old openssl?

Support for security such as Firewalls and securing linux
Post Reply
redeye
Posts: 5
Joined: 2005/03/17 11:05:25

old openssl?

Post by redeye » 2005/03/29 06:16:17

Why is it that default package of OpenSSL is still 0.9.7.a, 2 years old, while there are allready new packages available?

[quote]
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
[/quote]

crapbollox
Posts: 2
Joined: 2005/04/19 17:43:26

Re: old openssl?

Post by crapbollox » 2005/04/19 17:48:08

Also it seems quite hard to update openSSL!

I've tried downloading the latest source and using it's own .spec file to build an rpm. If I do I get an error about $RPM_BUILD_ROOT/var/ssl/lib missing

If I change the spec file to create that dir the rpm is built, but when I try to install it I get this:

[root@mybox i386]# rpm -Uvh openssl-*
error: Failed dependencies:
libcrypto.so.4 is needed by (installed) cyrus-sasl-2.1.15-10
libcrypto.so.4 is needed by (installed) cyrus-sasl-md5-2.1.15-10
libcrypto.so.4 is needed by (installed) openldap-2.0.27-17
libcrypto.so.4 is needed by (installed) authd-1.4.1-1.rhel3
libcrypto.so.4 is needed by (installed) bind-libs-9.2.4-5_EL3
libcrypto.so.4 is needed by (installed) bind-utils-9.2.4-5_EL3
libcrypto.so.4 is needed by (installed) libwvstreams-3.70-10
libcrypto.so.4 is needed by (installed) pyOpenSSL-0.5.1-8
libcrypto.so.4 is needed by (installed) lftp-2.6.3-5
libcrypto.so.4 is needed by (installed) wget-1.8.2-15
libcrypto.so.4 is needed by (installed) openssh-3.6.1p2-33.30.3
libcrypto.so.4 is needed by (installed) openssh-clients-3.6.1p2-33.30.3
libcrypto.so.4 is needed by (installed) openssh-server-3.6.1p2-33.30.3
libcrypto.so.4 is needed by (installed) elinks-0.4.2-7
libcrypto.so.4 is needed by (installed) net-snmp-utils-5.0.9-2.30E.12
libcrypto.so.4 is needed by (installed) net-snmp-5.0.9-2.30E.12
libcrypto.so.4 is needed by (installed) ipsec-tools-0.2.5-0.7
libcrypto.so.4 is needed by (installed) python-2.2.3-6.1
libssl.so.4 is needed by (installed) openldap-2.0.27-17
libssl.so.4 is needed by (installed) libwvstreams-3.70-10
libssl.so.4 is needed by (installed) pyOpenSSL-0.5.1-8
libssl.so.4 is needed by (installed) lftp-2.6.3-5
libssl.so.4 is needed by (installed) wget-1.8.2-15
libssl.so.4 is needed by (installed) elinks-0.4.2-7
libssl.so.4 is needed by (installed) ipsec-tools-0.2.5-0.7
libssl.so.4 is needed by (installed) python-2.2.3-6.1


Anyone know how to update openSSL?

redeye
Posts: 5
Joined: 2005/03/17 11:05:25

Re: old openssl?

Post by redeye » 2005/04/28 10:46:43

HELLO? Could anyone reply to this topic?

valus
Posts: 2
Joined: 2005/06/13 06:47:57
Location: Slovak republic

Re: old openssl?

Post by valus » 2005/06/13 06:59:12

Hi,

I have centOS4.0, I downloaded sources for openssl 0.9.7g and installed it without problem, configure it with --prefix=/usr to retwrite old version and with shared.I also downloaded sources openssh 4.0p1 and configuration found the new version of openssl.
If you have questions,ask me.

Valus

Minuteman
Posts: 17
Joined: 2005/05/18 16:29:21
Location: Switzerland

Re: old openssl?

Post by Minuteman » 2005/06/13 18:53:52

I don't know if the openssl version of CentOS is really the "old unpatched". I don't think so, I can't imagine RedHat to provide an old version of this package.

On my old RadHat 9 box I had to do this to install the new version from source:
$ ./config --prefix=/usr --openssldir=/usr/share/ssl
$ make
$ make test
$ make install

dsegall
Posts: 22
Joined: 2005/02/08 18:37:42
Location: All up in it...
Contact:

Re: old openssl?

Post by dsegall » 2005/06/15 14:02:03

The upstream provider almost always "backports" bug/security fixes, rather than building a full new version. I don't think I can ever recall a time when their version number matched the latest release. They do this for a lot of different programs. I believe it's mostly a compatability issue, since several packages rely on things like openssl.

Note: You can see from RPM when the package was built, as well as the changelog, which shows all bug/security fixes applied:

root@ns1 ~>rpm -qi openssl
Name : openssl Relocations: (not relocatable)
Version : 0.9.7a Vendor: CentOS
Release : 43.2 Build Date: Wed 01 Jun 2005 12:23:07 PM EDT
Install Date: Tue 07 Jun 2005 06:40:45 PM EDT Build Host: x8664-build.home.local
Group : System Environment/Libraries Source RPM: openssl-0.9.7a-43.2.src.rpm
Size : 2564531 License: BSDish
Signature : DSA/SHA1, Wed 01 Jun 2005 12:32:34 PM EDT, Key ID a53d0bab443e1821
Packager : Johnny Hughes
URL : http://www.openssl.org/
Summary : The OpenSSL toolkit.
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

root@ns1 ~>rpm -q --changelog openssl
* Thu May 19 2005 Tomas Mraz 0.9.7a-43.2

- fix CAN-2005-0109 - use constant time/memory access mod_exp
so bits of private key aren't leaked by cache eviction (#157631)

* Fri Dec 03 2004 Jeremy Katz - 0.9.7a-43.1

- rebuild for s390 gcc changes (#136978)

* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-43

- rebuild

* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-42

- rebuild

* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-41

- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)

[SNIP]

Post Reply

Return to “CentOS 4 - Security Support”