On 23/04/2015 01:27, Salz, Rich wrote:
I am currently using openssl 1.0.1e (compiling from source), and I was
wondering whether I needed to put in any patch files with it as well. Does
anybody know? Let's assume I can't just use a later version's tarball.
There are no patch files. Letter releases, 1.0.1f, 1.0.1g, etc., are only
bugfixes. You could read through the commit log, find which changes fixed bugs
that you care about, get those commits, and apply them by hand. Ugh. That's
going to take a very long time.
You should reconsider your assumption.
Note however, that the Debian project, as a matter of
policy, does this for *all* the software they ship,
including OpenSSL 1.0.1e in wheezy. And it is probably
a lot of work, made infinitely more difficult by the
not my style wholesale reformatting of the latest
1.0.1 tarball.
On the bad side, the patch work Debian does is specific
to their OS, and has on at least one occasion introduced
a major security flaw not in the official project.
On the good side, there is no particular reason to take
Mr. Salz advise in these matters, as he seems to be the
project member with the least understanding of what
other people need from the project.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
