James K
2003-09-24, 02:02 AM CDT
I've been tasked with upgrading bind to 9.2.2-P2 on our 7.3 servers
(which just became outdated acc'd to ISC's site). Installing bind requires
openssl 0.9.6e or greater, while the latest that redhat offers is 0.9.6b
(with the current set of security patches applied). I've gotten into so
many circles with this one that it will likely be hard to explain all the
problems I've had (but I can easily be shut up with a few spec files if
you've got 'em)
A few issues:
/lib/libcrypto.so.2 and /lib/libssl.so.2 are not owned by any package, but
are required by a lot of very crucial packages. Tweaking the spec from
openssl 0.9.6b (removing the references to patches, changing the version)
creates rpms that do not contain the previously mentioned softlinks to the
..so.2's, so they couldn't be installed. Tweaking the specs to create new
softlinks to the upgraded shared libs fails with the same errors:.
Small sample:
libcrypto.so.2 is needed by tcpdump-3.6.3-17.7.3.3
libssl.so.2 is needed by openldap-2.0.23-4
+ 20 lines similar to these
Ugh. Knowing that we've got all the security patches applied to 0.9.6b
anyway, I decided to screw openssl to the wall and just upgrade bind.
Tweaking the specs given with the previous srpm of bind, I was able to
compile the bind rpm. But even with AutoReqProv: no, it has decided to
claim openssl 0.9.7 as a dependency. How did that sneak in, and is it
likely to fry the system if I force/nodeps it?
(which just became outdated acc'd to ISC's site). Installing bind requires
openssl 0.9.6e or greater, while the latest that redhat offers is 0.9.6b
(with the current set of security patches applied). I've gotten into so
many circles with this one that it will likely be hard to explain all the
problems I've had (but I can easily be shut up with a few spec files if
you've got 'em)
A few issues:
/lib/libcrypto.so.2 and /lib/libssl.so.2 are not owned by any package, but
are required by a lot of very crucial packages. Tweaking the spec from
openssl 0.9.6b (removing the references to patches, changing the version)
creates rpms that do not contain the previously mentioned softlinks to the
..so.2's, so they couldn't be installed. Tweaking the specs to create new
softlinks to the upgraded shared libs fails with the same errors:.
Small sample:
libcrypto.so.2 is needed by tcpdump-3.6.3-17.7.3.3
libssl.so.2 is needed by openldap-2.0.23-4
+ 20 lines similar to these
Ugh. Knowing that we've got all the security patches applied to 0.9.6b
anyway, I decided to screw openssl to the wall and just upgrade bind.
Tweaking the specs given with the previous srpm of bind, I was able to
compile the bind rpm. But even with AutoReqProv: no, it has decided to
claim openssl 0.9.7 as a dependency. How did that sneak in, and is it
likely to fry the system if I force/nodeps it?