[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
OpenSSL - what have I actually done!?
I've been updating an install of NetBSD 3.1 to get the Web server as
current as possible. Apache itself was no problem as I had installed
it from pkgsrc, so I simply downloaded the latest version.
However, I noticed from the Apache signature that my OpenSSL was an
old version. I hadn't installed this from pkgsrc so I realised it had
come with the base system. Looking at the security advisories, where
a couple of patches for it are advised, I saw how to update it. In
short, I downloaded the source tarballs for lib/ and crypto/,
unpacked them into /usr/src and followed the instructions for
patching OpenSSL. The install seemed to work and I now have new
versions of /usr/lib/libcrypto* and /usr/lib/libssl*.
However, when I look again at the signature being given by Apache
(and yes, I have stopped and started it) I still see the old version
number for OpenSSL - it hasn't changed. I'm wondering now what I've
actually done as I expected OpenSSL to be rebuilt when building the
libs with 'dependall' specified. A newer version exists in pkgsrc.
Am I to understand that I've patched the underlying libraries for
issues that have been identified that are specific to NetBSD, but not
updated OpenSSL itself for the many general changes that have taken
place between my old version and the current one? (So in effect I
have only slightly improved my position.)
It seems to me that I should rebuild OpenSSL itself from source as
well. How would I know where to find it in the source tarballs,
please? Why does it exist in pkgsrc when it is part of the base system?
Any advice on how to proceed, or indeed how I should have approached
this from the beginning, much appreciated.
Thanks & regards,
Main Index |
Thread Index |