"Steven M. Bellovin" <smb%cs.columbia.edu@localhost> writes:
I confess that I don't understand the current status of firefox3 and
cups. I need to rebuild firefox3 now -- 3.0.6 is out, with some
security patches -- but I don't know what extra patches I should or
shouldn't apply to it, cups, etc.
There were two problems:
cups had bad openssl init code that passed address of pointer to data
instead of address of data. It is not clear if this ever really
caused trouble.
firefox3 defines SHA1_Update and maybe some other things, and when
openssl is dynloaded by the cups plugin (or something like that), the
SHA1_Update symbol in openssl in the random seed procedure is
misbound
to the firefox version. I am a bit hazy on this, but it seems clear
it's a dlopen/lack-of-namespace mess.
In the cups package (at head of pkgsrc), there is a patch that ifdef's
out the call to openssl's random seed. With that, firefox3 can print.
You don't need to rebuild firefox3 after make replace of cups - just
restarting firefox was enough.
I realize this should be fixed better and pulled to 2008Q4, but
ENOTIME
for several weeks.
This problem is only 98% understood, so YMMV. If so please let us
know.