EUbU7CUfKC5L 4BicWJl4v/OKsy3Ctxx0ajtYE7bbPCElWDwzHaI+FF5pnC6MlI9fUy97fELmniEy tIIxgH9YK0YAnDBoHEH3w5NZtI1qgrhRIasuk9sS7J5ILTB44X9hgQDqnZUVMfA= =7bjl -----END PGP SIGNATURE----- From dongsheng.song at gmail.com Fri Jan 9 03:32:30 2015 From: dongsheng.song at gmail.com (Dongsheng Song) Date: Fri, 9 Jan 2015 11:32:30 +0800 Subject: [openssl-announce] OpenSSL version 1.0.1k released In-Reply-To: <20150108153933.GA29291@openssl.org> References: <20150108153933.GA29291@openssl.org> Message-ID: test failure on custom build: perl Configure ^ no-comp no-dso no-idea no-ssl2 no-ssl3 no-psk no-srp ^ --prefix=D:/var/pool/openssl-win32 ^ VC-WIN32 ... D:\var\tmp\openssl-1.0.1k>nmake -f ms\ntdll.mak ... D:\var\tmp\openssl-1.0.1k>nmake -f ms\nt.mak test Microsoft (R) Program Maintenance Utility Version 12.00.21005.1 Copyright (C) Microsoft Corporation. All rights reserved. cd out32 ..\ms\test rsa_test PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok destest Doing cbcm Doing ecb Doing ede ecb Doing cbc Doing desx cbc Doing ede cbc Doing pcbc Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done Doing ofb Doing ofb64 Doing ede_ofb64 Doing cbc_cksum Doing quad_cksum input word alignment test 0 1 2 3 output word alignment test 0 1 2 3 fast crypt test ideatest 'ideatest' is not recognized as an internal or external command, operable program or batch file. problems..... On Thu, Jan 8, 2015 at 11:39 PM, OpenSSL wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > OpenSSL version 1.0.1k released > =============================== > > OpenSSL - The Open Source toolkit for SSL/TLS > http://www.openssl.org/ > > The OpenSSL project team is pleased to announce the release of > version 1.0.1k of our open source toolkit for SSL/TLS. For details > of changes and known issues see the release notes at: > > http://www.openssl.org/news/openssl-1.0.1-notes.html > > OpenSSL 1.0.1k is available for download via HTTP and FTP from the > following master locations (you can find the various FTP mirrors under > http://www.openssl.org/source/mirror.html): > > * http://www.openssl.org/source/ > * ftp://ftp.openssl.org/source/ > > The distribution file name is: > > o openssl-1.0.1k.tar.gz > Size: 4434910 > MD5 checksum: d4f002bd22a56881340105028842ae1f > SHA1 checksum: 19d818e202558c212a9583fcdaf876995a633ddf > > The checksums were calculated using the following commands: > > openssl md5 openssl-1.0.1k.tar.gz > openssl sha1 openssl-1.0.1k.tar.gz > > Yours, > > The OpenSSL Project Team. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJUro4+AAoJENnE0m0OYESRxuQH/2TFznmtvL92IMO6rjeCClYM > bBqxvIaVs/l7sflcsENo67HNCn0/RmblmfULVY96Pvoin7z19wMyEFL+3NSM1w8v > HkX2mRz23V8PEDxn23f3i1ltCCZgc+aQyKoOf6Rbo4WHxgIHKXdKqm8dhyVj6ODw > s2Go3TvaUNtG1BoW6AJtr1ZHosq+WKaOjq5yiRdFb1o/00GipSOb6gRsT2qJHEXS > NpFEJm1CRguJ7qe3SPgu7gGyQ34MVl9jO1onRlMqsE4anvZBtm5sK97YXRrc4fqK > 0E/SO1sW+mz359fHJMYmYnefG0hs1+KNnA1ydEfLLrf1Bc8Lqft37rN0cVfKdzg= > =oLV9 > -----END PGP SIGNATURE----- > _______________________________________________ > openssl-announce mailing list > openssl-announce at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-announce From dbourget at videotron.ca Fri Jan 9 03:49:18 2015 From: dbourget at videotron.ca (Dominique Bourget) Date: Thu, 08 Jan 2015 22:49:18 -0500 Subject: [openssl-announce] Pas de courriel Message-ID: Bonjour, Retirez mon adresse de vos listes. Je ne veux plus recevoir ces avis. Dominique Bourget --- L'absence de virus dans ce courrier ?lectronique a ?t? v?rifi?e par le logiciel antivirus Avast. http://www.avast.