Extension Development :: compile-3.3.5 issues



Doing:

Code Sample

strings /usr/lib/libssl.so.0.9.7 | grep -i OpenSSL


gives:

Code Sample

OpenSSLDie
OPENSSL_cleanse
SSLv2 part of OpenSSL 0.9.7b 10 Apr 2003
SSLv3 part of OpenSSL 0.9.7b 10 Apr 2003
SSLv2/3 compatibility part of OpenSSL 0.9.7b 10 Apr 2003
TLSv1 part of OpenSSL 0.9.7b 10 Apr 2003
OpenSSL 0.9.7b 10 Apr


Suggests (but hardly definitive) that Jason might be correct about 0.9.7b.
Also: try this on a newer dsl - I'm running an older release on this box.

Confirmed - from Lucky's useful post re ssh -V:

Quote
"OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9, SSH protocols 1.5/2.0, OpenSSL 0x0090702f."


The OpenSSL version identifier string is explained here:

http://bs2000.fujitsu-siemens.com/downloa....ER.html

OpenSSL 0x0090702f translates as:

Code Sample
OpenSSL Version 0.9.7b release


So there's the exact release, assuming Robert did in fact compile ssh against dsl's OpenSSL that is.

Quote
So there's the exact release, assuming Robert did in fact compile ssh against dsl's OpenSSL that is.

Or Debian, whichever version and/or update, if it came from their repository (which is possible -- I didn't look at the DSL changelog to see if or when it's been upgraded). Thanks for doing more homework on that.

Since I mentioned it in this thread, I'll try to make a .dsl of my upgrades of zlib+ssl+ssh (all in one .dsl would probably be most sensible) when I get a chance tomorrow morning or this week. All three have major security updates between the version DSL has and current.

They are important, but what about all other stuff that has had security updates (png, jpeg, FF, glibc, etc. etc.)? Just saying it might not be worth going for, as to be secure it would need a total overhaul.

original here.