Opened 18 years ago
Closed 18 years ago
#1838 closed task (fixed)
OpenSSL-0.9.8a
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 6.2.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | OpenSSL |
| Cc: |
Description
Coinciding with OpenSSH-4.3p2 in Ticket 1791, I'm going to update OpenSSL. Has been out since 2006/10/11.
Attachments (2)
Change History (13)
comment:1 by , 18 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 18 years ago
comment:3 by , 18 years ago
So far the only package that's had issues for me has been cyrus-sasl. It's just missing some headers, though. I'll post the patch soon when I open a bug or two about sasl. I need to test a bit more, though.
Between mine, yours and Joe's usage, I think this is about ready to go. The two packages that I want to personally test are apache and postfix. This should happen soon.
comment:4 by , 18 years ago
The Apache HTTPd seems to be just fine in my testing.
What issues are you seeing with Cyrus-SASL. Could you describe them a bit more. Is it at run-time or during compilation?
comment:5 by , 18 years ago
Both are compile time problems. However, I haven't tested whether they run with the fixes I'm attaching (particularly LDAP).
- Missing headers for openssl in some of the plugins: ntlm, srp and passdss. Patch is attached.
- configure only allows openldap <= 2.2. Inline diff below is from CVS.
diff -pur cyrus-sasl-2.1.21.orig/configure cyrus-sasl-2.1.21/configure --- cyrus-sasl-2.1.21.orig/configure 2006-03-30 14:24:55.000000000 +0000 +++ cyrus-sasl-2.1.21/configure 2006-03-30 21:00:35.388580365 +0000 @@ -12253,6 +12253,8 @@ cat >>conftest.$ac_ext <<_ACEOF
char *openldap_compat = "2.1.27 or better okay"; #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2 && LDAP_VENDOR_VERSION_PATCH > 5 char *openldap_compat = "2.2.6 or better okay";
+#elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR > 2 +char *openldap_compat = "2.3 or better okay"
#endif
_ACEOF
by , 18 years ago
| Attachment: | cyrus-sasl-2.1.21-openssl098-1.patch added |
|---|
cyrus-sasl patch for openssl-0.9.8
comment:6 by , 18 years ago
Thanks for the clarification, Dan.
Though I will fight that the patches to fix the plugins issues don't go into the book. This would be patching unsupported, experimental plugins in the Cyrus tree. Bad news. This would be Wiki stuff. Patching the tree to fix unsupported, experimental stuff doesn't really fit the BLFS policy on putting patches in the book.
As far as the LDAP thing, I was surprised at this the first time I read it. Then I remembered that I never build SASL with LDAP support as this would cause me to have to do circular builds with Cyrus and LDAP. I only use Cyrus for GSSAPI authentication, which doesn't need to store passwords in Cyrus, so I don't need LDAP support. It's a good thing to fix this one.
by , 18 years ago
| Attachment: | cyrus-sasl-2.1.21-openssl98-2.patch added |
|---|
New patch checking version prior to inclusion of headers
comment:7 by , 18 years ago
I opened a separate bug for sasl with LDAP, #1911. I'll address that and the ldapdb circular build at the same time. Possibly tomorrow I can get that in.
Here's a better fix for cyrus-sasl-2.1.21 with openssl-0.9.8a. I checked against openssl-0.9.7e, and all the plugins built fine without patching. The new patch checks the ssl version before including the headers. It builds against both ssl versions mentioned. I've submitted this upstream. The fix to ntlm is already in CVS. Here's the post I sent.
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=7780
comment:8 by , 18 years ago
The sasl maintainer added in the fixes for passdss.c and srp.c. The exact fixes for these and ntlm.c are in the first patch (he dropped the version directives).
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/ntlm.c.diff?r1=1.29&r2=1.30
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/passdss.c.diff?r1=1.3&r2=1.4
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/srp.c.diff?r1=1.57&r2=1.58
He also fixed patched in my suggestion that the saslauthd man page should go in man8 instead of the odd cat8 directory.
comment:9 by , 18 years ago
Cyrus-sasl is the only package I've had any trouble with. I want to test mod_ssl with Apache. If all goes well, I will be updating this package.
comment:10 by , 18 years ago
| Keywords: | OpenSSL added |
|---|---|
| Priority: | high → normal |
| Severity: | major → normal |
| Type: | defect → task |
FWIW:
I just recently built up LFS-SVN on an old slow box that I use for mail and such. I used this new version of OpenSSL and am seeing no issues whatsoever. I've built many servers and packages that link to, or use, ssl and I'm not seeing any issues. Here is a list of the packages I have installed so far:
http://www.linuxfromscratch.org/~randy/installed_packages.txt