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From p_jeanbaptiste at yahoo.com Mon Jan 12 10:31:46 2015 From: p_jeanbaptiste at yahoo.com (Philippe Jeanbaptiste) Date: Mon, 12 Jan 2015 10:31:46 +0000 (UTC) Subject: [openssl-announce] Pas de courriel In-Reply-To: References: Message-ID: <808054015.494618.1421058706557.JavaMail.yahoo@jws100122.mail.ne1.yahoo.com> Same for me: I already asked you several time to withdraw me from your mailing list.Thank you. On Friday, January 9, 2015 5:48 AM, Dominique Bourget wrote: Bonjour,Retirez mon adresse de vos listes.Je ne veux plus recevoir ces avis. ?Dominique Bourget ? | | L'absence de virus dans ce courrier ?lectronique a ?t? v?rifi?e par le logiciel antivirus Avast. www.avast.com | _______________________________________________ openssl-announce mailing list openssl-announce at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-announce -------------- next part -------------- An HTML attachment was scrubbed... URL: From gag at certi.org.br Mon Jan 12 11:57:39 2015 From: gag at certi.org.br (Gabriel Marques) Date: Mon, 12 Jan 2015 09:57:39 -0200 Subject: [openssl-announce] Pas de courriel In-Reply-To: <808054015.494618.1421058706557.JavaMail.yahoo@jws100122.mail.ne1.yahoo.com> References: <808054015.494618.1421058706557.JavaMail.yahoo@jws100122.mail.ne1.yahoo.com> Message-ID: <54B3B6B3.3060404@certi.org.br> For all the openssl list subscribers: The openssl-announce is a standard e-mail list based on MailMan. So to unsubscribe just access https://mta.openssl.org/mailman/options/openssl-announce And follow the un-subscription instructions - no need to notify the entire list to say you don't want to receive more messages. att, Gabriel. On 12-01-2015 08:31, Philippe Jeanbaptiste wrote: > Same for me: I already asked you several time to withdraw me from your mailing list. > Thank you. > > > On Friday, January 9, 2015 5:48 AM, Dominique Bourget wrote: > > > Bonjour, > Retirez mon adresse de vos listes. > Je ne veux plus recevoir ces avis. > > *Dominique Bourget* > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > L'absence de virus dans ce courrier ?lectronique a ?t? v?rifi?e par le logiciel antivirus Avast. > www.avast.com > > > > _______________________________________________ > openssl-announce mailing list > openssl-announce at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-announce > > > > > _______________________________________________ > openssl-announce mailing list > openssl-announce at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-announce -------------- next part -------------- An HTML attachment was scrubbed... URL: From morten.jensen at mailbox.org Mon Jan 12 12:43:51 2015 From: morten.jensen at mailbox.org (Morten Jensen) Date: Mon, 12 Jan 2015 13:43:51 +0100 Subject: [openssl-announce] Pas de courriel In-Reply-To: <54B3B6B3.3060404@certi.org.br> References: <808054015.494618.1421058706557.JavaMail.yahoo@jws100122.mail.ne1.yahoo.com> <54B3B6B3.3060404@certi.org.br> Message-ID: <20150112124351.GB12083@mailbox.org> * Gabriel Marques wrote on Mon, 12 Jan 2015, at 09:57 (-0200): Indeed the primary question is: why is *anybody* allowed to post on the -announce list anyway? As to http://openssl.org/support/community.html it should really be for "Official Project Announcements; low-volume read-only." like it is commonly handled in many other projects. To say it more explicitly because this is not the first misdirected mail: Can you please configure your setup correctly?! Thank you Morten > For all the openssl list subscribers: > The openssl-announce is a standard e-mail list based on MailMan. So to unsubscribe just access > https://mta.openssl.org/mailman/options/openssl-announce > > And follow the un-subscription instructions - no need to notify the entire list to say you don't want to receive more messages. > > att, > Gabriel. > > On 12-01-2015 08:31, Philippe Jeanbaptiste wrote: > > Same for me: I already asked you several time to withdraw me from your mailing list. > > Thank you. > > > > > > On Friday, January 9, 2015 5:48 AM, Dominique Bourget wrote: > > > > > > Bonjour, > > Retirez mon adresse de vos listes. > > Je ne veux plus recevoir ces avis. > > > > *Dominique Bourget* From levitte at openssl.org Mon Jan 12 14:06:02 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 12 Jan 2015 15:06:02 +0100 (CET) Subject: [openssl-announce] This list is now