Re: [blfs-support] Heartbleed
Would it be best to just restart your system after an upgrade? In the version of the book I have, it said something about an Xorg Server dependency being OpenSSL (thats why I install it right before Xorg). Douglas Reno -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Heartbleed
On Tue, Apr 08, 2014 at 08:55:01PM +0100, Ken Moffat wrote: > On Wed, Apr 09, 2014 at 03:41:16AM +0100, lux-integ wrote: > > > > openssl is a package one generally installs early in the > > distribution-build > > process. To upgrade to say openssl-1.0.1g > > --(a) does one need to yank out the old say openssl-1.0.1 and install the > > new > > 1,0,1g and if so would there not be breakages? OR > > --(b) can one install openssl-1.0.1g over the old version of say > > openssl-1.0.1 ? > > > > advice from anyone on list will be much appreciated > > > > With the instructions used in recent versions of BLFS (in > particular, shared libraries), just drop it over the top. If you > are _serving_ anything which links to openssl then you will need to > bounce those services (i.e. stop them and restart them). For a > desktop, I guess that closing the browser(s) and reopening those > should be sufficient. > > ĸen Whoops, that is badly WRONG. At lwn.net [ thread https://lwn.net/Articles/593683/ - might be subscriber only ] someone suggests running this after the upgrade : grep -l 'libssl.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u (as root) On my current desktop machine that shows the following : root 2206 0.0 0.0 37016 1260 ?Ss Apr06 0:00 /usr/sbin/cupsd -C /etc/cups/cupsd. root 2416 0.0 0.0 27736 512 ?Ss Apr06 0:00 /usr/lib/postfix/master -w postfix 2418 0.0 0.0 27968 668 ?SApr06 0:00 qmgr -l -t unix -u ken 2828 0.0 5.8 1384924 232188 ? Sl Apr06 1:37 /usr/lib/libreoffice/program/soffic So in my desktop case I need to bounce cups and postfix, and also to close my current LO documents. ĸen -- das eine Mal als Tragödie, dieses Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Heartbleed
On Wed, Apr 09, 2014 at 03:41:16AM +0100, lux-integ wrote: > > openssl is a package one generally installs early in the distribution-build > process. To upgrade to say openssl-1.0.1g > --(a) does one need to yank out the old say openssl-1.0.1 and install the > new > 1,0,1g and if so would there not be breakages? OR > --(b) can one install openssl-1.0.1g over the old version of say > openssl-1.0.1 ? > > advice from anyone on list will be much appreciated > With the instructions used in recent versions of BLFS (in particular, shared libraries), just drop it over the top. If you are _serving_ anything which links to openssl then you will need to bounce those services (i.e. stop them and restart them). For a desktop, I guess that closing the browser(s) and reopening those should be sufficient. ĸen -- das eine Mal als Tragödie, dieses Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Heartbleed
Alexey Orishko wrote: > On Wed, Apr 9, 2014 at 4:41 AM, lux-integ wrote: >> openssl is a package one generally installs early in the distribution-build >> process. To upgrade to say openssl-1.0.1g >> --(a) does one need to yank out the old say openssl-1.0.1 and install the >> new >> 1,0,1g and if so would there not be breakages? OR >> --(b) can one install openssl-1.0.1g over the old version of say >> openssl-1.0.1 ? >> >> advice from anyone on list will be much appreciated >> > > If any application was compiled with static openssl library, you have > to recompile app in addition to installing a new shared lib/static. I don't know of any packages in BLFS that use the static libraries by default or our instructions. Some users may, however have done that for themselves. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Heartbleed
On Wed, Apr 9, 2014 at 4:41 AM, lux-integ wrote: > openssl is a package one generally installs early in the distribution-build > process. To upgrade to say openssl-1.0.1g > --(a) does one need to yank out the old say openssl-1.0.1 and install the new > 1,0,1g and if so would there not be breakages? OR > --(b) can one install openssl-1.0.1g over the old version of say > openssl-1.0.1 ? > > advice from anyone on list will be much appreciated > If any application was compiled with static openssl library, you have to recompile app in addition to installing a new shared lib/static. /alexey -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Heartbleed
On Tuesday 08 April 2014 18:02:38 Rob Taylor wrote: > Heartbleed vulnerability > > http://www.openssl.org/news/vulnerabilities.html > > OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable > OpenSSL 1.0.1g is NOT vulnerable > OpenSSL 1.0.0 branch is NOT vulnerable > OpenSSL 0.9.8 branch is NOT vulnerable > > Suggest immediate revision to BLFS 7.5 OpenSSL-1.0.1f > > Thanks, > Robert Taylor openssl is a package one generally installs early in the distribution-build process. To upgrade to say openssl-1.0.1g --(a) does one need to yank out the old say openssl-1.0.1 and install the new 1,0,1g and if so would there not be breakages? OR --(b) can one install openssl-1.0.1g over the old version of say openssl-1.0.1 ? advice from anyone on list will be much appreciated sincerely luxInteg -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
