Re: Question regarding openssl update (dsa-288-1)
On Thu, Apr 17, 2003 at 10:28:32AM -0400, Fraser Campbell wrote:
> I am curious what applications it are that might break with this update
> (stunnel sounds like one of them). Here's the section of the advisory that
> has me concerned:
>
> You will have to decide whether you want the security update which is not
> thread-safe and recompile all applications that apparently fail after the
> upgrade, or fetch the additional source packages at the end of this
> advisory, recompile it and use a thread-safe OpenSSL library again, but
> also recompile all applications that make use of it (such as apache-ssl,
> mod_ssl, ssh etc.).
>
> My main concerns are ssh and libapache-mod-ssl. will they break with this
> update ... they don't appear to have broken but maybe I'm missing something?
No. Neither ssh nor Apache 1 is threaded.
> Is there a list available of programs that are expected to break?
Using ldd, look for programs linked against both libssl/libcrypto and
libpthread.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: