Created attachment 153891 [details] svn diff for security/john John the Ripper uses deprecated des_ methods and types that were marked deprecated by OpenSSL 0.9.7 and will be removed in OpenSSL 1.1.0 . This patch replaces the des_ methods and types with their new DES_ counterparts. Emailed the john-dev mailinglist http://www.openwall.com/lists/john-dev/2015/03/ (moderated?)
Response from upstream: http://www.openwall.com/lists/john-dev/2015/03/06/8 It'll be part of the next release. Thank you, Bernard! On Sat, Mar 07, 2015 at 12:51:32AM +0100, magnum wrote: I had no idea there was any such problem. I will gladly commit your patches but I'm hoping someone else will agree before I do. Does anyone see any problem with committing this? I take it we'll still support at least OpenSSL 0.9.7 so I see no problem. I agree this should be committed, and we should test-build on a few systems with different OpenSSL versions. There were many more instances of the deprecated des_old identifiers in JtR formats contributed over a decade ago, which we've updated years ago - but apparently a few remained. And keychain_fmt_plug.c is a fairly recent addition, so apparently it was written that way recently. Alexander
A commit references this bug: Author: danfe Date: Mon Mar 30 03:04:26 UTC 2015 New revision: 382632 URL: https://svnweb.freebsd.org/changeset/ports/382632 Log: Replace methods and types that were marked deprecated by OpenSSL 0.9.7 and will be removed in OpenSSL 1.1.0. PR: 198348, 198352 Submitted by: Bernard Spil Changes: head/security/john/Makefile head/security/ophcrack/files/ head/security/ophcrack/files/patch-src_lmtable.c head/security/ophcrack/files/patch-src_samdump2_samdump2.c
Committed as part of revision ports 382632, thanks!