On Fri, Jun 01, 2018 at 04:59:13PM -0700, Paul Rogers wrote: > > > > > > Paul might care to google for arch-linux vsftpd : their build file > > Paul does care to, > > > shows a change to the conf to apparently enable SSL, and a sed to > > link to openssl-1.1. > > if Paul could find the page to which you refer. > I've now got firefox built, so I can paste from that:
For me, the second result (first is their wiki) is https://www.archlinux.org/packages/community/x86_64/vsftpd/ In Source Files, the PKGBUILD https://git.archlinux.org/svntogit/community.git/plain/trunk/PKGBUILD?h=packages/vsftpd > > > > As always, I cannot recommend using an old version of openssl ;-) > > I agree, but that can hardly explain my build failure, and presumably the > BLFS devs compiled vsftpd-3.0.3 with openssl-1.1.0f as given in the book. > Agree it doesn't explain the failure, but probably only one person built it, and perhaps with different dependencies. > > But fixing that means taking steps to fix make-ca. If Paul looked > > at a recent version of the svn book with openssh-1.1.0h and > > make-ca-0.7, the fix should be there, make-ca-0.8 should be ok. > > Paul has the 5/22 svn, which only has openssl-1.0.2o! > Doh! It's in LFS these days. 1.0.2 is only retained for its libs, for those packages which cannot use 1.1.0. The workaround for make-ca-0.7 is specifically at http://wiki.linuxfromscratch.org/blfs/changeset/20041 I think that 1.1.0g was not a vulnerability fix for most people, but that 1.1.0h was. And to finally confirm, make-ca-0.8 does indeed work fine without that workaround. ĸen -- War is Peace Freedom is Slavery Ignorance is Strength -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
