I'm planning to upgrade openssl to 1.0.0a, maybe next week, maybe a bit later than that. I've built almost everything that the book says can use openssl, and checked that it actually linked to it (several packages needed switches for this). Even for those packages that are part of my normal build, I don't necessarily *use* the openssl functionality, but 1.0.0a is now old enough for many distros to use it, so packages with an active upstream ought to work.
I haven't tested the following build with this: bug-buddy - I'm not installing all the deps for this, but it is part of gnome so I'm sure it will work fine with current openssl. gnupg-1.4.9 - this doesn't actually link to openssl unless kerberos is used, so although I did build it I've proved nothing. kde3 - I think breakage in kde3 is possible with a newer openssl, but I don't know if it still builds with a current toolchain. Anyone using trinity apparently has to install an older autoconf, so they can install an older openssl outside /usr if needed. qpopper - (see previous thread). Built, tested but without success: w3m - I tried to use it to login to gmail, but it didn't like the redirect - unclear if the login succeeded or not. Distros such as fedora and gentoo pass a --with-browser= switch to make it use something else (e.g. part of gnome) and don't make it depend on openssl. If it is broken, I don't think that's a big deal, lynx and links are nicer and do work with openssl-1.0.0a. Needed patching to build: mailx-12.4 - the patch is in -patches. The following needed version upgrades to build on LFS-6.7, the newer openssl wasn't an issue (buildable versions listed): balsa-2.4.8 (newer version to build with gmime-2.4) LPRng-3.8.A vsftpd-2.3.2 wireshark-1.4.1 (I built this with libpcap-1.1.1 to get a shared libpcap.so) xchat-2.8.8 (newer version for recent gtk+-2) The following will need to be upgraded: heimdal - the 1.3 series fail to build because an openssl header has moved. 1.4 builds. I don't plan to upgrade this, it needs someone with experience of kerberos. mutt - needs to be upgraded to 1.5.21 to build with the newer openssl. postgresql (based on the earlier ticket for 1.0.0 where a pg prog caused the apache build to fail, I used 9.0.0. That version has a vulnerability, so I'll be updating my testbox to 9.0.1 before I update the book for openssl.) I used httpd-2.2.16 with this. I later tried the book's current version of httpd on a different box without postgres or mysql, and it built ok so no urgency to update httpd. ruby - needs to be updated to 1.9.2 to build with the newer openssl. Planned action: 0. lots of other non-BLFS things to do before I get round to this, also the ghostscript tickets, so who knows when I'll start... 1. upgrade openssl add patch for mailx add comment para in heimdal telling people to use 1.4 with openssl-1.0.0a until the book is updated 2. upgrade postgresql 3. upgrade mutt, unless someone else wants to take this (I use it, but only on my server which is still running an *old* system). 4. upgrade ruby - seems a simple version change 5. upgrade httpd unless anyone else takes it. ISTR there are some vulnerability fixes in the newer version. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
