tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

6.0 and current's OpenSSL


I have reported Apache httpd's bug to upstream
to fix .
And Apache person have sent me the following comments
(See in detail).

What is the stopper of OpenSSL update?
Newer and released version of OpenSSL will help pkgsrc development at least,
I feel.
Can we update OpenSSL?

--- Comment #1 from Kaspar Brand <> ---
Increasing the version check to require 1.0.1-beta1 is a way to address this,
that's right, but frankly, the proper fix is for NetBSD to pick up a *released*
version of OpenSSL.

Both 6.0_BETA2 and 6.99.8 seem to have a snapshot from 5 June 2011
- which lacks numerous fixes compared to 1.0.1, and of course even more
compared to 1.0.1c: see e.g.

I would really urge NetBSD to pull up a more recent OpenSSL *release* (and not
repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I was
really hoping for this to be a one-time screw up).

PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

Home | Main Index | Thread Index | Old Index