In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 16:18:07
PDT, Matt Piotrowski [EMAIL PROTECTED] said:
matt.piotrowski num could point to a value out of that range if it
matt.piotrowski is not initialized before the first call to
matt.piotrowski AES_ctr128_encrypt(). The fix for this is to
On Tue Jul 30, 2002 at 02:42:12PM -0300, Ademar de Souza Reis Jr. wrote:
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and
I'm having trouble building openssl-0.9.6e under Irix 6.5.
I've tried building on two different machines and I've tried using
the most recent snapshot.
I've added the following line to the Makefile:
irix-mips3-cc-uiuc,cc:-mips3 -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
The output of 'make report' speaks for itself:
OpenSSL self-test report:
OpenSSL version: 0.9.6e
Last change: Fix cipher selection routines: ciphers without encrypti...
OS (uname): Darwin infiniverse.dyndns.org 5.5 Darwin Kernel Version 5.5: Thu May
30 14:51:26 PDT 2002;
The 0.9.6e Makefile installs shared libraries using cp:
if [ $(PLATFORM) != Cygwin ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
Unfortunately 0.9.6e gives the shared libary the same name as
On Tue, Jul 30, 2002 at 10:38:43PM +0200, Richard Levitte - VMS Whacker via RT wrote:
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 19:36:18
+0200 (METDST), Lutz Jaenicke via RT [EMAIL PROTECTED] said:
rt Shall we disable the crypt() function for more platforms, maybe
rt even all
Hi,
I tried to compile the latest version of openssl-0.9.6e on Windows 2000
using Microsoft Visual C++ 6.0 and it failed to link the ssleay32.dll.
This is happening because cryptlib.obj isn't getting linked in. I added the
symbol to the SSLOBJ definition in ms\ntdll.mak.
The diff for the fix
On Tue, Jul 30, 2002 at 10:49:19AM -0700, Kim, Peter wrote:
Will there be a patch for even older version such as 0.9.3?
No. 0.9.3 is completely outdated and we don't see any sense in spending
time to backport to these versions.
Best regards,
Lutz
--
Lutz Jaenicke
[[EMAIL PROTECTED] - Wed Jul 31 09:35:46 2002]:
When I type ./config under HP-UX 10.20 I get the message
./config[398]: test: Specify a parameter with this command.
The problem occurs with version 0.9.6e, not with earlier versions.
This problem is due to the handling of gcc-3.1 support
In message [EMAIL PROTECTED] on Wed, 31 Jul 2002 09:23:03
+0200 (METDST), Richard Reed via RT [EMAIL PROTECTED] said:
rt The output of 'make report' speaks for itself:
The FAQ says the following:
* Why does the OpenSSL compilation fail on MacOS X?
If the failure happens when trying to
In message [EMAIL PROTECTED] on Wed, 31 Jul 2002 09:23:03
+0200 (METDST), Richard Reed via RT [EMAIL PROTECTED] said:
rt The output of 'make report' speaks for itself:
The FAQ says the following:
* Why does the OpenSSL compilation fail on MacOS X?
If the failure happens when trying to
Lutz Jaenicke schrieb:
On Tue, Jul 30, 2002 at 09:35:40PM +0200, Götz Babin-Ebell wrote:
PLEASE: could these message be digitally signed ?
We will update our release procedures.
Fine...
(A signature file for the 0.9.7e beta would be nice...)
The signature file is available from the
Hi,
If I want the 'ca' application to move the e-mail address from the distinguished name
of a certificate request to the subject alternative name (using
'subjectAltName=email:move' in the config file) of the new certificate, the 'ca'
application still puts the DN from the request into its
Hello all,
I am using OpenSSH with OpenSSL(0.9.6d)
What is the impact of this OpenSSL vulnerability in openssh?
Anyone have answers.Please share.
Thanks
kumaresh.
__
OpenSSL Project
Hello,
The following things bug me in all of 0.9.6-0.9.8:
* Manual pages should be created before make install. Super users
don't like watching make install compile half the software.
They want it to be ready for swift installation.
* When linking the libraries, make sure that libssl finds
In message 00ef01c2388a$0ecaa8c0$390110ac@kovaiteam on Wed, 31 Jul 2002 17:29:32
+0530, kumar [EMAIL PROTECTED] said:
kumaresh_ind Hello all,
kumaresh_ind I am using OpenSSH with OpenSSL(0.9.6d)
kumaresh_ind What is the impact of this OpenSSL vulnerability in openssh?
kumaresh_ind Anyone have
I just took care of the last part of your request (which is a bug):
Hmm ... what else ... Ah ... I'm not sure if this really is a bug:
* The newest snapshot claims to be 0.9.8, but it installs files as
0.9.7.
--
Richard Levitte
[EMAIL PROTECTED]
I've no fixed the following items:
* Creating the links to the libraries fails on at least Solaris
regardless of the force flag:
installing libssl.so.0.9.6
+ ln -f -s libcrypto.so.0.9.6 libcrypto.so.0
ln: cannot create libcrypto.so.0: File exists
*** Error code 2
make: Fatal error:
Since Jeffrey has made such a good job analysing this, what are the
comments from everyone else? I'd like to be rid of OpenSSLdie() if
possible... I see no problem with the void-int conversion...
[[EMAIL PROTECTED] - Tue Jul 30 17:35:58 2002]:
That is fine. So the patches are out and
[guest - Wed Jul 17 20:55:19 2002]:
We submitted this patch back in the 0.9.6b time frame hoping to get it
included. Geoff Thorpe recomended that we put it in a RT entry.
This is a patch to support the IBM eServer Crypto Accelerator (not to
be confused with the 4758), it enables
OK.. Sorry about that.. my mailer may be slow as well
Thanks for the response
Steven A. Bade (Steve)
[EMAIL PROTECTED] or [EMAIL PROTECTED]
Senior Software Craftsman
IBM LTC Network Security
Phone (512)838-4799 (T/L 678)
Lutz Jaenicke via RT [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
On Wed, 31 Jul 2002, Jon Peatfield wrote:
Looking through the rest of the 0.9.6e patch I can't see any other
cases where realloc() is called like this but I might well have missed
some. I'm hoping that someone who understands the code better will
confirm/check this.
Might it not be better
True, but I didn't want to alter code far away from where the recent
bugfix was in case I broke something. If a release does it that way
instead I'd be happy (and it might save someone from making a similar
assumption about realloc() elsewhere). Given that the only sunos4
machines I have are
Hi
We have found a strange and different behavior between OpenSSL 0.9.6d 9
May 2002 and OpenSSL 0.9.7-beta2 16 Jun 2002, working on Windows 2000.
We have a 2 level hierarchy of Cas, with 9 second level Cas, based on
openssl, with a Lotus Domino Interface, for managing all the lifecycle
of
Here's a patch that fixes the DETECT_GNU_LD code in Makefile.org when
building on a Sun box with GCC 2.95.2 and higher. Yes the timestamp
is a few months old, but the patch applies cleanly to
openssl-0.9.6e/Makefile.org Please let me know if this is not your
preferred
Lutz Jaenicke [EMAIL PROTECTED] writes:
OpenSSL version 0.9.6e released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of version
0.9.6e of our open source
26 matches
Mail list logo