Created
April 11, 2014 21:18
-
-
Save robbyt/10502435 to your computer and use it in GitHub Desktop.
Heartbleed fix - rebuild openssl for Ubuntu Raring 13.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| mkdir sslfix | |
| cd sslfix | |
| wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1e-3ubuntu1.2.dsc | |
| wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1e.orig.tar.gz | |
| wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1e-3ubuntu1.2.debian.tar.gz | |
| sudo apt-get build-dep openssl | |
| dpkg-source -x openssl_1.0.1e-3ubuntu1.2.dsc | |
| cd openssl-1.0.1e/ | |
| dpkg-buildpackage -us -uc |
i'm confused. aren't any packages on your 13.04 server still linked to the old version of the lib, thus still vulnerable unless you recompile them from source as well?
@uweschaefer this depends on how the packages were built. OS-provided packages are dynamically linked, but some 3rd party packages (like the official Nginx packages) are statically linked. I touched on this here: http://pkgfarm.tumblr.com/post/89383090906/the-problem-with-software-packaging
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CloudFlare has announced Heartbleed may not allow access to those private keys after all.