time to update openssl

Daniel Resare yellowdog-general@lists.terrasoftsolutions.com
Tue Jul 30 10:52:01 2002 

People running yellowdog linux on servers should update their openssl
package. Several security problems have been found in the openssl
package distributed by yellowdog (more info here:
http://www.openssl.org/news/secadv_20020730.txt).

Surely there will come an updated version of th package soon from
yellowdog, but if you are security conscious, or just paranoid and don't
want to wait you can follow the steps below:

1) Download the old openssl package from
http://ftp.yellowdoglinux.com/pub/yellowdog/yellowdog-2.3/SRPMS/YellowDog/SRPMS/openssl-0.9.6b-8.src.rpm

2) Install the src rpm with the command 'rpm -ivh
openssl-0.9.6b-8.src.rpm'

3) download the security patch from
http://noa.tm/slask/openssl-0.9.6b-sec.patch (this is the very same file
as distributed in the offical rpm errata package for redhat-7.2,
paranoid people should check this) into the /usr/src/rpm/SOURCES
directory.

4) make the following changes to /usr/src/rpm/SPECS/openssl.spec

--- openssl.spec        Sun Feb 10 00:30:09 2002
+++ openssl.spec.fixed  Tue Jul 30 18:41:14 2002
@@ -24,6 +24,7 @@
 Patch9: openssl-engine-0.9.6b-default-engine.patch
 Patch10: openssl-engine-0.9.6b-ubsec_failover.patch
 Patch11: openssl-engine-0.9.6b-ubsec_rand.patch
+Patch12: openssl-0.9.6b-sec.patch
 License: BSDish
 Group: System Environment/Libraries
 URL: http://www.openssl.org/
@@ -78,6 +79,7 @@
 %patch9 -p1 -b .default-engine
 %patch10 -p1 -b .ubsec_failover
 %patch11 -p1 -b .rand
+%patch12 -p1 -b .sec
 
 chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
 chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
@@ -224,6 +226,9 @@
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Jul 30 2002 Daniel Resare <noa@resare.com> 0.9.6b-9
+- add security patch from redhat-7.2 package
+
 * Fri Sep  7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-8
 - disable the RNG in the ubsec engine driver
 
5) rebuild the package with the command 'rpm -bb openssl.spec'

6) install the resulting package(s) with 'rpm -Fvh
/usr/src/rpm/RPMS/ppc/openssl*'

Good luck