* [gentoo-user] Openssl 1.0.1c/d have serious issues?
@ 2013-05-22 17:49 Tanstaafl
2013-05-23 20:28 ` Alex
0 siblings, 1 reply; 3+ messages in thread
From: Tanstaafl @ 2013-05-22 17:49 UTC (permalink / raw
To: gentoo-user@lists.gentoo.org
Hello all,
1. dev-libs/openssl-1.0.1c is current stable version
2. Reliable sources on the postfix list claim c (and d) versions have
'serious' issues:
On 2013-05-22 12:19 PM, Viktor Dukhovni wrote:
> 1.0.1c has some known issues, you should use 1.0.1e.
and
On 2013-05-22 12:38 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> Both 1.0.1c and 1.0.1d had *serious* problems. Unless you can
> absolutely confirm that Gentoo has applied all of the patches from
> both of those releases to their build, I would strongly advise you to
> roll your own 1.0.1e release.
>
> --Quanah
So... can anyone comment on this? Does the stable version 1.0.1c apply
patches to address these issues?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] Openssl 1.0.1c/d have serious issues?
2013-05-22 17:49 [gentoo-user] Openssl 1.0.1c/d have serious issues? Tanstaafl
@ 2013-05-23 20:28 ` Alex
2013-05-24 11:16 ` Tanstaafl
0 siblings, 1 reply; 3+ messages in thread
From: Alex @ 2013-05-23 20:28 UTC (permalink / raw
To: gentoo-user
Hi,
On Wed, May 22, 2013 at 01:49:47PM -0400, Tanstaafl wrote:
> On 2013-05-22 12:38 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> > Both 1.0.1c and 1.0.1d had *serious* problems.
>
and what are these *serious* problems? Are there any links, CVEs?
From the ebuild, these patches are applied to the vanilla sources:
# Make sure we only ever touch Makefile.org and avoid patching a file
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
epatch "${FILESDIR}"/${PN}-1.0.1-ipv6.patch
epatch_user #332661
--
regards
alex
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] Openssl 1.0.1c/d have serious issues?
2013-05-23 20:28 ` Alex
@ 2013-05-24 11:16 ` Tanstaafl
0 siblings, 0 replies; 3+ messages in thread
From: Tanstaafl @ 2013-05-24 11:16 UTC (permalink / raw
To: gentoo-user
On 2013-05-23 4:28 PM, Alex <alex@zengers.de> wrote:
> Hi,
>
> On Wed, May 22, 2013 at 01:49:47PM -0400, Tanstaafl wrote:
>> On 2013-05-22 12:38 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>> > Both 1.0.1c and 1.0.1d had *serious* problems.
>>
> and what are these *serious* problems? Are there any links, CVEs?
I don't know, but if Victor Duchovni says there are problems and
recommends against using this version unless it contains all of the
necessary patches to address whatever problems there are, then that is
good enough for me.
Quanah also appears to be a legitimate source (he is the one who said
'serious' problems)...
When I asked about the serious problems, I was directed to the release
notes, which didn't tell me much - which is why I asked here...
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-05-24 11:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-22 17:49 [gentoo-user] Openssl 1.0.1c/d have serious issues? Tanstaafl
2013-05-23 20:28 ` Alex
2013-05-24 11:16 ` Tanstaafl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox