Change History (20)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Further status updates: postgresql-9.0 built and installed with this. Httpd-2.2.16 built and installed (specifically, pg_config didn't crash the build). DB4 (Berkeley) builds and installs with it. Cyrus-SASL builds and installs, but I have no way of running these. Openldap (client) builds - I have no way of using this, and the server appears to *require* mysql which I haven't yet touched (looking for the proverbial barge pole :).
The following have been built against 1.0.0a as part of my normal desktop: cups, curl, gnome-vfs, evolution-data-serve, lynx, ntp, orbit2, python, wget : since I'm not using ssl with any of these, I can't confirm that the functionalisty still works.
Will continue, slowly.
comment:3 by , 14 years ago
Seems to work (builds, passes tests, completes DESTDIR installs) with mysql-5.1.{49,51} and openldap-2.4.21.
comment:4 by , 14 years ago
The version of php in the book builds and completed an INSTALL_ROOT install after specifying --with-openssl-dir=/usr --with-mysql --with-mysql-sock=/var/run/mysql --with-pgsql (based on the options in the example file on anduin). php itself is linked to libmysqlclient.so, /usr/lib/apache/libphp5.so is linked to libpq.so and libssl.so.
Postfix also builds with the TLS define, bin/sendmail is linked against libssl.
comment:5 by , 14 years ago
Side issue - nss test failures (although nss seems to work fine in use). Raised as https://bugzilla.mozilla.org/show_bug.cgi?id=607303
follow-up: 7 comment:6 by , 13 years ago
I'm building a complete desktop and I've already installed OpenSSL-1.0.0a so I'll be able to help test things.
comment:7 by , 13 years ago
Replying to randy@…:
I'm building a complete desktop and I've already installed OpenSSL-1.0.0a so I'll be able to help test things.
Thanks. The things I can't test are kde (neither 3, nor 4), and I expect I'll have difficulty with some of bind, nmap, wireshark, stunnel, heimdal.
For the things not in my normal build I'm mostly only doing build tests.
follow-up: 11 comment:9 by , 13 years ago
fetchmail builds.
links builds and ssl works (tested on googlemail)
w3m builds, but ssl is uncertain - appears to work on googlemail login, but redirection failed (claimed it was an invalid url).
comment:11 by , 13 years ago
Replying to ken@…:
w3m builds, but ssl is uncertain - appears to work on googlemail login, but redirection failed (claimed it was an invalid url).
NB - some distros do NOT use w3m as a browser, they use the --with-browser switch to point it to another browser. The same distros do not have w3m depending on openssl.
comment:12 by , 13 years ago
bind builds and doesn't fail any tests (it skipped two because I don't have Net-DNS).
gnupg (v1) builds.
balsa builds in a newer version, details added to #2771 (current version does not build with the book's gmime, not an ssl issue)
xchat build in an newer version, details added to #2773 (current version does not build with the book's gtk, but fixes were in that ticket)
LPRng builds in a newer version, details added to #2788 (again, not an ssl issue)
libesmtp builds.
In passing, I note that balsa and xchat have been broken for a while, so I won't feel bad about possible breakage in the things I don't test (particularly, kde3).
comment:13 by , 13 years ago
nmap builds
wireshark-1.4.1 builds, but I misunderstood the dependency, openssl is only used for kerberos. (see #2911 for wireshark-0.99.6 build issueswith current glib)
stunnel builds
heimdal needs to be updated to 1.4, 1.3 is broken by the absence of openssl/md2.h
tripwire builds
comment:14 by , 13 years ago
exim builds.
sendmail builds.
vsftpd-2.0.5 failed to build (not an ssl problem), but 2.3.2 built successfully.
libggz built successfully.
That's the end of my testing, I'll summarise it on blfs-dev later this week.
comment:15 by , 13 years ago
Just FYI, the version of the SSL cert package needs to be updated with this version. There is already a copy on Anduin ready to go with the expired certs removed. I'll actually be separating them from the OpenSSL page at some point (GNUTLS can use them as well) and c_rehash should be run before taring them up. Given my recent lack of time, if someone else gets there before me, the scripts are way over commented so that it is absolutely transparent what is happening.
follow-up: 18 comment:17 by , 13 years ago
Version increment to 1.0.0b
Quoted from the OpenSSL web site:
OpenSSL 1.0.0b is now available, including important bug and security fixes
Not sure what to do here. Ken, any ideas?
comment:18 by , 13 years ago
| Summary: | openssl-1.0.0a → openssl-1.0.0b |
|---|
Replying to randy@…:
Version increment to 1.0.0b
Quoted from the OpenSSL web site:
OpenSSL 1.0.0b is now available, including important bug and security fixesNot sure what to do here. Ken, any ideas?
Upgrade! I think we can assume that the behaviour of applications will be no worse than with 1.0.0a. I'll need to confirm the build details, then I'll do this as a priority.
Thanks for the report.
mailx-12.4 needs a patch to build (in patches/).
openssh-5.3p1 works