OpenSSL 1.0.1k, 1.0.0p and 0.9.8zd

Eight security fixes have been included in the release from January 8th, 2015. All are of low or medium risk: http://openssl.org/news/secadv_20150108.txt

Direct Link for precompiled 1.0.1k DLLs:
http://indy.fulgan.com/SSL/openssl-1.0.1k-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-1.0.1k-x64_86-win64.zip

I needed to fix the build process manually, as described here:
https://github.com/openssl/openssl/issues/209
https://github.com/openssl/openssl/commit/56cd7404499669a32126b5fee2ff75a97fea43f7

As the build process is currently broken for versions 0.9.8 and 1.0.0 too, the updates to 0.9.8zd and 1.0.1p are delayed. Issue reported here: https://github.com/openssl/openssl/issues/210. Let me know if 0.9.8 or 1.0.0 branch is urgently required. Otherwise I am likely going to skip those releases and continue with future updates as usual.

Build working again, here are the direct links for the versions 1.0.0p and 0.9.8zd:
http://indy.fulgan.com/SSL/openssl-1.0.0p-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-1.0.0p-x64_86-win64.zip
http://indy.fulgan.com/SSL/openssl-0.9.8zd-i386-win32.zip
http://indy.fulgan.com/SSL/openssl-0.9.8zd-x64_86-win64.zip

As a note, The OpenSSL Team recently published an End of Life Announcement for the 0.9.8 branch:

“The OpenSSL Project is today making the following announcement:
Support for version 0.9.8 will cease on 31st December 2015.
No further releases of 0.9.8 will be made after that date. Security fixes only
will be applied to 0.9.8 until then.

So, please take the appropriate steps to upgrade to newer branches, either 1.0.0 or 1.0.1 (recommended).

Cheers,
Frederik

Advertisements