compile-3.3.5 issuesForum: Extension Development Topic: compile-3.3.5 issues started by: Juanito Posted by Juanito on May 31 2008,06:39
ref ^hats^ comments on building the dillo cvs with compile-3.3.5: in < this thread. >
The idea was only to include headers for libs existing in the base dsl, so if the xinerama header is included, but libs are not then I guess I need to remove the header - let me check first though [Edit: /opt/compile-3.3.5/include/X11/extensions/Xinerama.h is present, so I guess I should remove it] I see errors of the form "underquote definition of AM_PATH_GTK during autogen" every now and again, but I don't know what causes them - any ideas? compile-3.3.5 has openssl-0.9.7a as I believe this is the version in the base dsl - if anybody is sure of the actual version used, please let me know. Posted by lucky13 on May 31 2008,09:53
You can get the SSL version from SSH since it compiles against it and complains (or is supposed to) if there's a mismatch.
I think you listed the right version. I'm on my hard drive install and I've updated SSH and SSL to current versions for security reasons (including a new SSL update this week: OpenSSH_5.0p1, OpenSSL 0.9.8h 28 May 2008). I may reboot in a few and check frugal to see. Edit: Just checked the packages page from DSL's home page and it says libssl 0.9.6g-6. Edit 2: "OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9, SSH protocols 1.5/2.0, OpenSSL 0x0090702f." Posted by Juanito on May 31 2008,11:37
Thanks - so it appears to be from openssl-0.9.7f.tar.gz and maybe patched for something?I see the version in debian sarge is openssl-0.9.7e and openssl-0.9.6c in debian woody - it's not so common to see something younger than sarge in dsl.. Posted by lucky13 on May 31 2008,12:11
Yes, patched for several vulnerabilities. You can track the Debian Security Advisories (DSAs) by following the CVE links on the following page to mitre.org to see how Woody and Sarge were patched (or you can probably get the same info from the web pages in Debian Packages per release). I'm going to see how feasible it might be to update SSL (and maybe SSH, too) if Robert is interested and has room in the base.< http://www.openssl.org/news/vulnerabilities.html > Edit: I don't know if the version in DSL is DSL-specific or from Debian, so I don't know when/how it was patched. Robert might know more about that. Posted by Jason W on May 31 2008,15:15
Juanito,I think I remember that openssl verision 0.9.7b is in base DSL. And the AM_PATH_GTK thing is supposedly because automake is not finding gtk-config in your path. I have gtk-config in my path and I still see that error. But gtk is not being built against in this case so it looks indeed pretty harmless. Posted by WDef on May 31 2008,18:33
Doing:
gives:
Suggests (but hardly definitive) that Jason might be correct about 0.9.7b. Also: try this on a newer dsl - I'm running an older release on this box. Posted by WDef on May 31 2008,18:56
Confirmed - from Lucky's useful post re ssh -V:
The OpenSSL version identifier string is explained here: < http://bs2000.fujitsu-siemens.com/downloa....ER.html > OpenSSL 0x0090702f translates as:
So there's the exact release, assuming Robert did in fact compile ssh against dsl's OpenSSL that is. Posted by lucky13 on May 31 2008,21:24
Or Debian, whichever version and/or update, if it came from their repository (which is possible -- I didn't look at the DSL changelog to see if or when it's been upgraded). Thanks for doing more homework on that. Since I mentioned it in this thread, I'll try to make a .dsl of my upgrades of zlib+ssl+ssh (all in one .dsl would probably be most sensible) when I get a chance tomorrow morning or this week. All three have major security updates between the version DSL has and current. Posted by curaga on June 01 2008,08:21
They are important, but what about all other stuff that has had security updates (png, jpeg, FF, glibc, etc. etc.)? Just saying it might not be worth going for, as to be secure it would need a total overhaul.
|