Rick Stevens wrote:
Frantisek Hanzlik wrote:
Rick Stevens wrote:
Frantisek Hanzlik wrote:
After upgrading from F7 to F10 it's unable (for me, but on several
sites)
access to sendmail daemon with authenticated access by either TLS
(port 25)
or SSL (port 465) protocols from M$ Outlook (Express too). I still make
on right description this issue, its look like some problem in
certificate
exchange.
But no matter how it's related with, surprising for me is fact,
that Fedora 10 uses openssl package version 0.9.8g released in 2007,
while actual released version is 0.9.8j, four versions newer.
If you check the source RPM's spec file, you'll see that most (if not
all) of the "j" patches have been backported to the "g" version. The
trick is that the "j" version bumps the .so for /lib[64]/libcrypto.so.7
and /lib[64]/libssl.so.7 from ".7" to ".8" and a lot of existing code
would break because they want .7. Hope that explains it for you.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- If you're not part of the solution, you're part of the precipitate -
----------------------------------------------------------------------
Rick, thank for Your response.
But - yes, I know just was released F10 openssl pkg 0.9.8g release 12,
and I read it's changelog, thus I know what was backported to this.
But I'm not agree about You these "lot of existing code would break
because ..", as when I ask:
rpm -q --whatrequires openssl
tinyca2-0.7.5-4.fc10.noarch
dovecot-1.1.7-1.fc10.i386
openldap-servers-2.4.12-1.fc10.i386
nash-6.0.71-3.fc10.i386
NetworkManager-0.7.0-1.git20090102.fc10.i386
sendmail-8.14.3-3.fc10.i386
openssl-devel-0.9.8g-12.fc10.i386
openssl-perl-0.9.8g-12.fc10.i386
(and I have relative large system with packages from rpmfusion, dries,
atrpms, planetccrma and others) - thus, I think, only packages
depend on openssl are some little from Fedora own repository.
I'm right?
Those are only the ones you have installed (rpm only queries your
installed packages). There are probably others in the repos (not sure
if yum can query for "list everything dependent on openssl"). On top
of that, you also have to consider people (such as myself) that don't
just install RPM-based packages, but have built them from source
tarballs and the like.
While the general rule is to simply link against the ".so" version of
a library, many packages specifically link against the ".so.(version)"
of the libraries to ensure they have specific APIs that may not exist in
earlier versions. Unfortunately there's no "link against .so.7 or later"
option in the linker (or if there is, it's not often used).
Thus, if you installed a libssl.so.8 and DIDN'T create (or replace) a
".so.7" symlink which points at the new .8 version to satisfy existing
packages (and remember, there are some F9 packages in F10), your code
won't run. That's why they backport the patches and ship a heavily
modified "g" version (which retains the .so.7) instead of a (newer)
"j" version (with the new .so.8).
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- When in doubt, mumble. -
----------------------------------------------------------------------
You are right, there is perhaps lots more packages depended on openssl,
what rpm isn't able list.
But yet - IMHO create symlink ".so.7" to new ".so.8" is I think very
simple, and may be done with little patch in openssl Makefile, or in
RPM install script - energy to maintain and backport bugfixes to old
code must be much greater and probably isn't real maintain it over
and over again.
Frantisek Hanzlík
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines