Broken openssl update for CentOS 7 - has been held

General support questions
Post Reply
User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Broken openssl update for CentOS 7 - has been held

Post by TrevorH » 2022/01/14 14:53:00

Please note that CentOS has built and will push the new openssl update for RHEL 7 - openssl-1.0.2k-23.el7_9.x86_64. This is to make sure we have the same updates available as there are for RHEL 7 but this update is BROKEN and I would recommend avoiding it. With this applied, apache httpd and the SCL vrsions of nginx that depend on openssl will crash, often. The version of nginx shipped by EPEL is not affected as it uses openssl11 from EPEL instead.

The brokenness is known and acknowledged upstream - see https://access.redhat.com/solutions/6637201
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: Broken openssl update for CentOS 7 - avoid

Post by tunk » 2022/01/14 16:08:44

Temporarily disabled by adding this to /etc/yum.conf:
exclude=openssl*
Please let us know when it is fixed.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Broken openssl update for CentOS 7 - has been held

Post by TrevorH » 2022/01/14 16:12:28

It has been decided that this update will not be pushed by CentOS until upstream release a fixed version. At that point the new version will be built and tested and if it passes those tests, then both the broken version and the superceding fixed version will be pushed. That will keep the same updates available for CentOS as for RHEL but the broken version will just be a "bit late"!
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Broken openssl update for CentOS 7 - has been held

Post by TrevorH » 2022/01/27 18:45:27

Since the replacement package is out and the broken one is now hidden by the new one, I have "unstickied" this topic as it's no longer required.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply