El 15/04/14 11:04, andreil1 escribió:
Hi,
I have an old OpenSuSE 12.1 which is quite difficult to upgrade due to very complex setup.
In order to upgrade to the latest OpenSSL without Heartbleed bug, I had used this repository: http://download.opensuse.org/repositories/home:/aljex/openSUSE_12.1/
However, after upgrade BIND stopped working, with message:
Apr 15 15:19:31 SRV named[2463]: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(/usr/lib/engines/libgost.so): /usr/lib/engines/libgost.so: cannot open shared object file: No such file or directory Apr 15 15:19:31 SRV named[2463]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: Apr 15 15:19:31 SRV named[2463]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: Apr 15 15:19:31 SRV named[2463]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:418:id=gost Apr 15 15:19:31 SRV named[2463]: initializing DST: crypto failure Apr 15 15:19:31 SRV named[2463]: exiting (due to fatal error) Apr 15 15:19:31 SRV named[1722]: Starting name server BIND ..failed
Looks like CryptoDev module can't be loaded anymore. Additionally, there seem to be a problem with Apache / PHP.
Anyone have any idea about upgrade path? Apart from OpenSSL / ssh packages, what else need to be upgraded / installed ?
You need to revert your openSSL version with the one included in your distribution version. You upgraded (partially, apparently) openSSL 1.0.0x to 1.0.1x even though it is not needed to patch heartbleed. as you can see, that won't work. Also there is no binary compatibility promise between different openSSL branches (1.0.0x and 1.0.1x are different code streams) oh.. such promise also does not exist within openSUSE major releases, neither across distributions. i.e openSSL from Debian,Fedora, SUSE all enable or disable different features making the resulting libraries incompatible. Something has to be done about it, but you have to think 20 times before touching anything there, it an scary old dinosaur from the build system up,like playing Russian roulette but with code. ;-D -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org