Re: Question regarding openssl update (dsa-288-1)

To: debian-user@lists.debian.org
Subject: Re: Question regarding openssl update (dsa-288-1)
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 17 Apr 2003 18:03:10 +0100
Message-id: <[🔎] 20030417170310.GA4044@riva.ucam.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200304171028.32811.fraser@wehave.net>
References: <[🔎] 200304171028.32811.fraser@wehave.net>

On Thu, Apr 17, 2003 at 10:28:32AM -0400, Fraser Campbell wrote:
> I am curious what applications it are that might break with this update 
> (stunnel sounds like one of them).  Here's the section of the advisory that 
> has me concerned:
> 
>     You will have to decide whether you want the security update which is not
>     thread-safe and recompile all applications that apparently fail after the
>     upgrade, or fetch the additional source packages at the end of this
>     advisory, recompile it and use a thread-safe OpenSSL library again, but
>     also recompile all applications that make use of it (such as apache-ssl,
>     mod_ssl, ssh etc.).
> 
> My main concerns are ssh and libapache-mod-ssl. will they break with this 
> update ... they don't appear to have broken but maybe I'm missing something?  

No. Neither ssh nor Apache 1 is threaded.

> Is there a list available of programs that are expected to break?

Using ldd, look for programs linked against both libssl/libcrypto and
libpthread.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Question regarding openssl update (dsa-288-1)
  - From: Fraser Campbell <fraser@wehave.net>

Prev by Date: Re: Bash autocompletion
Next by Date: Re: Urgente - 6 tarjetas de Red
Previous by thread: Question regarding openssl update (dsa-288-1)
Next by thread: Postfix and Amavis with Debian
Index(es):
- Date
- Thread