I have added this is a SHOWSTOPPER patch for 2.4.x... I will try to find a system where the bug exists to test.
On Mar 12, 2014, at 11:17 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: > On 12.03.2014 14:55, Dr Stephen Henson wrote: >> On 12/03/2014 12:29, Rainer Jung wrote: >>> On 12.03.2014 11:37, Jim Jagielski wrote: >>>> At the very least, upgrading from 2.4.7 to 2.4.8 should not >>>> cause this much pain. I will let the vote run a bit more to >>>> gauge additional feedback, but my sense says that 2.4.8 >>>> will likely be revoked/dropped and 2.4.9 will be proposed >>>> which either (1) removes r1573360 or (2) fixes this bug. >>> >>> Agreed, if it were only about 1.0.1e vs. 1.0.1f it would be not that big >>> an issue but since all Major versions seem to show the behavior and >>> there's no easy workaround for 0.9.8 except upgrading to 1.x, I'd say we >>> should implement the workaround suggested by Steve. >>> >> >> Applied to trunk as r1576741. I've tried to keep the changes to the absolute >> minimum. >> >> I've tested OpenSSL 0.9.8y without this change and can reproduce the crash. >> It >> doesn't crash with this fix. > > OK, saw that message to late, functionaly equivalent with what I tried > (and you proposed). So agreed, this fixes it. > > Rainer
