Author Topic: openssl version (Read 11078 times)

Jason W · « **Reply #15 on:** February 27, 2010, 05:55:33 PM »

I am going to keep it as openssl-0.9.8m since it is good to know the patchlevel with openssl. Changing the dep files on any patchlevel update is not hard, though of course we normally keep version numbers out of extension names. I thought I had mentioned somewhere in the last few posts I was wanting to keep the "m" in the extension name but it looks like I didn't.

Kingdomcome · « **Reply #16 on:** February 27, 2010, 06:37:30 PM »

OpenSSH is very closely tied to OpenSSL, Im not sure how close or if there would be any problems, but I can rebuild once openSSL appears in the repo.

Jason W · « **Reply #17 on:** February 27, 2010, 07:57:38 PM »

It would be nice if you could rebuild openssh against the openssl-0.9.8m that is available in the above link so they can be uploaded both at once. That way we don't risk a partially broken openssh in the repo.

Kingdomcome · « **Reply #18 on:** February 27, 2010, 09:16:42 PM »

Sorry, I read right past that post originally. I have just submitted an openssh extension built against openssl-0.9.8m

Jason W · « **Reply #19 on:** February 27, 2010, 11:29:57 PM »

New openssl and openssh are uploaded, and dep files have been adjusted.

Refer to the dep file adjusting script in the Programming and Scripting section to adjust you existing
dep files to replace the openssl-0.9.8h entries with openssl-0.9.8m.

Jason W · « **Reply #20 on:** March 01, 2010, 11:20:42 AM »

Running Appsaudit and using the "Update Dependencies" function will fix your dep files in the tce directory and replace openssl-0.9.8h entries with openssl-0.9.8m. Then you can select the openssl-0.9.8h.tcz extension and select it for deletion as it will not be a listed dependency anymore. Then simply install openssl-0.9.8m.tcz and openssl-0.9.8m-dev.tcz to replace it. Installing openssl-0.9.8m could be done before updating the dep files without issue. And be sure to reboot after replacing the extensions.

That should do it, please ask if there is any trouble moving to the new openssl with an existing tce directory.

danielibarnes · « **Reply #21 on:** March 01, 2010, 01:06:16 PM »

Jason, maro, Kingdomecome:
Thanks for picking this up and making it available so quickly in a compatible way. I'll build lighttpd against it and submit it as soon as I can.

danielibarnes · « **Reply #22 on:** March 24, 2010, 01:08:56 PM »

FWIW 0.9.8n is out today.

Jason W · « **Reply #23 on:** March 24, 2010, 02:30:05 PM »

TC 3.0 would likely be a good time to update to a newer 0.9.8 as it is not totally seamless, a small number of apps will likely have issue.

maro · « **Reply #24 on:** March 28, 2010, 08:56:25 PM »

Thanks Jason for your quick action after the "curl investigation".

I noticed that there are now a few .dep files with two entries for 'openssl-0.9.8m.tcz'. Whilst this is completely harmless, it might be still a good idea to tidy things up. The .dep files are: hedgewars.tcz.dep, lyx.tcz.dep, and wpa_gui.tcz.dep

Furthermore I wonder how you plan to proceed with the "elimination" of '0.9.8k'. Whilst my analysis was triggered off by 'curl', the investigation involved all extensions depending on '0.9.8k'. I'm pretty sure that none of the remaining six extensions (i.e. dropbox, links, tshark, vsftpd-ssl, wireshark and x11vnc) will require '0.9.8k', as can be seen in the log files provided with the analysis.

Jason W · « **Reply #25 on:** March 28, 2010, 09:52:45 PM »

Dep files updated, thanks.

For those built against a certain ssl directory, it seems that if libs in that ssl directory are not found, it soes with the ones in $PATH.

Hopefully, openssl updates will not be frequent, and only in response from adequate pressure from the community.

Thanks for your help in it.

robc · « **Reply #26 on:** March 29, 2010, 01:43:37 AM »

Quote

Furthermore I wonder how you plan to proceed with the "elimination" of '0.9.8k'. Whilst my analysis was triggered off by 'curl', the investigation involved all extensions depending on '0.9.8k'. I'm pretty sure that none of the remaining six extensions (i.e. dropbox, links, tshark, vsftpd-ssl, wireshark and x11vnc) will require '0.9.8k', as can be seen in the log files provided with the analysis.

I have already updated x11vnc, I just need to package it up and submit it. I can probably get to wireshark/tshark and vsftpd tomorrow.

danielibarnes · « **Reply #27 on:** March 29, 2010, 02:08:13 PM »

Quote

Hopefully, openssl updates will not be frequent, and only in response from adequate pressure from the community.

What about vulnerabilities?

Jason W · « **Reply #28 on:** March 29, 2010, 02:58:48 PM »

Updating with each openssl release, especially when they are one month apart, is a lot of testing and adjusting existing dep files.

But the patch difference between the m and n version is small:

http://www.openssl.org/news/secadv_20100324.txt

For the sake of existing dep files and all that, I can apply the patch to the m version so the extension name remains the same. I don't think there should be breakage with the patch applied, and in effect we will then have version n.

robc · « **Reply #29 on:** March 29, 2010, 05:29:31 PM »

version 1.0.0 has finally been released...3.x?

Tiny Core Linux

News:

Author Topic: openssl version (Read 11078 times)

Jason W

Re: openssl version

Kingdomcome

Re: openssl version

Jason W

Re: openssl version

Kingdomcome

Re: openssl version

Jason W

Re: openssl version

Jason W

Re: openssl version

danielibarnes

Re: openssl version

danielibarnes

Re: openssl version

Jason W

Re: openssl version

maro

Re: openssl version

Jason W

Re: openssl version

robc

Re: openssl version

danielibarnes

Re: openssl version

Jason W

Re: openssl version

robc

Re: openssl version