On Fri, 2006-09-29 at 15:08 -0400, Matthew Miller wrote: > Anything? >From Thomas Mraz (quoted without asking for permission but hopefully that's ok): > I'd like to generate updated OpenSSL RPM packages for Fedora 4 and > hopefully post it to Fedora Legacy but the problem is - I'm looking at > the most recent OpenSSL src.rpm for FC4 and there's a ton of Source* and > Patch* stuff that doesn't make a lot of sense. > > Could you at least give me a quick rundown of what each Source and Patch > bit is supposed to do? That would take some time to make this rundown. The correct way to patch the recent openssl CVEs is to add the patches from RHEL4 srpm (however the current CVE-2006-2940 patch is broken because the 'goto err;' in dh_key patch must be replaced with 'return -1;'). I didn't try to apply the RHEL4 patches to FC4 openssl version so maybe a small adjustments may be necessary. > Of course, I could always just generate a package from a plain vanilla > openssl-0.9.7l.tar.gz but perhaps that will break a few things that the > original Fedora package is doing. That wouldn't work at all. -- Florin Andrei http://florin.myip.org/ -- fedora-legacy-list mailing list fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
