Port-alpha archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

OpenSSL - what have I actually done!?


I've been updating an install of NetBSD 3.1 to get the Web server as current as possible. Apache itself was no problem as I had installed it from pkgsrc, so I simply downloaded the latest version.

However, I noticed from the Apache signature that my OpenSSL was an old version. I hadn't installed this from pkgsrc so I realised it had come with the base system. Looking at the security advisories, where a couple of patches for it are advised, I saw how to update it. In short, I downloaded the source tarballs for lib/ and crypto/, unpacked them into /usr/src and followed the instructions for patching OpenSSL. The install seemed to work and I now have new versions of /usr/lib/libcrypto* and /usr/lib/libssl*.

However, when I look again at the signature being given by Apache (and yes, I have stopped and started it) I still see the old version number for OpenSSL - it hasn't changed. I'm wondering now what I've actually done as I expected OpenSSL to be rebuilt when building the libs with 'dependall' specified. A newer version exists in pkgsrc.

Am I to understand that I've patched the underlying libraries for issues that have been identified that are specific to NetBSD, but not updated OpenSSL itself for the many general changes that have taken place between my old version and the current one? (So in effect I have only slightly improved my position.)

It seems to me that I should rebuild OpenSSL itself from source as well. How would I know where to find it in the source tarballs, please? Why does it exist in pkgsrc when it is part of the base system?

Any advice on how to proceed, or indeed how I should have approached this from the beginning, much appreciated.

Thanks & regards,


Home | Main Index | Thread Index | Old Index