Re: Need new psqlODBC release to update OpenSSL again

(2014/06/06 8:02), Michael Paquier wrote:
> On Fri, Jun 6, 2014 at 6:50 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>> On Thu, Jun 5, 2014 at 10:35 PM, Inoue, Hiroshi <inoue(at)tpf(dot)co(dot)jp> wrote:
>>>
>>> (2014/06/05 22:19), Heikki Linnakangas wrote:
>>>>
>>>> Hi,
>>>>
>>>> OpenSSL version 1.0.1h was released today, fixing several new
>>>> vulnerabilities. Looks like we need to make a new psqlODBC release again, to
>>>> get these fixed on Windows..
>>>
>>>
>>> Does this mean that we simply replace the ssl related dlls packaged in
>>> psqlodbc.msi
>>> and psqlodbc_x64.msi of the release 9.03.0300?
>>
>> You may also need to bump the version number in the MSI/MSM packages
>> to ensure the upgrade happens.
> Perhaps we should directly do a new release, commit 9e71e4d fixed as
> well a problem with connection closed when queries are sent.

Why are we forced new releases so often due to bugs of openssl
libraries? I'd like to reflect some changes for the next release
but it would take some time. In additon I've had little time to
test recent changes.

All package files at http://www.postgresql.org/ftp/odbc/versions
/msi(mm or dll) may contain old openssl dlls. If the dlls are so
risky, shoudn't we remove the package files?

Simply repackaging Windows 9.03.0300 version (or other versions as
well?) replacing openssl dlls by new ones is unfavorable?

regards,
Hiroshi Inoue

--
I am using the free version of SPAMfighter.
SPAMfighter has removed 10592 of my spam emails to date.
Get the free SPAMfighter here: http://www.spamfighter.com/len

Do you have a slow PC? Try a Free scan
http://www.spamfighter.com/SLOW-PCfighter?cid=sigen