OpenSSL libraries not up-to-date

Ideas for improvements and requests for new features in XnView Classic

Moderators: XnTriq, xnview

Post Reply
User avatar
omniplex
Posts: 127
Joined: Thu Feb 10, 2011 1:52 pm
Location: Hamburg
Contact:

OpenSSL libraries not up-to-date

Post by omniplex » Sun Jun 21, 2015 3:22 am

Hi, I'm not sure where to post this: Apparently the XnView 2.33 addons contain OpenSSL 1.0.0.15 libraries built in October, 2014. With a = 1, b = 2, etc. that corresponds to OpenSSL 1.0.0o (lower case O = 15). As of June, 2015 the recommended 1.0.0? version is 1.0.0s (s = 19). There are also 1.0.1? and 1.0.2? branches, but I can't tell what the difference is. Sooner or later software like Secunia PSI will scream havoc if it finds older OpenSSL libraries.

User avatar
xnview
Author of XnView
Posts: 32055
Joined: Mon Oct 13, 2003 7:31 am
Location: France
Contact:

Re: OpenSSL

Post by xnview » Mon Jun 22, 2015 7:47 am

right i'll update it
Pierre.

User avatar
omniplex
Posts: 127
Joined: Thu Feb 10, 2011 1:52 pm
Location: Hamburg
Contact:

Re: OpenSSL

Post by omniplex » Thu Jul 09, 2015 11:16 pm

xnview wrote:right i'll update it
Thanks, state of the art as of today is 1.0.1p :bugfixed: There's no new 1.0.0? on their site, maybe 1.0.0s is not affected by this 1.0.1/1.0.2 bug.

User avatar
omniplex
Posts: 127
Joined: Thu Feb 10, 2011 1:52 pm
Location: Hamburg
Contact:

Re: OpenSSL

Post by omniplex » Mon May 16, 2016 12:05 pm

Update, the actual versions as of May 3, 2016, are 1.0.2h or 1.0.1t, respectively. The 0.9.8 and 1.0.0 branches are dead, cf. OpenSSL Security Advisory [3rd May 2016].

XnView 2.36 apparently uses 1.0.2c ("1.0.2.3", June 2015). Oddly their May 2016 advisory talks about 1.0.2c, but I guess they mean 1.0.2h (that would be "1.0.2.8", May 2016).

Post Reply