[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: openssl updates

From: Florin Andrei <florin andrei myip org>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: openssl updates
Date: Sat, 30 Sep 2006 10:47:34 -0700

On Fri, 2006-09-29 at 15:08 -0400, Matthew Miller wrote:
> Anything?

>From Thomas Mraz (quoted without asking for permission but hopefully
that's ok):

> I'd like to generate updated OpenSSL RPM packages for Fedora 4 and
> hopefully post it to Fedora Legacy but the problem is - I'm looking at
> the most recent OpenSSL src.rpm for FC4 and there's a ton of Source*
and
> Patch* stuff that doesn't make a lot of sense.
> 
> Could you at least give me a quick rundown of what each Source and
Patch
> bit is supposed to do?

That would take some time to make this rundown. The correct way to patch
the recent openssl CVEs is to add the patches from RHEL4 srpm (however
the current CVE-2006-2940 patch is broken because the 'goto err;' in
dh_key patch must be replaced with 'return -1;'). I didn't try to apply
the RHEL4 patches to FC4 openssl version so maybe a small adjustments
may be necessary.

> Of course, I could always just generate a package from a plain vanilla
> openssl-0.9.7l.tar.gz but perhaps that will break a few things that
the
> original Fedora package is doing.

That wouldn't work at all.

-- 
Florin Andrei

http://florin.myip.org/

Follow-Ups:
- Re: openssl updates
  - From: Michal Jaegermann

References:
- openssl updates
  - From: Matthew Miller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]