Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Linux: because a PC is a terrible thing to waste -- ksh@cis.ufl.edu put this on Tshirts in '93


computers / comp.sys.tandem / ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available

SubjectAuthor
* ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 AvailableRandall
`* Re: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 AvailableRandall
 `- Re: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 AvailableRandall

1
ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available

<f2274207-4f8f-4111-833b-a2f10365c981n@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=748&group=comp.sys.tandem#748

 copy link   Newsgroups: comp.sys.tandem
X-Received: by 2002:a05:620a:482:b0:777:72d3:21ac with SMTP id 2-20020a05620a048200b0077772d321acmr294165qkr.14.1698255736792;
Wed, 25 Oct 2023 10:42:16 -0700 (PDT)
X-Received: by 2002:a9d:57c6:0:b0:6b9:cf90:87a6 with SMTP id
q6-20020a9d57c6000000b006b9cf9087a6mr4681756oti.1.1698255736467; Wed, 25 Oct
2023 10:42:16 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Wed, 25 Oct 2023 10:42:16 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3fa9:4200:207e:91f9:fab3:4a25;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3fa9:4200:207e:91f9:fab3:4a25
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f2274207-4f8f-4111-833b-a2f10365c981n@googlegroups.com>
Subject: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available
From: rsbec...@nexbridge.com (Randall)
Injection-Date: Wed, 25 Oct 2023 17:42:16 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 2188
 by: Randall - Wed, 25 Oct 2023 17:42 UTC

The latest patches for the OpenSSL 3.0.x and 3.1.x series are now available on the ITUGLIB website. Release notes are available at https://www.openssl..org/news/openssl-3.0-notes.html and https://www.openssl.org/news/openssl-3..1-notes.html.

Both releases contain fixes for CVE-2023-5363 (Moderate) - Incorrect cipher key & IV length processing described in the release notes.

The 3.2 series is still in alpha state. If you are interested in testing with this series, please let ITUGLIB know here. This series is not binary compatible with the 3.0.x and 3.1.x series, so you will need to recompile your code to use it. At present, we are not planning to release a 3.2 build until it reaches beta state.

The 1.1.1 and 1.0.2 series are no longer under official support, and do not receive security updates, so you should move off those releases. If you cannot move off those releases, please contact me to facilitate fee-based premium support from OpenSSL to obtain patched builds.

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Re: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available

<d8d4cc87-16c3-4ccd-b349-690723e8564an@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=749&group=comp.sys.tandem#749

 copy link   Newsgroups: comp.sys.tandem
X-Received: by 2002:ac8:46ca:0:b0:41b:8135:c441 with SMTP id h10-20020ac846ca000000b0041b8135c441mr295840qto.12.1698268638360;
Wed, 25 Oct 2023 14:17:18 -0700 (PDT)
X-Received: by 2002:a05:6870:548e:b0:1e9:fbf0:3cdc with SMTP id
f14-20020a056870548e00b001e9fbf03cdcmr7588885oan.4.1698268638113; Wed, 25 Oct
2023 14:17:18 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!border-2.nntp.ord.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Wed, 25 Oct 2023 14:17:17 -0700 (PDT)
In-Reply-To: <f2274207-4f8f-4111-833b-a2f10365c981n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3fa9:4200:896d:de96:f0f0:d9f3;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3fa9:4200:896d:de96:f0f0:d9f3
References: <f2274207-4f8f-4111-833b-a2f10365c981n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d8d4cc87-16c3-4ccd-b349-690723e8564an@googlegroups.com>
Subject: Re: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available
From: rsbec...@nexbridge.com (Randall)
Injection-Date: Wed, 25 Oct 2023 21:17:18 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 27
 by: Randall - Wed, 25 Oct 2023 21:17 UTC

