OpenSSL version 0.9.7f released ========================================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7f of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release and incorporates changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES ). The most significant changes are: o Several compilation issues fixed. o Many memory allocation failure checks added. o Improved comparison of X509 Name type. o Mandatory basic checks on certificates. o Performance improvements. We consider OpenSSL 0.9.7f to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7f is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.7f.tar.gz MD5 checksum: b2d37d7eb8a5a5040d834105d5ae1a50 Reproducible: Always Steps to Reproduce: 1. 2. 3.
OpenSSL version 0.9.7g released ========================================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7g of our open source toolkit for SSL/TLS. This new OpenSSL version is mainly a bugfix release and incorporates changes and bugfixes to the toolkit, but is also contains the new processing of proxy certificates (RFC 3820). For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES . The most significant changes are: o More compilation issues fixed. o Adaptation to more modern Kerberos API. o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. o Enhanced x86_64 assembler BIGNUM module. o More constification. o Added processing of proxy certificates (RFC 3820). We consider OpenSSL 0.9.7g to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7g is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.7g.tar.gz MD5 checksum: 991615f73338a571b6a1be7d74906934 SHA1 checksum: 008511ec9f0bcda4a431c3f0a0827e535b8c5c93
now in portage but marked KEYWORDS=-* since its causing segfaults with ssh
Hi, SpanKY yould you maybe tell how you caused that ssh-segfault? I upgraded openssl to version 0.9.7g and I cannot reproduce this behaviour with openssh-4.0_p1-r1 on my ~x86 testmachine. # emerge --info Portage 2.0.51.20-r5 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20050125-r1, 2.6.11.7-ac6-mh2 i686) ================================================================= System uname: 2.6.11.7-ac6-mh2 i686 AMD Athlon(tm) XP 3000+ Gentoo Base System version 1.6.11 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.3 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -mcpu=athlon-xp -O3 -pipe -frename-registers" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /home /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/X11/gdm /etc/gconf /etc/gnome /etc/gnome-vfs-2.0 /etc/init.d /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -mcpu=athlon-xp -O3 -pipe -frename-registers" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror ftp://ftp.tu-clausthal.de/pub/linux/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LINGUAS="de" PKGDIR="/home/portage/packages" PORTAGE_TMPDIR="/home/portage/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://192.168.0.254/gentoo-portage" USE="x86 3dnow X acpi alsa apm avi berkdb bitmap-fonts cdparanoia cdr crypt cups curl divx4linux dvd emboss encode fam flac foomaticdb gd gdbm gif gpg gtk gtk2imagemagick imlib java jpeg kde libg++ libwww mad mikmod mmx motif mozilla mp3 mpeg ncurses nls nptl ogg oggvorbis opengl oss pam pdflib perl png python qt quicktime readline samba sdl slang speex spell sse ssl svg svga tiff truetype truetype-fonts type1-fonts vorbis xml xml2 xmms xprint xv xvid zlib linguas_de userland_GNU kernel_linux libc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, MAKEOPTS # equery -C l openssh [ Searching for package 'openssh' in all categories among: ] * installed packages [I--] [ ] net-misc/openssh-4.0_p1-r1 (0) # equery -C l openssl [ Searching for package 'openssl' in all categories among: ] * installed packages [I--] [ ] dev-libs/openssl-0.9.7g (0) Poly
i'm on amd64 ... simply emerging it with CFLAGS of '-O2 -pipe -march=k8' and gcc-3.4.3-20050110 triggered it for me ... it could just be an amd64-specific issue ... i'll e-mail gentoo-dev and ask for a bunch of random testers
Hi, SpanKY i rechecked this with another ~x86 machine here using gcc-3.4.3.20050110-r2 and CFLAGS="-march=pentium4 -mtune=pentium4 -O3 -pipe -fexpensive-optimizations -frename-registers". (I know that some flags are redundant) No problems so far with openssh-4.0_p1-r1. Poly
ok, turns out it was an amd64/ia64 specific ABI breakage ive fixed up amd64 in portage and unmasked for most arches ... ia64 still needs to be tracked down though ... thanks to Daniel Gryniewicz for tracking this down
it crashes for me at the start - error with glibc: * Applying openssl-0.9.7e-gentoo.patch ... [ ok ] * Applying openssl-0.9.7-hppa-fix-detection.patch ... [ ok ] * Applying openssl-0.9.7-alpha-default-gcc.patch ... [ ok ] * Applying openssl-0.9.7g-no-fips.patch ... [ ok ] * Applying openssl-0.9.7g-ptr-casting.patch ... [ ok ] * Applying openssl-0.9.7g-mem-clr-ptr-cast.patch ... [ ok ] * Applying openssl-0.9.7g-ABI-compat.patch ... [ ok ] >>> Source unpacked. *** glibc detected *** free(): invalid next size (fast): 0xbfff4ab0 *** /usr/portage/dev-libs/openssl/openssl-0.9.7g.ebuild: line 82: 9530 Aborted ./${config} ${sslout} ${confopts} --prefix=/usr --openssldir=/etc/ssl shared threads !!! ERROR: dev-libs/openssl-0.9.7g failed. !!! Function src_compile, Line 100, Exitcode 134 !!! Configure failed !!! If you need support, post the topmost build error, NOT this status message. my emerge info: [/home/rane]# emerge info Portage 2.0.51.21-r1 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.5-r0, 2.6.11-gentoo-r7 i686) ================================================================= System uname: 2.6.11-gentoo-r7 i686 AMD Athlon(tm) XP 2000+ Gentoo Base System version 1.6.11 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.6 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.11 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.zie.pg.gda.pl http://src.gentoo.pl http://gentoo.ynet.sk/pub" LANG="pl_PL" LC_ALL="pl_PL" LINGUAS="pl" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 3dnow X aalib alsa apache2 apm audiofile avi berkdb bitmap-fonts cdr crypt cups curl dba dts emboss encode esd esound extras fam flac font-server foomaticdb fortran gd gdbm gif gpm gtk gtk2 imagemagick imlib innodb jabber java jpeg libg++ libwww mad maildir mbox mikmod mmx mmx2 motif mozilla mp3 mpeg mysql ncurses nls nptl nptlonly ogg oggvorbis opengl pam pdflib perl png ppds python qt quicktime readline sdl slang spell sse ssl svga tcltk tcpd tiff truetype truetype-fonts type1-fonts usb vorbis xml xml2 xmms xv xvid zlib linguas_pl userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS any ideas how to fix that thing?
i'm 99% sure that has nothing to do with openssl
anyways, in portage
