[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSL 1.1.0c security update required
From: |
Ludovic Courtès |
Subject: |
Re: OpenSSL 1.1.0c security update required |
Date: |
Sat, 12 Nov 2016 12:21:44 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> OpenSSL 1.1.0c was released today. It fixes CVE-2016-{7053,7054,7055}:
>
> https://www.openssl.org/news/secadv/20161110.txt
>
> This version of OpenSSL is *not* currently used by any packages, so it's
> not a critical "drop everything and get to work" update, in my opinion.
I agreed, good for us. ;-)
> They changed how library runpaths are recorded at build time, and so our
> packaging no longer works:
>
> https://github.com/openssl/openssl/pull/1699
I would expect ld-wrapper to do the right thing regardless of what
OpenSSL’s build system does, no?
Thanks,
Ludo’.