[openssl-users] How to find patches for a particular OpenSSL version?

Jakob Bohm jb-openssl at wisemo.com
Thu Apr 23 19:16:38 UTC 2015

On 23/04/2015 01:27, Salz, Rich wrote:
>> I am currently using openssl 1.0.1e (compiling from source), and I was wondering whether I needed to put in any patch files with it as well. Does anybody know? Let's assume I can't just use a later version's tarball.
> There are no patch files.  Letter releases, 1.0.1f, 1.0.1g, etc., are only bugfixes.  You could read through the commit log, find which changes fixed bugs that you care about, get those commits, and apply them by hand.  Ugh.  That's going to take a very long time.
> You should reconsider your assumption.
Note however, that the Debian project, as a matter of
policy, does this for *all* the software they ship,
including OpenSSL 1.0.1e in wheezy.   And it is probably
a lot of work, made infinitely more difficult by the
"not my style" wholesale reformatting of the latest
1.0.1 tarball.

On the bad side, the patch work Debian does is specific
to their OS, and has on at least one occasion introduced
a major security flaw not in the official project.

On the good side, there is no particular reason to take
Mr. Salz advise in these matters, as he seems to be the
project member with the least understanding of what
other people need from the project.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list