You are not logged in.
Pages: 1
Hi all!
As you might know, Arch is using OpenSSL 0.9.6 right now. But 0.9.7 is already out
The problem is, that many programs are linked with /usr/lib/libssl.so.0.9.6
First of all: does anyone know if the update is worth the work? What does openssl 0.9.7 provide what 0.9.6 doesn't? How long will 0.9.6 still be supported?
Second: If arch is going to update, _how_ should they update it? just symlink the new /usr/lib/libssl.so.0.9.7 to libssl.so.0.9.6? it might work, but i think this is just a dirty hack. The "fine" method would be to recompile the packages which depend on this file.
Those 46 packages depend on them:
acme-2.0.2-1.pkg.tar.gz
apache-2.0.47-1.pkg.tar.gz
bug-buddy-2.2.103-1.pkg.tar.gz
control-center-2.2.2-1.pkg.tar.gz
cups-1.1.19-3.pkg.tar.gz
curl-7.10.7-1.pkg.tar.gz
eog-2.2.2-1.pkg.tar.gz
file-roller-2.2.2-2.pkg.tar.gz
fontilus-0.4-1.pkg.tar.gz
gdm-2.4.2.95-2.pkg.tar.gz
gedit-2.2.1-2.pkg.tar.gz
gftp-2.0.15-2.pkg.tar.gz
ggv-1.99.98-1.pkg.tar.gz
ghostscript-7.07.1rc2-3.pkg.tar.gz
gnome-desktop-2.2.2-1.pkg.tar.gz
gnome-games-2.2.1-1.pkg.tar.gz
gnome-media-2.2.1.1-1.pkg.tar.gz
gnome-panel-2.2.2.2-1.pkg.tar.gz
gnome-pilot-2.0.9-1.pkg.tar.gz
gnome-session-2.2.2-1.pkg.tar.gz
gnome-system-monitor-2.0.4-1.pkg.tar.gz
gnome-terminal-2.2.2-1.pkg.tar.gz
gnome-utils-2.2.3-1.pkg.tar.gz
imap-2002d-2.pkg.tar.gz
irssi-0.8.6-3.pkg.tar.gz
kdelibs-3.1.4-1.pkg.tar.gz
lftp-2.6.7-1.pkg.tar.gz
libbonoboui-2.2.2-1.pkg.tar.gz
licq-1.2.7-1.pkg.tar.gz
links-2.1pre11-1.pkg.tar.gz
mutt-1.4.1-3.pkg.tar.gz
mysql-4.0.15-2.pkg.tar.gz
nautilus-2.2.4-1.pkg.tar.gz
nmap-3.46-2.pkg.tar.gz
openldap-2.1.22-1.pkg.tar.gz
php-4.3.3-2.pkg.tar.gz
pine-4.58-1.pkg.tar.gz
postgresql-7.3.4-1.pkg.tar.gz
rhythmbox-0.5.1-1.pkg.tar.gz
samba-3.0.0-2.pkg.tar.gz
sylpheed-claws-0.8.8-1.pkg.tar.gz
vorbis-tools-1.0-3.pkg.tar.gz
wget-1.8.2-2.pkg.tar.gz
xchat-2.0.5-1.pkg.tar.gz
xine-ui-0.9.22-1.pkg.tar.gz
yelp-2.2.3-1.pkg.tar.gz
I hope i got them all
Offline
Also, GNOME 2.4 from Incoming would have to be recompiled.
And RHYTHMBOX is up to 0.5.3 (its much better than 0.5.1), so if you are recompiling, might as well upgrade to the latest version.
"Contrary to popular belief, penguins are not the salvation of modern technology. Neither do they throw parties for the urban proletariat."
Offline
and icecast
AKA uknowme
I am not your friend
Offline
and icecast
hm... i should've mentioned, that i only checked the packages in current and unstable
Offline
....and unstable
heh that must have been quick with all of maybe three packages in unofficial
AKA uknowme
I am not your friend
Offline
romankreisel wrote:....and unstable
heh that must have been quick with all of maybe three packages in unofficial
it was relatively quick, yes, if you're interested, read on how to do this check:
First of all, go to /tmp (or somewhere where you've got plenty of space) and create a directory called "arch". Download all those pkg.tar.gz which you want to check in there.
then go to ../, create a new directory (e.g. "test") and create those two files:
### unpack.sh
#!/bin/bash
DIRECTORY=`pwd`
cd $DIRECTORY/../arch
for i in *
do
cd $DIRECTORY
mkdir $i
cd $i
tar xvfz $DIRECTORY/../arch/$i
cd $DIRECTORY/../arch
done
### end unpack.sh
### test.sh
#!/bin/bash
DIRECTORY=`pwd`
for a in *
do
depend=0
cd $a
for b in ./bin/* ./sbin/* ./usr/bin/* ./usr/sbin/* ./opt/kde/bin/* ./opt/gnome/bin/* ./usr/X11R6/bin/* ./opt/bin/* ./opt/bittorrent/* ./opt/j2sdk/bin/* ./opt/qt/bin/*
do
ldd $b | grep libssl.so.0.9.6 && depend=1
done
if [ "$depend" == "1" ]
then
echo $a >> $DIRECTORY/dependencies.txt
fi
cd $DIRECTORY
done
### end test.sh
now run unpack and then test and you've got a list in "dependencies.txt" with all those pkgs which contain binaries which need libssl.so.0.9.6
Of course the scripts are everything but perfect! They're just a quick'n'dirty hack
Offline
Pages: 1