rvk 33 Posted September 19, 2023 20 minutes ago, Remy Lebeau said: OK, well... The fulgan mirror has been decommissioned for some time now, the GitHub repo is the official spot now. Why is the date of the files on Fulgan updated each night? Also, there seem to be trickling new versions in there occasionally. Maybe a readme file there pointing to the new official spot (or at least stating it is decommissioned) would make that more clear. Share this post Link to post
Remy Lebeau 1393 Posted September 19, 2023 (edited) 23 minutes ago, rvk said: Why is the date of the files on Fulgan updated each night? I don't know, I thought they were done maintaining a copy, but I guess not. 23 minutes ago, rvk said: Maybe a readme file there pointing to the new official spot (or at least stating it is decommissioned) would make that more clear. The readme on that mirror says: Quote As of January 2020, the Indz source code is not available from this mirror anymore: The indy source control system has been migrated to github. There is therefore no need for extra tools in order to download the latest snapshot. All source code can be accessed from https://github.com/IndySockets The Indy SSL libraries will remain here for the time being. Edited September 19, 2023 by Remy Lebeau Share this post Link to post
rvk 33 Posted September 19, 2023 10 minutes ago, Remy Lebeau said: The readme on that mirror says: Wait... did I really overlook that file... Aaaargh. Yes, it's in the root. Share this post Link to post
Stompie 2 Posted October 10, 2023 (edited) So it turns out that the 64 bit 1.0.2u binaries from downloaded from https://github.com/IndySockets/OpenSSL-Binaries/ also do not work on a blank Windows Server 2016 installation. As soon as the latest version of "Microsoft Visual C++ Redistributable" (for Visual Studio 2015, 2017, 2019, and 2022) is installed on the server, they work again. Edit: It seems to look for "vcruntime140.dll" Of which a 32bit version is availble in "C:\Windows\SysWOW64\vcruntime140.dll" But a 64bit versions is not found. Edited October 10, 2023 by Stompie Share this post Link to post
DelphiUdIT 176 Posted February 29 (edited) I (can) have the OpenSSL binary for Windows 64 bit and Linux 64 bit, version "1.0.2zi" of 20/09/2023. Only two CVE is missing ad this time ( CVE-2024-0727 and CVE-2023-6237 refer to: https://www.openssl.org/news/vulnerabilities.html ) and they are classified low severity. With this release everyone use Indy are updated with security, waiting for the Indy 11. OpenSSL 1.0.2zi remediates the following CVE's: CVE-2023-3817 CVE-2023-3446 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4304 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778 CVE-2021-4160 CVE-2021-3712 CVE-2021-23841 CVE-2021-23840 CVE-2021-23839 CVE-2020-1971 CVE-2020-1968 CVE-2019-1551 CVE-2019-1563 CVE-2019-1547 CVE-2019-1552 CVE-2019-1559 I don't know if I can share those library, since OpenSSL nothing say about binary license ... may be @Remy Lebeau can suggest if i can post them here. Remy can post also the libraries in the Indy official repo. Edited February 29 by DelphiUdIT Share this post Link to post
Angus Robertson 574 Posted February 29 OpenSSL "1.0.2zi" is not a free public release, it is only available to organisations that pay OpenSSL for premium level support, which costs $50,000 per year. I'd guess there is a support contract involved that prevents such software being distributed outside those organisations. So it should not be published. Angus 1 1 Share this post Link to post
DelphiUdIT 176 Posted February 29 2 minutes ago, Angus Robertson said: OpenSSL "1.0.2zi" is not a free public release, it is only available to organisations that pay OpenSSL for premium level support, which costs $50,000 per year. I'd guess there is a support contract involved that prevents such software being distributed outside those organisations. So it should not be published. Angus Thanks very much. I knew that the source is not public available, but I was hoping the DLLs could be distributed. Share this post Link to post