SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001883: update openssl to a more recent version - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001883Endian FirewallSecuritypublic2009-05-18 19:472011-09-25 01:18
mike-f 
 
normalfeaturehave not tried
confirmedopen 
2.2-rc3 
2.5 
0001883: update openssl to a more recent version
as the current version of the installed openssl-binary is tagged 0.9.7a we should take a look on the following advisories from the openssl-team

http://www.openssl.org/news/vulnerabilities.html [^]

maybe we need to backport some parts to cover some issues?
current RH-version is (backported to) 0.9.8e-7
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-7.el5.src.rpm [^]
No tags attached.
related to 0001872acknowledged peter-endian update openssl-CFLAGS to increase speed 
related to 0001796closed peter-endian SSL should use SHA1 instead of MD5 
Issue History
2009-05-18 19:47mike-fNew Issue
2009-05-18 19:51mike-fNote Added: 0002358
2009-05-19 07:33luca-endianRelationship addedrelated to 0001872
2009-05-19 07:33luca-endianRelationship addedrelated to 0001796
2009-05-21 18:44peter-endianNote Added: 0002373
2009-05-21 18:45peter-endianSeverityminor => feature
2009-05-21 18:45peter-endianTarget Version => future
2010-09-20 18:01peter-endianTarget Versionfuture => 2.5
2010-09-20 18:01peter-endianStatusnew => confirmed
2011-04-23 17:31vedatkamerNote Added: 0006151
2011-09-25 01:18michaelurayNote Added: 0007442
2011-09-25 01:36michaelurayNote Edited: 0007442

Notes
(0002358)
mike-f   
2009-05-18 19:51   
plz link the following id's

1796
1872
maybe: 1797
(0002373)
peter-endian   
2009-05-21 18:44   
tried it.
openssl from RH*L5 is new enough. (0.9.8e)
it requires fipscheck to be packaged, which requires openssl 0.9.8e with fips support.
afterwards the following packages need a rebuild:

python
neon
curl
ntp
apache
python-curl
postfix
rpm
postgresql
openssh
cyrus-sasl


i think we will not do this right now. maybe after 2.3
(0006151)
vedatkamer   
2011-04-23 17:31   
openssl 1.0+ would be so useful for TSA.
(0007442)
michaeluray   
2011-09-25 01:18   
(edited on: 2011-09-25 01:36)
openssl 0.9.8 or > would be great to use sha-256.
Is there actually a way to update openssl on a Endian Firewall 2.4.1?