[Security] OpenSSL Update 08-Jan-2015

Is this the right way to update ?

$ yum install openssl openssl-devel
$ cd /usr/local/directadmin/custombuild/
$ ./build clean
$ ./build update
$ ./build apache
$ ./build php n <---or d ?
$ ./build exim
$ ./build dovecot
$ ./build rewrite_confs
 
Last edited:
The purpose of the recompiles is to ensure they're linking with all updated functions, to the new libraries. I'd actually recommend doing:
Code: 
./build all d
The original purpose of different libraries, back when linking became "a think", was to prevent the need to recompile everything, every time.So you may be just fine to not recompile anything, but as the openssl changes these days are typically security related, it's always going to be safer to do the recompile things that use it.John
 
Do the recompiles also involve updates which in some cases you may not want? If yes, how handle these?

Or if you use shell commands, why not simply update openssl, and restart services or reboot the server?
 
Last edited:
The "./build" recompiles will recompile based on the settings in the options.conf.
If those settings remain unchanged, then doing:
Code: 
./build update
./build all d
./build rewrite_confs
will update everything, but should maintain the same major/minor versions, and only update the patch versions.

For example, if you're using apache 2.2.x, it will give you the latest version of 2.2.x, and won't bump you to 2.4.x, unless 2.4 is set in the options.conf.
There are some minor exceptions to that.. dovecot being the most significant, but everyone should be on 2.x for dovecot anyway.

John
 
You must log in or register to reply here.
Back
Top