| 1 |
Anthony Metcalf wrote: |
| 2 |
> On Fri, 19 Mar 2004 11:22:17 +0100 |
| 3 |
> Marc Ballarin <Ballarin.Marc@×××.de> wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
> |
| 7 |
>>However packages that statically include openssl ("static" useflag) |
| 8 |
>>contain the version used at build time. Those packages will continue |
| 9 |
>>working, but remain vulnerable unless rebuilt. |
| 10 |
> |
| 11 |
> |
| 12 |
> Ok , so to be really annoying, this is the list of installed software |
| 13 |
> that has the ssl use flag, which if any would need updating? Or how can |
| 14 |
> I find out? |
| 15 |
> |
| 16 |
> dev-lang/python-2.3.3 |
| 17 |
> net-misc/wget-1.9-r2 |
| 18 |
> net-mail/fetchmail-6.2.3 |
| 19 |
> dev-db/mysql-4.0.17 |
| 20 |
> dev-libs/cyrus-sasl-2.1.14 |
| 21 |
> net-nds/openldap-2.1.26 |
| 22 |
> net-mail/postfix-2.0.19 |
| 23 |
> net-libs/libwww-5.4.0-r2 |
| 24 |
> net-libs/c-client-2002e-r2 |
| 25 |
> dev-php/mod_php-4.3.4-r4 |
| 26 |
> dev-php/php-4.3.4-r4 |
| 27 |
> net-www/links-2.1_pre11 |
| 28 |
> net-print/cups-1.1.20 |
| 29 |
> net-mail/mutt-1.5.6 |
| 30 |
> net-misc/ntp-4.1.2 |
| 31 |
> net-fs/samba-2.2.8a |
| 32 |
> net-www/lynx-2.8.4.1d-r1 |
| 33 |
> |
| 34 |
> From that I wont bother about client only apps, wget fetchmail etc, but |
| 35 |
> postfix, cyrus, mod-php, are all internet facing. |
| 36 |
> I got this list from |
| 37 |
> # emerge -epDv world | grep +ssl > sslthings.txt |
| 38 |
|
| 39 |
But there may be packages that doesn't have the ssl useflag set, but |
| 40 |
instead depend on ssl. To find installed packages depending on openssl, run: |
| 41 |
qpkg -I -q openssl |
| 42 |
|
| 43 |
Both lists may contain packages that is not in the other list. |
| 44 |
|
| 45 |
revdep-rebuld can be used to recompile those that use openssl dynamicly, |
| 46 |
but not staticly. |
| 47 |
|
| 48 |
I say we need a new method to keep track of this. |
| 49 |
|
| 50 |
/Johan Andersson |
| 51 |
|
| 52 |
-- |
| 53 |
gentoo-security@g.o mailing list |
Archives