Hi, I have a few machines running Debian Potato and I wish to upgrade openssl on them to fix the buffer overflow issue recently discovered. Debian have released an updated package for Woody that resolves this issue but have not (last I checked) done this for Potato. I was considering downloading the updated source from openssl.org and compiling it but I have a few concerns. Specifically:
1) Do I need to recompile all packages which use the openssl libraries? for that matter, 2) how do I tell what for sure what applications use the openssl libraries? I know that ssh does, and apache-ssl probably does too 3) I presume I only need to recompile stuff that is linked statically but I am not sure how to tell which applications link statically and which dynamically to openssl libraries. If they are dynamically linked, I presume all I need to do to test whether the upgrade is compatible is restart the application (although I notice on RedHat's site they suggest rebooting the machine, something which I need to avoid due to it being a production machine). 4) My other concern relates to what I do with the old packages: can I just forcibly remove openssl? Or will this cause all the Debian packages which rely upon it to break? My plan would be to install the new openssl in /usr/local/ssl as the root whereas the Debian package is in /usr/bin and /usr/lib. Does this mean I have to get source tarballs for everything which I guess would be using openssl and recompile them pointing to the new openssl libraries etc? Its beginning to look like a pretty scary task... Ideally I would upgrade to Woody, but that will have to wait for now... Many thanks for suggestions. Regards, Campbell -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug