(Read my entire saga here.)
I started out updating my CentOS4 x64 system with the CustomBuild script, which went pretty well thanks to the advice of smtalk.
After I had successfully updated most components (Apache, PHP, MySQL, ProFTPD), I decided to try updating OpenSSL and OpenSSH to the latest versions for security reasons and bug fixes.
I wasn't sure of the best way to do this. Although I turned up some very old threads with instructions, I found this update.script and guide, so I decided to try that.
./update.script OPENSSL
./update.script OPENSSH
Both of these completed successfully.
After these, I wanted to use custombuild to rebuild ProFTPD, PHP and Apache.
I tried ./build proftpd but I got this error (the build completed, but there was an error when restarting):
Even after that error, I decided to continue the updates. So I tried custombuild ./build php n. This build stopped with an error:
Because of these errors, I did not try to build Apache, so it may be unable to work with the new Openssl.
So, now I have Openssl 0.9.8h and Openssh 5.1p1 (apparently installed in a different non-standard directory: /usr instead of /usr/local, I think).
Those new versions seem to be working (I can still connect with SSH), but my ProFTPD is now broken and I haven't been able to connect to my server with FTP since last week. PHP will also not rebuild/recompile.
Can anyone please suggest the best method and specfic commands to revert back to my original, older version of OpenSSL 0.9.7a and old OpenSSH, so I can rebuild ProFTPD and PHP without errors?
Of course, I would also like to avoid breaking SSH, so I don't lose access during the process.
Is there a "yum uninstall" type of command that will undo the update.script changes?
Once I have rolled back to my older working versions of OpenSSL and OpenSSH in the standard CentOS4/DirectAdmin paths, is there a better way to make sure that I have the most recent security fixes for OpenSSL and OpenSSH that won't cause errors when building ProFTPD, PHP and Apache2?
Thank you for help.
I started out updating my CentOS4 x64 system with the CustomBuild script, which went pretty well thanks to the advice of smtalk.
After I had successfully updated most components (Apache, PHP, MySQL, ProFTPD), I decided to try updating OpenSSL and OpenSSH to the latest versions for security reasons and bug fixes.
I wasn't sure of the best way to do this. Although I turned up some very old threads with instructions, I found this update.script and guide, so I decided to try that.
./update.script OPENSSL
./update.script OPENSSH
Both of these completed successfully.
After these, I wanted to use custombuild to rebuild ProFTPD, PHP and Apache.
I tried ./build proftpd but I got this error (the build completed, but there was an error when restarting):
Code:
cd include/ && make install
make[1]: Entering directory `/usr/local/directadmin/custombuild/proftpd-1.3.1/include'
make[1]: Leaving directory `/usr/local/directadmin/custombuild/proftpd-1.3.1/include'
test -z """" || (cd locale/ && make install)
Done proftpd.
Restarting ProFTPd.
Shutting down proftpd: [ OK ]
Starting proftpd: - mod_tls/2.1.2: compiled using OpenSSL version 'OpenSSL 0.9.8h 28 May 2008' headers, but linked to OpenSSL version 'OpenSSL 0.9.7a Feb 19 2003' library
- Fatal: unable to load module 'mod_tls.c': Operation not permitted
[FAILED]Even after that error, I decided to continue the updates. So I tried custombuild ./build php n. This build stopped with an error:
Code:
Zend/zend_execute_API.lo Zend/zend_highlight.lo Zend/zend_llist.lo Zend/zend_opcode.lo Zend/zend_operators.lo Zend/zend_ptr_stack.lo Zend/zend_stack.lo Zend/zend_variables.lo Zend/zend.lo Zend/zend_API.lo Zend/zend_extensions.lo Zend/zend_hash.lo Zend/zend_list.lo Zend/zend_indent.lo Zend/zend_builtin_functions.lo Zend/zend_sprintf.lo Zend/zend_ini.lo Zend/zend_qsort.lo Zend/zend_multibyte.lo Zend/zend_strtod.lo Zend/zend_execute.lo sapi/cli/php_cli.lo sapi/cli/getopt.lo main/internal_functions_cli.lo -lcrypt -lcrypt -lmysqlclient -lmhash -lmcrypt -lltdl -liconv -lfreetype -lpng -lz -ljpeg -lcurl -lz -lssl -lcrypto -lresolv -lm -ldl -lnsl -lcurl -lcrypt -lcrypt -o sapi/cli/php
ext/openssl/openssl.lo(.text+0x5c31): In function `zif_openssl_seal':
/usr/local/directadmin/custombuild/php-4.4.8/ext/openssl/openssl.c:2885: undefined reference to `EVP_CIPHER_CTX_block_size'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1Because of these errors, I did not try to build Apache, so it may be unable to work with the new Openssl.
So, now I have Openssl 0.9.8h and Openssh 5.1p1 (apparently installed in a different non-standard directory: /usr instead of /usr/local, I think).
Those new versions seem to be working (I can still connect with SSH), but my ProFTPD is now broken and I haven't been able to connect to my server with FTP since last week. PHP will also not rebuild/recompile.
Can anyone please suggest the best method and specfic commands to revert back to my original, older version of OpenSSL 0.9.7a and old OpenSSH, so I can rebuild ProFTPD and PHP without errors?
Of course, I would also like to avoid breaking SSH, so I don't lose access during the process.
Is there a "yum uninstall" type of command that will undo the update.script changes?
Once I have rolled back to my older working versions of OpenSSL and OpenSSH in the standard CentOS4/DirectAdmin paths, is there a better way to make sure that I have the most recent security fixes for OpenSSL and OpenSSH that won't cause errors when building ProFTPD, PHP and Apache2?
Thank you for help.
