Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: Sparkey on October 17, 2014, 04:31:17 PM
-
Hi everyone,
Yum notified me of an available update OpenSSL-perl.x86_64 0.9.8e-31.el5_11 that is available.
However when I try to update I get an error:
Error: Missing Dependency: openssl = 0.9.8e-31.el5_11 is needed
When I looked thru my installed packages I noticed that openSSL.x86_64 0.9.8e-28 is installed. I am assuming that that package needs to be updated as well to the 0.9.8e-31 version. However I only see a devel package with that version listed....
Will installing the package OpenSSL-devel 0.9.8e-31.el5_11 fix this dependency issue ?
Mark
-
Hi,
I've got the same issue on a SME8 box. It looks like OpenSSL-perl is ahead of OpenSSL itself. Installing OpenSSL-devel is not recommended for it is not required for normal operations. It won't solve the issue.
guest
Bug reported:
http://bugs.contribs.org/show_bug.cgi?id=8606 (http://bugs.contribs.org/show_bug.cgi?id=8606)
-
Hi,
I've got the same issue on a SME8 box. It looks like OpenSSL-perl is ahead of OpenSSL itself. Installing OpenSSL-devel is not recommended for it is not required for normal operations. It won't solve the issue.
guest
Bug reported:
http://bugs.contribs.org/show_bug.cgi?id=8606 (http://bugs.contribs.org/show_bug.cgi?id=8606)
Thanks for confirming. I checked with RedHat and Centos and it looks like a security update started syncing on the 16th. I imagine the perl library synced prior to the openssl update.
see http://lists.centos.org/pipermail/centos-announce/2014-October/020696.html for the notification.
I would imagine we will see the OpenSSL version update shortly.
Mark
FYI - This update adds TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks.
-
The issue is now recognized and is being discussed. Yum update may fail on SME8 servers due to this issue, especially if your server has the openssl-perl package installed.
It is recommended NOT to try to 'fix' things with workarounds.
Please be patient while devs are investigating the issue and the best approach to resolve this.
-
The Centos 'updates' repository includes openssl-devel-0.9.8e-31.
The 'smeupdates' repository includes openssl-devel-0.9.8e-28.
The default repo declaration for the Centos 'updates' repo excludes 'openssl', forcing SME to use openssl from the 'smeupdates' repo.
If you have installed (...the unsupported package...) openssl-devel, you will need to exclude that, too, from the 'updates' repo.
View your current updates repo:db yum_repositories show updates
Add 'openssl-devel' to Excludes if it isn't already there:db yum_repositories setprop updates Exclude $(db yum_repositories getprop updates Exclude),openssl-devel
expand-template /etc/yum.smerepos.d/sme-base.repo
When openssl is updated in 'smeupdates', openssl-devel will now update from the same location
-
... I notice that 'openssl-perl' is also included in 'smeupdates' -- and probably, therefore, needs to be added to the 'Exclude' declaration for the Centos 'updates' repo. Perhaps (I defer to more knowledgeable folks here) the default Exclusion for 'updates' should use 'openssl*' instead of 'openssl'.
-
It is recommended NOT to try to 'fix' things with workarounds.
Please be patient while devs are investigating the issue and the best approach to resolve this.
mmccarn, please take note of the above, and 1) be patient and 2) please refrain from suggesting that people modify their systems.
-
Daniel has fixed.
Take a look to http://bugs.contribs.org/show_bug.cgi?id=8606 (http://bugs.contribs.org/show_bug.cgi?id=8606) for instructions if you need an immediate resolution; otherwise in netx days/weeks the update will be available thru smeupdate.
Nicola
Addendum: now update available in repos