tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

6.0 and current's OpenSSL



Hi,

I have reported Apache httpd's bug to upstream
to fix http://gnats.netbsd.org/46655 .
And Apache person have sent me the following comments
(See https://issues.apache.org/bugzilla/show_bug.cgi?id=53512 in detail).

What is the stopper of OpenSSL update?
Newer and released version of OpenSSL will help pkgsrc development at least,
I feel.
Can we update OpenSSL?


--- Comment #1 from Kaspar Brand <asfbugz%velox.ch@localhost> ---
Increasing the version check to require 1.0.1-beta1 is a way to address this,
that's right, but frankly, the proper fix is for NetBSD to pick up a *released*
version of OpenSSL.

Both 6.0_BETA2 and 6.99.8 seem to have a snapshot from 5 June 2011
(http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssl/dist/crypto/opensslv.h?rev=HEAD)
- which lacks numerous fixes compared to 1.0.1, and of course even more
compared to 1.0.1c: see e.g.
http://cvs.openssl.org/filediff?f=openssl/CHANGES&v1=1.1481.2.56&v2=1.1481.2.56.2.103.

I would really urge NetBSD to pull up a more recent OpenSSL *release* (and not
repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I was
really hoping for this to be a one-time screw up).

-- 
Ryo ONODERA // ryo_on%yk.rim.or.jp@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3




Home | Main Index | Thread Index | Old Index