Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: edb on March 24, 2015, 08:39:47 PM

Title: SME Server 8x - Latest OpenSSL version
Post by: edb on March 24, 2015, 08:39:47 PM

Can anyone tell me if there is a more recent version of OpenSSL available as my current version is still "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008".
There must be some update given all the attention lately.
Is a specific update available via yum and if so what is the name of the package?
Thanks

-edb

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: Daniel B. on March 24, 2015, 09:12:54 PM

SME 8 is based on RHEL 5, and openssl is 0.9.8e and will stay at this version. Important security fixes are backported by Red Hat. As long as you update your server from time to time (either from the server-manager or using yum) you're safe.

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: janet on March 24, 2015, 09:21:16 PM

edb

To get latest available packages
At command prompt do
yum update

Are your repos configured correctly ?
show output of
db yum_repositories show

Look at latest rpms for 32bit
http://distro.ibiblio.org/smeserver/releases/8/smeupdates/i386/RPMS/
It shows
openssl-0.9.8e-32.1.el5.sme.i386.rpm

On my sme8.1 server

rpm -qi openssl

Name        : openssl                      Relocations: (not relocatable)
Version     : 0.9.8e                            Vendor: Contribs.org <http://contribs.org>
Release     : 32.1.el5.sme                  Build Date: Thu 15 Jan 2015 07:55:46 PM AEDT
Install Date: Thu 12 Feb 2015 06:08:54 PM AEDT      Build Host: builder.koozali.org
Group       : System Environment/Libraries   Source RPM: openssl-0.9.8e-32.1.el5.sme.src.rpm
Size        : 3859775                          License: BSDish
Signature   : DSA/SHA1, Thu 15 Jan 2015 08:43:40 PM AEDT, Key ID 3d7205081e9c9308
Packager    : Contribs.org <http://contribs.org>
URL         : http://www.openssl.org/
Summary     : The OpenSSL toolkit
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: edb on March 24, 2015, 09:33:59 PM

Thank you for the info Daniel and Janet.
I do see that rpm you mentioned Janet and will go ahead and install it.
Thanks again.

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: janet on March 24, 2015, 09:41:08 PM

edb

You should be installing ALL available updates (packages).
Running the command
yum update
should do that unless your repos are configured incorrectly.
Please show the output I requested.

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: edb on March 24, 2015, 10:02:52 PM

Hi Janet,

I have been holding off on the updates simply due to the fact that a 3rd party highly important app that we depend on cannot have php upgraded without causing me issues. I could I guess selectively deselect anything marked PHP and upgrade everything else but from experience I tried this once before and it did end up installing something that I did not expect and I had to scramble to get things going again. As a result I have been reluctant to update anything.
If I unselected any php- related updates maybe I could still do an update of all other components to bring me from version 8 to 8.1 or the latest.
Would you have any comment on this and any updates related to php that could cause issues for me if I were to go ahead and install the updates.

Thanks

-edb

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: edb on March 24, 2015, 10:13:53 PM

Here is the output requested.

[root@ ~]# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

[root@ ~]# rpm -qi openssl
Name        : openssl                      Relocations: (not relocatable)
Version     : 0.9.8e                            Vendor: Contribs.org <http://con
tribs.org>
Release     : 32.1.el5.sme                  Build Date: Thu 15 Jan 2015 02:55:46
 AM CST
Install Date: Tue 24 Mar 2015 03:36:12 PM CDT      Build Host: builder.koozali.o
rg
Group       : System Environment/Libraries   Source RPM: openssl-0.9.8e-32.1.el5
.sme.src.rpm
Size        : 3859775                          License: BSDish
Signature   : DSA/SHA1, Thu 15 Jan 2015 03:43:40 AM CST, Key ID 3d7205081e9c9308
Packager    : Contribs.org <http://contribs.org>
URL         : http://www.openssl.org/
Summary     : The OpenSSL toolkit
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

[root@ ~]# db yum_repositories show
addons=repository
    EnableGroups=no
    GPGCheck=yes
    MirrorList=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&
repo=addons
    Name=CentOS - addons
    Visible=no
    status=disabled
base=repository
    EnableGroups=no
    Exclude=initscripts,libgsf
    GPGCheck=yes
    MirrorList=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&
repo=os
    Name=CentOS - os
    Visible=yes
    status=enabled
centosplus=repository
    EnableGroups=no
    GPGCheck=yes
    MirrorList=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&
repo=centosplus
    Name=CentOS - centosplus
    Visible=no
    status=disabled
contrib=repository
    EnableGroups=no
    GPGCheck=yes
    MirrorList=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&
repo=contrib
    Name=CentOS - contrib
    Visible=no
    status=disabled
extras=repository
    EnableGroups=no
    GPGCheck=yes
    MirrorList=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&
repo=extras
    Name=CentOS - extras
    Visible=no
    status=disabled
sme7contribs=repository
    GPGCheck=yes
    MirrorList=http://distro.ibiblio.org/pub/linux/distributions/smeserver/mirro
rlist/smecontribs-7
    Name=SME 7 - contribs
    Visible=no
    status=disabled
smeaddons=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeaddons-8
    Name=SME Server - addons
    Visible=yes
    status=enabled
smecontribs=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smecontribs-8
    Name=SME Server - contribs
    Visible=yes
    status=enabled
smedev=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smedev-8
    Name=SME Server - dev
    Visible=no
    status=disabled
smeextras=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeextras-8
    Name=SME Server - extras
    Visible=yes
    status=enabled
smeos=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeos-8
    Name=SME Server - os
    Visible=yes
    status=enabled
smetest=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smetest-8
    Name=SME Server - test
    Visible=no
    status=disabled
smeupdates=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeupdates-8
    Name=SME Server - updates
    Visible=yes
    status=enabled
smeupdates-testing=repository
    EnableGroups=yes
    GPGCheck=yes
    MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeupdates-testing-8
    Name=SME Server - updates testing
    Visible=yes
    status=disabled
updates=repository
    EnableGroups=no
    Exclude=initscripts,libgsf
    GPGCheck=yes
    MirrorList=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&
repo=updates
    Name=CentOS - updates
    Visible=yes
    status=enabled
[root@ ~]#

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: Stefano on March 25, 2015, 12:10:18 AM

I remember something similar some time ago..

"external" and "internal" rpm version didn't match..

IIRC, it's a upstream choiche

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: janet on March 25, 2015, 12:11:25 AM

edb

Well that makes it difficult to upgrade & I have no solution for you re sme8 or 8.1.

Previously the generally accepted approach was to run an additional install of sme server in a virtual server environment with only that php version dependant app installed.

My suggestion is to upgrade to sme9, then use software collections to allow you to have different versions of php & whatever else installed, to suit both the base system stability, & the apps requirement for a certain version of php.
Probably though you will run into even newer php versions issues.

The real answer is to get the app updated.

PS You have the smecontribs repo enabled, which is not necessarily a good idea, as contribs will be upgraded when doing a general yum update. Normally & historically, it has been advised to have it disabled, & use command line switches to upgrade contribs one at a time ie
yum update --enablerepo=smecontribs reponame

Title: Re: SME Server 8x - Latest OpenSSL version
Post by: edb on March 25, 2015, 03:22:12 AM

I agree Janet ... best to have the developer update the app but I'm still waiting for that to happen and I was told to hold to PHP v5.2.10 with ZEND v3.3.9 and MYSQL v5.0.95 until further notice. Appears to be a lot of work in coding to make it compatible with the new structure of the newer versions of PHP and ZEND.

At least it appears that I do have the latest OpenSSL installed now.
Thank for the tip regarding the smecontribs repo as I will disable that one now.

If I remember right I think it was the smeserver-support update that mucked things up for me but I may be wrong.
I don't recall what the contents of that update contains and if it had something to do with php even though I had deselected all php updates.
Theoretically, just excluding the php and mysql module updates should allow for the upgrade to 8.1 but I'm just not confident enough to give it a try.

Thanks!

-edb