On Wednesday, October 25, 2023 at 1:42:17 p.m. UTC-4, Randall wrote:
> The latest patches for the OpenSSL 3.0.x and 3.1.x series are now available on the ITUGLIB website. Release notes are available at https://www.openssl.org/news/openssl-3.0-notes.html and https://www.openssl.org/news/openssl-3.1-notes.html.
>
> Both releases contain fixes for CVE-2023-5363 (Moderate) - Incorrect cipher key & IV length processing described in the release notes.
>
> The 3.2 series is still in alpha state. If you are interested in testing with this series, please let ITUGLIB know here. This series is not binary compatible with the 3.0.x and 3.1.x series, so you will need to recompile your code to use it. At present, we are not planning to release a 3.2 build until it reaches beta state.
>
> The 1.1.1 and 1.0.2 series are no longer under official support, and do not receive security updates, so you should move off those releases. If you cannot move off those releases, please contact me to facilitate fee-based premium support from OpenSSL to obtain patched builds.
>
> Regards,
> Randall Becker
> On Behalf of the ITUGLIB Technical Committee

Please be aware that 3.0.12 has already had reports of breakage in the pkcs11 engine and with coreutils prngd. Please let ITUGLIB know here if you encounter any problems.

Re: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available

<626119ad-fb9e-43c7-8f09-c16654b01f5dn@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=750&group=comp.sys.tandem#750

 copy link   Newsgroups: comp.sys.tandem
X-Received: by 2002:a05:6214:5a07:b0:66c:eec1:4be4 with SMTP id lu7-20020a0562145a0700b0066ceec14be4mr340087qvb.3.1698269962767;
Wed, 25 Oct 2023 14:39:22 -0700 (PDT)
X-Received: by 2002:a25:d753:0:b0:d9a:556d:5f8a with SMTP id
o80-20020a25d753000000b00d9a556d5f8amr292211ybg.12.1698269962534; Wed, 25 Oct
2023 14:39:22 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!border-2.nntp.ord.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Wed, 25 Oct 2023 14:39:22 -0700 (PDT)
In-Reply-To: <d8d4cc87-16c3-4ccd-b349-690723e8564an@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3fa9:4200:896d:de96:f0f0:d9f3;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3fa9:4200:896d:de96:f0f0:d9f3
References: <f2274207-4f8f-4111-833b-a2f10365c981n@googlegroups.com> <d8d4cc87-16c3-4ccd-b349-690723e8564an@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <626119ad-fb9e-43c7-8f09-c16654b01f5dn@googlegroups.com>
Subject: Re: ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available
From: rsbec...@nexbridge.com (Randall)
Injection-Date: Wed, 25 Oct 2023 21:39:22 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 32
 by: Randall - Wed, 25 Oct 2023 21:39 UTC

On Wednesday, October 25, 2023 at 5:17:19 p.m. UTC-4, Randall wrote:
> On Wednesday, October 25, 2023 at 1:42:17 p.m. UTC-4, Randall wrote:
> > The latest patches for the OpenSSL 3.0.x and 3.1.x series are now available on the ITUGLIB website. Release notes are available at https://www.openssl.org/news/openssl-3.0-notes.html and https://www.openssl.org/news/openssl-3.1-notes.html.
> >
> > Both releases contain fixes for CVE-2023-5363 (Moderate) - Incorrect cipher key & IV length processing described in the release notes.
> >
> > The 3.2 series is still in alpha state. If you are interested in testing with this series, please let ITUGLIB know here. This series is not binary compatible with the 3.0.x and 3.1.x series, so you will need to recompile your code to use it. At present, we are not planning to release a 3.2 build until it reaches beta state.
> >
> > The 1.1.1 and 1.0.2 series are no longer under official support, and do not receive security updates, so you should move off those releases. If you cannot move off those releases, please contact me to facilitate fee-based premium support from OpenSSL to obtain patched builds.
> >
> > Regards,
> > Randall Becker
> > On Behalf of the ITUGLIB Technical Committee
> Please be aware that 3.0.12 has already had reports of breakage in the pkcs11 engine and with coreutils prngd. Please let ITUGLIB know here if you encounter any problems.

Update: The pkcs11 engine issue appears to relates to atexit() processing, which I dealt with on NonStop a while ago, and memory leaks (which have no real impact after a process exits), so we appear to be safe for now.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor