@uma @kaleb_haugen "does not have any kind of upstream code" is not true. Every #BSD system includes *some* software in its base that's pulled from some other party. E.g. #FreeBSD has #OpenZFS, #Heimdal, #LLVM and #OpenSSL in its base, to name just a few.

But then, these aren't just "packaged", they're pulled into the single source repository from which the system is built and care is taken they integrate "perfectly".

ValueError: Invalid version. The only valid version for X509Req is 0 #openssl

https://askubuntu.com/q/1484634/612

PSA: Node.js 16 is going end-of-life in just over a week's time (September 11th - four months earlier than we'd normally do). This was done due to the upstream support dates for #openssl 1.1.1 ending. If you're using that version in production, please try and move up. Note that this will remove the ability to run on Ubuntu 18.04 due to the glibc version that later versions are build against: https://nodejs.org/en/blog/announcements/nodejs16-eol
#nodejs

Myth: #opensource software is build in developers spare time.

Fact: 87% of non-trivial commits to #openssl in the last 12 months were made by people employed to do so.

Great insights from the OpenSSL team 👍

Source: https://www.openssl.org/blog/blog/2023/07/17/who-writes-openssl/

「OpenSSL」は毎年4月と10月の定期アップデートに ～更新プロセスを見直し／次期バージョン「OpenSSL 3.2」は10月にリリース
https://forest.watch.impress.co.jp/docs/news/1526978.html
#forest_watch_impress #OpenSSL #脆弱性 #セキュリティ #その他 #インターネット #ネットワーク

If you're trying to update the #OpenSSL gem on #macOS for #TruffleRuby, you may need this to link with OpenSSLv3's #libssl library:

```bash
OPENSSL_PREFIX="$(brew --prefix openssl@3)" gem update openssl
```

Just replace "@3" with "@1.1" if you prefer OpenSSLv1.1 for whatever reason. Meanwhile, #CRuby still doesn't compile against v3 for me, but YMMV.

After ironing out the last bugs, cryptr is now fully functional. Encryption, decryption, multiple files and/or directories, gpg, openssl and cipher cascading. All with a simple uniform syntax:
cryptr $source(s) $destination
https://codeberg.org/oxo/tool/src/branch/main/cryptr
#linux #bash #script #tool #cryptr #gnupg #openssl #cascade

When will openSSL version > 3.0.2 be available in update centers #openssl

https://askubuntu.com/q/1483577/612

How should I tamper in Qt5 source code if I want to add back SSLv3 support in the libqt5network5 module? #64bit #ssl #openssl #g++ #qt5

https://askubuntu.com/q/1483524/612

Cryptr, an en- and decryption tool with optional cipher cascade has undergone a major upgrade. The syntax is more simple for the user and multiple files and folders are now supported.
https://codeberg.org/oxo/tool/src/branch/main/cryptr
#linux #bash #script #tool #cryptr #gnupg #openssl #cascade

Updating openssl 3.0.10 in ubuntu 22.04.03 #updates #openssl #vulnerability

https://askubuntu.com/q/1483080/612

@evilham It is, mostly (from my experience running -CURRENT just for test-building #FreeBSD #ports)

BUT: Its ABI is a moving target, which can be quite a hassle. Hit me recently when base #OpenSSL was updated to 3.x, but packages in the official repo were still trying to link some 1.x.

My recommendation would be: For a "daily driver", always go with -RELEASE unless there's indeed something in -CURRENT (like newer drivers) you absolutely need...

Today's achievement: We now have #OpenSSL (and #GNU coreutils built using it), plus grep, sed, awk, make, groff *and* man-db in #FreeBSD's #Linuxulator userland.

But there's a catch 😞 It doesn't build with #poudriere any more. Can be patched, and I guess I should soon look into getting this fixed...

For details, see here:
https://lists.freebsd.org/archives/freebsd-ports/2023-August/004286.html

Today's progress: #GNU #coreutils and glibc's localedata seem to work fine in #FreeBSD's #Linuxulator, in addition to bash.

Still, coreutils is not complete yet, it *should* used hash functions from #OpenSSL, so, time to port that for #Linux (tomorrow).

But as open source projects have learned the hard way, the fact that anyone *can* audit your widely used, high-stakes code doesn't mean that anyone *will*.

The #Heartbleed vulnerability in #OpenSSL was a wake-up call for the open source movement - a bug that endangered every secure webserver connection in the world, which had hidden in plain sight for years.

36/

@groff @micah while I agree that #Debian is a remarkable distribution that shows that community can do incredible things without direct corporate sponsorship, there are thousands who of non-distributions that are passion projects and are on a knives edge of going without a developer due to lack of funding. There are hundreds that are considered crucial. The heartbleed vulnerabilities with #openssl is a best example here. We need a better way of funding #opensource.

Alpine 3.15.10, 3.16.7, 3.17.5 and 3.18.3 released.

It contains fixes for openssl related CVEs:

- CVE-2023-2975
- CVE-2023-3446
- CVE-2023-3817

See: https://alpinelinux.org/posts/Alpine-3.15.10-3.16.7-3.17.5-3.18.3-released.html

#Alpine #AlpineLinux #cve #openssl

sudo apt upgrade message: The following packages have been kept back (...) #apt #libreoffice #openssl

https://askubuntu.com/q/1480860/612

Found a NULL pointer deref segfault in the openssl bindings by trying to generate X509 certificates using EC or DH keys.
https://bugs.ruby-lang.org/issues/19828
#ruby #openssl

@stefano #FreeBSD, mostly because I tried it, liked it, even started contributing to it quickly and never felt the need to look at a different one so far 🙈

I even use a customized build (leaving out things from base I don't use like e.g. sendmail or tcsh) and build all ports using #LibreSSL instead of #OpenSSL, both is perfectly supported (except for the occassional build issues of some ports with LibreSSL, which are most of the time an easy fix....)