time to update openssl
Daniel Resare
yellowdog-general@lists.terrasoftsolutions.com
Tue Jul 30 10:52:01 2002
People running yellowdog linux on servers should update their openssl
package. Several security problems have been found in the openssl
package distributed by yellowdog (more info here:
http://www.openssl.org/news/secadv_20020730.txt).
Surely there will come an updated version of th package soon from
yellowdog, but if you are security conscious, or just paranoid and don't
want to wait you can follow the steps below:
1) Download the old openssl package from
http://ftp.yellowdoglinux.com/pub/yellowdog/yellowdog-2.3/SRPMS/YellowDog/SRPMS/openssl-0.9.6b-8.src.rpm
2) Install the src rpm with the command 'rpm -ivh
openssl-0.9.6b-8.src.rpm'
3) download the security patch from
http://noa.tm/slask/openssl-0.9.6b-sec.patch (this is the very same file
as distributed in the offical rpm errata package for redhat-7.2,
paranoid people should check this) into the /usr/src/rpm/SOURCES
directory.
4) make the following changes to /usr/src/rpm/SPECS/openssl.spec
--- openssl.spec Sun Feb 10 00:30:09 2002
+++ openssl.spec.fixed Tue Jul 30 18:41:14 2002
@@ -24,6 +24,7 @@
Patch9: openssl-engine-0.9.6b-default-engine.patch
Patch10: openssl-engine-0.9.6b-ubsec_failover.patch
Patch11: openssl-engine-0.9.6b-ubsec_rand.patch
+Patch12: openssl-0.9.6b-sec.patch
License: BSDish
Group: System Environment/Libraries
URL: http://www.openssl.org/
@@ -78,6 +79,7 @@
%patch9 -p1 -b .default-engine
%patch10 -p1 -b .ubsec_failover
%patch11 -p1 -b .rand
+%patch12 -p1 -b .sec
chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
@@ -224,6 +226,9 @@
%postun -p /sbin/ldconfig
%changelog
+* Tue Jul 30 2002 Daniel Resare <noa@resare.com> 0.9.6b-9
+- add security patch from redhat-7.2 package
+
* Fri Sep 7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-8
- disable the RNG in the ubsec engine driver
5) rebuild the package with the command 'rpm -bb openssl.spec'
6) install the resulting package(s) with 'rpm -Fvh
/usr/src/rpm/RPMS/ppc/openssl*'
Good luck