On 8/28/07, Andrey <[EMAIL PROTECTED]> wrote: > On http://arg0.net/encfs i read a message: Warning: Do not use OpenSSL > 0.9.8e - it has a bug in its blowfish encryption handling which makes it > incompatible with past and future versions of OpenSSL. > Is it true? And what version I should use on my BLFS system? I want upgrade > my system and want as little as I can problems.
The mailing thread it links to has a commit that hasn't been released yet: http://cvs.openssl.org/chngview?cn=15978 Try this when building openssl-0.9.8e: sed -i 's/ctx.*key_len/ctx->key_len/' crypto/evp/evp_lib.c We should also probably be applying this: http://openssl.org/news/patch-CVE-2007-3108.txt -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