moderated Message-ID: <20150112.150602.1142799606904053169.levitte@openssl.org> This list is now moderated, again. As some already noticed, this list was unmoderated for a short while. That was an error on our part and it has now been corrected. Apologies for the inconvenience. On behalf of the OpenSSL team, Richard -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From matt at openssl.org Wed Jan 14 15:32:34 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 14 Jan 2015 15:32:34 +0000 Subject: [openssl-announce] Forthcoming OpenSSL releases and reformat Message-ID: <54B68C12.5000507@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The OpenSSL Project are pleased to make the following announcements: - - There will be new releases made available on Thursday 15th January for versions 1.0.1, 1.0.0 and 0.9.8. These will be bug fix only releases to address build problems with the current releases on the Windows and OpenVMS platforms. No new security issues will be included in these releases. - - The whole OpenSSL codebase will be reformatted according to the newly published OpenSSL coding style (https://www.openssl.org/about/codingstyle.txt) on Wednesday 21st January. This will include the master, 1.0.2, 1.0.1, 1.0.0 and 0.9.8 branches. See [1] for further background information. - - Between the releases being made available on 15th January and the code reformat on 21st January the 1.0.1, 1.0.0 and 0.9.8 branches in the public repository will be frozen and no changes will be made (except in the case of very high priority fixes). - - OpenSSL 1.0.2 will be released on Thursday 22nd January. Yours The OpenSSL Project Team [1] https://mta.openssl.org/pipermail/openssl-dev/2015-January/000299.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUtowSAAoJENnE0m0OYESRjr0H/3ui088oz8ZDcHEkhXoF1Pd/ bJStjZPtWUq4BJTTKq/GTTK7TGsjW+z+OwXFuLOX6ZfvVTG0aMpCGEU4OT7PO2zt NC76X56bTA+sFrJt65Ks3xMZ4pppBRq6irSJsvihEb1rWiAGDlTTjJJLKfgP76Xc ZxHnQ4LKmWcqqZmuK+XFqkitf6DuVMNlPa6yJ9jjbq6gSibxSNvhbu+qTfH2M30g 9X854pWKj5j76RLmDvFBPqP+sGHNBhs45THZO7BuGPQV5lJzRvnJxQKreAcHAyhq BihHEdsk9wKMKJNjrcVgfKSulx3PLvAIn8mZW9CIuxmEfn9LKsGyrJvwJLBk5DY= =d482 -----END PGP SIGNATURE----- From marquess at opensslfoundation.org Wed Jan 14 15:58:11 2015 From: marquess at opensslfoundation.org (Steve Marquess) Date: Wed, 14 Jan 2015 10:58:11 -0500 Subject: [openssl-announce] Platinum Sponsorship by Oracle Message-ID: <54B69213.3090408@opensslfoundation.org> I am pleased to announce Oracle Corporation (http://www.oracle.com) as the third Platinum Sponsor of the OpenSSL project, and the first such sponsor from the United States. For several years, Oracle has provided financial support in the form of commercial funding of platform validations for the OpenSSL FIPS Object Module v2.0 (certificate #1747), the most widely used FIPS 140-2 validated cryptographic module and the only one freely available under an open source license. Without financial support from Oracle and other FIPS module users, the successful completion and continued maintenance of that module would not have been possible. Thank you Oracle! -Steve M. -- Steve Marquess OpenSSL Software Foundation Inc. 20-22 Wenlock Road London N1 7GU United Kingdom +44 1785508015 +1 301 874 2571 direct marquess at opensslfoundation.org stevem at openssl.org From openssl at openssl.org Thu Jan 15 15:54:30 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 15 Jan 2015 16:54:30 +0100 Subject: [openssl-announce] OpenSSL version 1.0.0q released Message-ID: <20150115155430.GA31333@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.0q released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0q of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.0-notes.html OpenSSL 1.0.0q is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0q.tar.gz Size: 4004090 MD5 checksum: 8cafccab6f05e8048148e5c282ed5402 SHA1 checksum: de1268a7240106bde2c865b77cd5538313db4bca The checksums were calculated using the following commands: openssl md5 openssl-1.0.0q.tar.gz openssl sha1 openssl-1.0.0q.