Skip to content

Instantly share code, notes, and snippets.

@robbyt
Created April 11, 2014 21:18
Show Gist options
  • Save robbyt/10502435 to your computer and use it in GitHub Desktop.
Save robbyt/10502435 to your computer and use it in GitHub Desktop.
Heartbleed fix - rebuild openssl for Ubuntu Raring 13.04
#!/bin/bash
mkdir sslfix
cd sslfix
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1e-3ubuntu1.2.dsc
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1e.orig.tar.gz
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1e-3ubuntu1.2.debian.tar.gz
sudo apt-get build-dep openssl
dpkg-source -x openssl_1.0.1e-3ubuntu1.2.dsc
cd openssl-1.0.1e/
dpkg-buildpackage -us -uc
@derekdickerson
Copy link

CloudFlare has announced Heartbleed may not allow access to those private keys after all.

@uweschaefer
Copy link

i'm confused. aren't any packages on your 13.04 server still linked to the old version of the lib, thus still vulnerable unless you recompile them from source as well?

@robbyt
Copy link
Author

robbyt commented Jun 20, 2014

@uweschaefer this depends on how the packages were built. OS-provided packages are dynamically linked, but some 3rd party packages (like the official Nginx packages) are statically linked. I touched on this here: http://pkgfarm.tumblr.com/post/89383090906/the-problem-with-software-packaging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment