openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Kovacs <pe...@apache.org>
Subject Re: upgrading OpenSSL
Date Sun, 06 Oct 2019 23:23:15 GMT
Serf is dropping scon, and with 4.0 supportung cmake, too.
Not that it changes a lot.
There was a thread with the request of feedback quite a while back. 

Am 7. Oktober 2019 00:56:35 MESZ schrieb Don Lewis <truckman@apache.org>:
>The version of OpenSSL that we bundle with trunk, 1.0.2p, has three
>CVEs
>and I'm attempting to upgrade it to 1.0.2t.  One problem I ran into is
>that OpenSSL doesn't support Microsoft's assembler and now requires
>NASM.  That will be something that we will have to add as a hard
>requirement for Windows.
>
>Ideally we would upgrade to 1.1.1 because 1.0.2 goes EOL upstream at
>the
>end of the year.  Unfortunately there are some API changes in 1.1.1
>that
>break the serf build.  Upgrading to the latest serf (which we should do
>anyway) requires scons, so this upgrade will be non-trivial.
>
>For AOO418, we really need to upgrade beyond OpenSSL 0.9.8.  That
>version doesn't support anything newer that TLS 1.1, which is due to be
>deprecated in 2020.  Websites will stop supporting TLS 1.1, and our
>users will then have problems downloading extensions and upgrades from
>within OpenOffice.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>For additional commands, e-mail: dev-help@openoffice.apache.org

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message