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUt9UeAAoJENnE0m0OYESR13UH/270WK9BRjPBTvFnb2GukF/K 3W61tLqompMuIFhFbAV2N4/zQBNT0L6/NnAEFBUkmBOhN7u8vhOawEargoJAViWG mdUZAUce78AgILTxYUavfDq9tu3SZQbWAJwB1BjQ3iA+yLe7sLoZMmlTidyHJqIw QybOYOg0hwKqZ1uymO0yFMY4N+EosFkFUAZe7F52002iB1UQjH69CkzE2arHrZjI fJgAhEjzNGB5cp9wc2TJtnWZiauhdm9yNY9b6sR4xafERjY40wvZ3tdgrtP/rPdX x2eAH5tJ1KY9DPnUxWrlHanIPGkz5KhowsW5y/PWkvLLzQYGRW3MK4UDOKmhFtQ= =nWh1 -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 15 15:55:14 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 15 Jan 2015 16:55:14 +0100 Subject: [openssl-announce] OpenSSL version 0.9.8ze released Message-ID: <20150115155514.GA31372@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 0.9.8ze released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8ze of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-0.9.8-notes.html OpenSSL 0.9.8ze is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.8ze.tar.gz Size: 3734873 MD5 checksum: edcca64ac2fbf2b03461936d5e42a262 SHA1 checksum: cbfbda630b3ad6d89a15a80c0dc15ebce2c1b7b2 The checksums were calculated using the following commands: openssl md5 openssl-0.9.8ze.tar.gz openssl sha1 openssl-0.9.8ze.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUt9daAAoJENnE0m0OYESRmXUIALecJ514/CzORM23LL6oJgZZ lq55Wq3J1mw7yIC2Z+3wotERDMb9IFaBXmxk+e3Z3MRT36AJkmw6Q+wx3RAXN4DY 8sFKWhIhnV9xWydJdBRMPJc9wWe3j1HFD26xqmwcVRaDbXuL2TeddcOn1r9gLZxR R6NGxtc+RG/k3hkdX3Dd3sYgNXkScQLUlFBhWjL1zd0NIgv1a/T+CHPE31dUZ18A AM7r6HBT+if/gota/LMrz0j7e3UX94YP+DMUiDeXWMAkMYGG9uLa6wc+4cLnEAPe 9fk5TAP0Tm/C+DAZN7y43GDraoMwWJbCbeFLocEVhfpWmBdX8V5uB4WOewtBVsw= =t/Sk -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 15 15:53:52 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 15 Jan 2015 16:53:52 +0100 Subject: [openssl-announce] OpenSSL version 1.0.1l released Message-ID: <20150115155352.GA31300@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.1l released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1l of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1l.tar.gz Size: 4429979 MD5 checksum: cdb22925fc9bc97ccbf1e007661f2aa6 SHA1 checksum: 4547a0b4269acf76b1f9e7d188896867d6fc8c18 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1l.tar.gz openssl sha1 openssl-1.0.1l.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUt9J+AAoJENnE0m0OYESRFp8H/0aafnd6C3+WnyTmc6YYvOB0 RHrPqGJG+LAFWNEGSeFVXGW7JLmjmJqRMWj97Wvdj6jZ5ldSWsSEhHAkfXsdnD9O VnoRj5VYcKmbA1LQeCrUYa/OuUJjcL1sDvIxdX9gBnRuYnfZ03rc7H/WCxHoS7CK VVJehwmlIor8lORdLgH2soBqQ4aDHlh0BUkSPu8HG0EGuEWUmESs1/LPkj6VOfoG cUZzxsJp2O8fwkt73kgYEQdoEBJpy0yDK6hrOAPRAO4W5ps06xZNT3E4q9EwAHQX ds+t6xYtVk9VnG8NbjFsu4cXHaKXg3NFsWjLVzBtTG+jdcnehagHprDydFv2H74= =eWWG -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jan 22 16:38:47 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 22 Jan 2015 17:38:47 +0100 Subject: [openssl-announce] OpenSSL version 1.0.2 released Message-ID: <20150122163847.GA28965@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.2 released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2 of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.2-notes.html OpenSSL 1.0.2 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.2.tar.gz Size: 5265809 MD5 checksum: 38373013fc85c790aabf8837969c5eba SHA1 checksum: 2f264f7f6bb973af444cd9fc6ee65c8588f610cc The checksums were calculated using the following commands: openssl md5 openssl-1.0.2.tar.gz openssl sha1 openssl-1.0.2.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUwSFvAAoJENnE0m0OYESRLI0H/2Lxz5oS7aVq5hCJ/8xMpiab 4umL84mE1WzbO+3HQAIcR24EQbdqiNfv0F7RGjRtq9Up6QS8yydNgdpvPZapj77d pVpQ85ICYZpOnO+72UahGIhEe7ZGO32386eBZuj2AHDN5pooEReAXWELBF4vYNcR 18fY/BFnxQgzUgSdhcA91nO2bUetA0epmzsQE8l2vxeXi6BABlJM5wUG2Zi8EZWF KISgD1QJLBfxEBG2fpTqwXf/ZsJL+a2JweKT0MrkV6cUVUGMf2CDJm27aZQxuojl dd7WCP0SfASFl0OVhcOhrijSKH9IvH6cKgyu7d4DFiDwayASJcMW0yTBglq9r+k= =b21y -----END PGP SIGNATURE-----