OpenSSL version 1.1.1b published

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL version 1.1.1b published

openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


   OpenSSL version 1.1.1b released
   ===============================

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1b of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

        https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1b is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

     * https://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-1.1.1b.tar.gz
      Size: 8213737
      SHA1 checksum: e9710abf5e95c48ebf47991b10cbb48c09dae102
      SHA256 checksum: 5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b

   The checksums were calculated using the following commands:

    openssl sha1 openssl-1.1.1b.tar.gz
    openssl sha256 openssl-1.1.1b.tar.gz

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlx1SgkACgkQ2cTSbQ5g
RJEc5QgAoB+R93O6fi3QBaLM6zcZQWcq0y/c2fEo+tybClP4DfUudJij5cjlfzfN
W0srK+qq15PJPxbH02fUcUdIBHF5OdQv0XMIS5ueN1clvGTcvpqdmyvE7INqouFd
xUGbRzNw8hN4BY/skamuc1uxMXQUFx4ek2W12q4D/oCSOuPrS411uSev3pACLyK8
Bchcs/TLSreaz46ckRC+fiQ9jgBKjcA5q4pC/kIn+KGrfoRZz+no4cQlZS84NFgN
BbT4bn9mV1+f1PksSlBZ6r+YSeaFrXP/e0sfTuMGYiXUx+XPQ+uMHjiljAGuYYz3
Nr2GqL9nHLvJ5xMBJmJCes4zkd0J9g==
=Wh0M
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1b published

Thomas J. Hruska
On 2/26/2019 7:54 AM, OpenSSL wrote:
>     The distribution file name is:
>
>      o openssl-1.1.1b.tar.gz
>        Size: 8213737
>        SHA1 checksum: e9710abf5e95c48ebf47991b10cbb48c09dae102
>        SHA256 checksum: 5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b

Unlike previous releases, this tar-gzipped file contains a 52 byte file
called 'pax_global_header'.  The contents of the file contain a single
line of text:

52 comment=50eaac9f3337667259de725451f201e784599687

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
Reply | Threaded
Open this post in threaded view
|

AW: OpenSSL version 1.1.1b published

Dr. Matthias St. Pierre
Hi Thomas,

> Unlike previous releases, this tar-gzipped file contains a 52 byte file
> called 'pax_global_header'.  The contents of the file contain a single
> line of text:
>
> 52 comment=50eaac9f3337667259de725451f201e784599687

my extracted tarball does not contain this file. This seems to be a bug of the tar command which was fixed in 1.14.

https://lkml.org/lkml/2005/6/18/5
https://marc.info/?l=linux-kernel&m=111909182607985&w=2

HTH,
Matthias


Reply | Threaded
Open this post in threaded view
|

Re: AW: OpenSSL version 1.1.1b published

Thomas J. Hruska
On 2/26/2019 10:05 PM, Dr. Matthias St. Pierre wrote:

> Hi Thomas,
>
>> Unlike previous releases, this tar-gzipped file contains a 52 byte file
>> called 'pax_global_header'.  The contents of the file contain a single
>> line of text:
>>
>> 52 comment=50eaac9f3337667259de725451f201e784599687
>
> my extracted tarball does not contain this file. This seems to be a bug of the tar command which was fixed in 1.14.
>
> https://lkml.org/lkml/2005/6/18/5
> https://marc.info/?l=linux-kernel&m=111909182607985&w=2
>
> HTH,
> Matthias

Okay.  Certain versions of 7-Zip seem to be affected.  Just a FYI in
case anyone else brings it up on the list.

It's minor and didn't affect the extraction in any way other than being
an extra file.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
Reply | Threaded
Open this post in threaded view
|

Re: AW: OpenSSL version 1.1.1b published

Jan Ehrhardt
Thomas J. Hruska in gmane.comp.encryption.openssl.user (Tue, 26 Feb 2019
23:07:53 -0700):

>On 2/26/2019 10:05 PM, Dr. Matthias St. Pierre wrote:
>> Hi Thomas,
>>
>>> Unlike previous releases, this tar-gzipped file contains a 52 byte file
>>> called 'pax_global_header'.  The contents of the file contain a single
>>> line of text:
>>>
>>> 52 comment=50eaac9f3337667259de725451f201e784599687
>>
>> my extracted tarball does not contain this file. This seems to be a bug of the tar command which was fixed in 1.14.
>>
>> https://lkml.org/lkml/2005/6/18/5
>> https://marc.info/?l=linux-kernel&m=111909182607985&w=2
>>
>> HTH,
>> Matthias
>
>Okay.  Certain versions of 7-Zip seem to be affected.  Just a FYI in
>case anyone else brings it up on the list.

