[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Openssl on old OSX [was Tor and Openssl bug CVE-2014-0160]


On Tue, Apr 8, 2014, at 11:37 PM, Andreas Krey wrote:
> On Tue, 08 Apr 2014 22:06:31 +0000, Geoff Down wrote:
> > 
> ...
> > /library/tor/bin/tor:
> >         /opt/local/lib/libz.1.dylib (compatibility version 1.0.0,
> >         current version 1.2.5)
> >         /opt/local/lib/libevent-2.0.5.dylib (compatibility version
> >         7.0.0, current version 7.4.0)
> >         /opt/local/lib/libssl.1.0.0.dylib (compatibility version 1.0.0,
> >         current version 1.0.0)
> >         /opt/local/lib/libcrypto.1.0.0.dylib (compatibility version
> >         1.0.0, current version 1.0.0)
> >         /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
> >         version 88.1.12)
> > 
> > libssl==openssl? If so, not vulnerable
> 
> Yes, and yes.
> 

otool gives the same results after recompiling with openssl 1.0.1g - tor
is definitely using the new version though. Just curious why otool says
that - as does the file listing:
Apr 11 02:47 /opt/local/lib/libssl.1.0.0.dylib

GD
 

-- 
http://www.fastmail.fm - Send your email first class

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk