2009.02-rc2 uses openssl-0.9.8g which has some security issues. This patch bumps the package to openssl-0.9.8j. It also moves openssldir from /usr/lib/ssl to /etc/ssl otherwise the openssl binary will look for it's configuration file in that odd directory. Tested for an arm target, someone should test if this didn't break avr32 before comitting (i can try in a couple of days with my atngw100).
Patch exceeds 400k so i can't attach, fetch from http://www.zacarias.com.ar/openssl-0.9.8j.patch Sorry!
That's a big patch. We're unfortunately this close to the release that I won't commit it until after the release, unless I get acks from other archs.
The patch is big because of patch file renaming. Basically it's only that plus s/0.9.8g/0.9.8j/ and the change to openssldir in the .mk file. Probably better to apply after release, just remember it later ;-)
I've been using 0.9.8i locally with no issues
I think upgrading to 0.9.8j would be good, as this is a security-sensitive package and we should do our best to keep it up to date.
The avr32 needs a rework, it won't apply cleanly. Anyone interested in avr32 to do it?
Just leave out AVR32 for now, I think the security stuff is more important. The openssl.mk needs a little love before AVR32 will work, you have to disable it selecting an optimization for AVR32 arch.
Created attachment 43 [details] Patch to bump to 0.9.8j Here's a simplified patch, basically renames the relevant 0.9.8g patches for 0.9.8j, add a no-fips patch (removes newly introduced garbage in the target for 0.9.8j), and moves openssldir from /usr/lib/ssl to /etc/ssl. I basically ignored the avr32 patch on this take.
version bumped r25433 by Hamish, care to check that everything is like you wanted?
Looks ok, though it still leaves openssldir pointing to /usr/lib/ssl rather than the common approach of /etc/ssl. Being mostly a configuration directory it should really reside in /etc/ssl.