"Steven M. Bellovin" <smb%cs.columbia.edu@localhost> writes: > I confess that I don't understand the current status of firefox3 and > cups. I need to rebuild firefox3 now -- 3.0.6 is out, with some > security patches -- but I don't know what extra patches I should or > shouldn't apply to it, cups, etc. There were two problems: cups had bad openssl init code that passed address of pointer to data instead of address of data. It is not clear if this ever really caused trouble. firefox3 defines SHA1_Update and maybe some other things, and when openssl is dynloaded by the cups plugin (or something like that), the SHA1_Update symbol in openssl in the random seed procedure is misbound to the firefox version. I am a bit hazy on this, but it seems clear it's a dlopen/lack-of-namespace mess. In the cups package (at head of pkgsrc), there is a patch that ifdef's out the call to openssl's random seed. With that, firefox3 can print. You don't need to rebuild firefox3 after make replace of cups - just restarting firefox was enough. I realize this should be fixed better and pulled to 2008Q4, but ENOTIME for several weeks. This problem is only 98% understood, so YMMV. If so please let us know.
Description: PGP signature