How to find patches for a particular OpenSSL version?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/04/2015 01:27, Salz, Rich wrote:
>> I am currently using openssl 1.0.1e (compiling from source), and I was wondering whether I needed to put in any patch files with it as well. Does anybody know? Let's assume I can't just use a later version's tarball.
> There are no patch files.  Letter releases, 1.0.1f, 1.0.1g, etc., are only bugfixes.  You could read through the commit log, find which changes fixed bugs that you care about, get those commits, and apply them by hand.  Ugh.  That's going to take a very long time.
>
> You should reconsider your assumption.
Note however, that the Debian project, as a matter of
policy, does this for *all* the software they ship,
including OpenSSL 1.0.1e in wheezy.   And it is probably
a lot of work, made infinitely more difficult by the
"not my style" wholesale reformatting of the latest
1.0.1 tarball.

On the bad side, the patch work Debian does is specific
to their OS, and has on at least one occasion introduced
a major security flaw not in the official project.

On the good side, there is no particular reason to take
Mr. Salz advise in these matters, as he seems to be the
project member with the least understanding of what
other people need from the project.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux