Created attachment 153891 [details]
svn diff for security/john
John the Ripper uses deprecated des_ methods and types that were marked deprecated by OpenSSL 0.9.7 and will be removed in OpenSSL 1.1.0 . This patch replaces the des_ methods and types with their new DES_ counterparts.
Emailed the john-dev mailinglist http://www.openwall.com/lists/john-dev/2015/03/ (moderated?)
Response from upstream:
It'll be part of the next release.
Thank you, Bernard!
On Sat, Mar 07, 2015 at 12:51:32AM +0100, magnum wrote:
I had no idea there was any such problem. I will gladly commit your
patches but I'm hoping someone else will agree before I do. Does anyone
see any problem with committing this? I take it we'll still support at
least OpenSSL 0.9.7 so I see no problem.
I agree this should be committed, and we should test-build on a few
systems with different OpenSSL versions.
There were many more instances of the deprecated des_old identifiers
in JtR formats contributed over a decade ago, which we've updated years
ago - but apparently a few remained. And keychain_fmt_plug.c is a
fairly recent addition, so apparently it was written that way recently.
A commit references this bug:
Date: Mon Mar 30 03:04:26 UTC 2015
New revision: 382632
Replace methods and types that were marked deprecated by OpenSSL 0.9.7
and will be removed in OpenSSL 1.1.0.
PR: 198348, 198352
Submitted by: Bernard Spil
Committed as part of revision ports r382632, thanks!