Re: [Ltib] openssl

ltib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ltib] openssl

From:	Stuart Hughes
Subject:	Re: [Ltib] openssl
Date:	Mon, 25 Jan 2010 09:28:49 +0000
User-agent:	Thunderbird 2.0.0.16 (X11/20080707)

Hi Mark,

The content in the GPP is uploaded independently from the sourcereferences. This is just an indication that Freescale (internally) arereferencing a later version. Unless they submit patches to the publicforum their updates won't make it into the public Savannah LTIB CVS.


--- dist/lfs-5.1/openssl/openssl.spec   5 Dec 2008 16:32:15 -0000       1.3
+++ dist/lfs-5.1/openssl/openssl.spec   25 Jan 2010 09:24:37 -0000
@@ -3,7 +3,7 @@

 Summary         : Secure Sockets Layer toolkit
 Name            : openssl
-Version         : 0.9.8g
+Version         : 0.9.8k
 Release         : 1

I don't have their latest spec file, but if you want to try, it may justbe a case of making the following change (in the current spec) and thenre-building:

What I don't know though is how many of the current patches for 0.9.8gare still relevant and if they are whether they need forward porting.

It's not so much that using a newer version is a bad idea, rather thatit may be a lot of effort for little gain. Unless you need the newerversion, there's little point. The effort I speak of is:


* migrating patches (and doing the analysis to decide that)
* collateral dependent package upgrades.

Maybe it's worth asking Freescale to post their upgraded spec file.

Regards, Stuart


Mark Bishop wrote:

Also, one thing I have noticed is that the most recent version in theGPP is 0.98k but when I do a ./ltib -m listpkgs it gives lists version0.98g. I am trying to figure out how to get the newer versions straightfrom the GPP in ltib (and then do a patch/spec file if need be). I amsure the procedure is in the documentation on the website. I am stillsifting through it.
I guess I could just download/compile it all manually if I can't figureout how to get this to work in ltib, but it wouldn't be as fun.
And this ltib version came from a Freescale BSP. I am using the olderltib, I just want a newer openssl. Unless someone says it is a bad idea.
Quoting Mark Bishop <address@hidden>:
OpenSSL CHANGES
 _______________

 Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]

  *) Disable renegotiation completely - this fixes a severe security
     problem (CVE-2009-3555) at the cost of breaking all
     renegotiation. Renegotiation can be re-enabled by setting
     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
     run-time. This is really not recommended unless you know what
     you're doing.
     [Ben Laurie]


They have also started to release the 1.0 Beta's.


Quoting Stuart Hughes <address@hidden>:
Hi Mark,
It's always good to get updates. If you get it ported, please postyour patch/spec file to the list.
BTW: what's changed for this later version?

Regards, Stuart

Mark Bishop wrote:
I am going to deploy the most recent openssl with ltib. I am goingto start with the current .spec file for the version that is inthere. Is this something that would be worthwhile to upload to theltib project or should I not worry about it?
_______________________________________________
LTIB home page: http://ltib.org

Ltib mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/ltib
_______________________________________________
LTIB home page: http://ltib.org

Ltib mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/ltib

[Prev in Thread]

Current Thread

[Next in Thread]

[Ltib] openssl, Mark Bishop, 2010/01/22
- Re: [Ltib] openssl, Stuart Hughes, 2010/01/22
  - Re: [Ltib] openssl, Mark Bishop, 2010/01/22
    - Re: [Ltib] openssl, Mark Bishop, 2010/01/22
    - Re: [Ltib] openssl, Stuart Hughes <=

Prev by Date: [Ltib] Re: build ffmpeg with H264 support
Next by Date: [Ltib] Problem building cpufrequtils on Quadcore
Previous by thread: Re: [Ltib] openssl
Next by thread: [Ltib] Problem building cpufrequtils on Quadcore
Index(es):
- Date
- Thread