openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Lewis <truck...@apache.org>
Subject upgrading OpenSSL
Date Sun, 06 Oct 2019 22:56:35 GMT
The version of OpenSSL that we bundle with trunk, 1.0.2p, has three CVEs
and I'm attempting to upgrade it to 1.0.2t.  One problem I ran into is
that OpenSSL doesn't support Microsoft's assembler and now requires
NASM.  That will be something that we will have to add as a hard
requirement for Windows.

Ideally we would upgrade to 1.1.1 because 1.0.2 goes EOL upstream at the
end of the year.  Unfortunately there are some API changes in 1.1.1 that
break the serf build.  Upgrading to the latest serf (which we should do
anyway) requires scons, so this upgrade will be non-trivial.

For AOO418, we really need to upgrade beyond OpenSSL 0.9.8.  That
version doesn't support anything newer that TLS 1.1, which is due to be
deprecated in 2020.  Websites will stop supporting TLS 1.1, and our
users will then have problems downloading extensions and upgrades from
within OpenOffice.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message