I ran into this using 7-Zip 18.05 (x64) on Windows, which is a fairly
recent version.
--
Jan

Reply | Threaded
Open this post in threaded view
|

Re: AW: OpenSSL version 1.1.1b published

Dr. Matthias St. Pierre

On 27.02.19 10:09, Jan Ehrhardt wrote:

> Thomas J. Hruska in gmane.comp.encryption.openssl.user (Tue, 26 Feb 2019
> 23:07:53 -0700):
>> On 2/26/2019 10:05 PM, Dr. Matthias St. Pierre wrote:
>>> Hi Thomas,
>>>
>>>> Unlike previous releases, this tar-gzipped file contains a 52 byte file
>>>> called 'pax_global_header'.  The contents of the file contain a single
>>>> line of text:
>>>>
>>>> 52 comment=50eaac9f3337667259de725451f201e784599687
>>> my extracted tarball does not contain this file. This seems to be a bug of the tar command which was fixed in 1.14.
>>>
>>> https://lkml.org/lkml/2005/6/18/5
>>> https://marc.info/?l=linux-kernel&m=111909182607985&w=2
>>>
>>> HTH,
>>> Matthias
>> Okay.  Certain versions of 7-Zip seem to be affected.  Just a FYI in
>> case anyone else brings it up on the list.
> I ran into this using 7-Zip 18.05 (x64) on Windows, which is a fairly
> recent version.

Thanks for the Updates about 7-Zip. But IMHO it is not really an issue, just a little 'manufacturing byproduct'.
As Linus wrote on the LKML mailing list: this file can safely be ignored/removed. Alternatively, you
can view it as a feature, because this file actually contains useful information: It's the id of the commit
from whose tree the tar file was created:

https://github.com/openssl/openssl/commit/50eaac9f3337667259de725451f201e784599687

If it really disturbs you, you might want to get in touch with the 7-Zip Developers on their SourceForge Forum.

https://sourceforge.net/p/sevenzip/discussion/search/?q=pax_global_header


Regards,
Matthias


Reply | Threaded
Open this post in threaded view
|

Re: AW: OpenSSL version 1.1.1b published

Jan Ehrhardt
Matthias St. Pierre in gmane.comp.encryption.openssl.user (Wed, 27 Feb
2019 13:00:55 +0100):
>
>On 27.02.19 10:09, Jan Ehrhardt wrote:
>> I ran into this using 7-Zip 18.05 (x64) on Windows, which is a fairly
>> recent version.
>
>Thanks for the Updates about 7-Zip. But IMHO it is not really an issue, just a little 'manufacturing byproduct'.

It does not bother me at all. I just ignored it. But Thomas was right in
observing that it was different from the previous releases: OpenSSL
1.1.1a did not create that file when it was extracted by the same 7-zip
version.
--
Jan

Reply | Threaded
Open this post in threaded view
|

Re: AW: OpenSSL version 1.1.1b published

Dr. Matthias St. Pierre
On 27.02.19 13:51, Jan Ehrhardt wrote:

> Matthias St. Pierre in gmane.comp.encryption.openssl.user (Wed, 27 Feb
> 2019 13:00:55 +0100):
>> On 27.02.19 10:09, Jan Ehrhardt wrote:
>>> I ran into this using 7-Zip 18.05 (x64) on Windows, which is a fairly
>>> recent version.
>> Thanks for the Updates about 7-Zip. But IMHO it is not really an issue, just a little 'manufacturing byproduct'.
> It does not bother me at all. I just ignored it. But Thomas was right in
> observing that it was different from the previous releases: OpenSSL
> 1.1.1a did not create that file when it was extracted by the same 7-zip
> version.

This change was introduced by https://github.com/openssl/openssl/pull/7692:

Previously, the tarballs were created using the `tar` command, while nowadays it's done
using `git archive`,  see util/mktar.sh:

     git archive --worktree-attributes --format=tar --prefix="$NAME/" -v HEAD \
         | gzip -9 > "$TARFILE.gz"


And it's git that adds this comment.

Matthias