and got the same results as you. How can it be built on January 8th if the patch was just made today?
[EDIT] running
sudo aptitude upgrade
upgraded properly and now I'm getting a version that was compiled earlier today. I'm guessing I needed to update another package as well. Probably `libssl`?
upgrade will work because it updates libssl1.0.0 which is the package you want upgraded :)
Openssl is the command line package and libssl1.0.0 is the library. i was able to upgrade openssl without upgrading libssl1.0.0.
ben@ip-10-0-0-76:~$ dpkg -s libssl1.0.0 |grep Version
Version: 1.0.1e-3ubuntu1
ben@ip-10-0-0-76:~$ dpkg -s openssl |grep Version
Version: 1.0.1e-3ubuntu1
ben@ip-10-0-0-76:~$ sudo apt-get install openssl
...
ben@ip-10-0-0-76:~$ dpkg -s libssl1.0.0 |grep Version
Version: 1.0.1e-3ubuntu1
ben@ip-10-0-0-76:~$ dpkg -s openssl |grep Version
Version: 1.0.1e-3ubuntu1.2
ben@ip-10-0-0-76:~$ openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Jul 15 12:44:45 UTC 2013
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
ben@ip-10-0-0-76:~$ sudo apt-get install libssl1.0.0
ben@ip-10-0-0-76:~$ dpkg -s libssl1.0.0 |grep Version
Version: 1.0.1e-3ubuntu1.2
ben@ip-10-0-0-76:~$ openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:33:19 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
i wonder how many people will do apt-get update openssl and assume they have fixed it
I got a "security warning" update when I logged in to the server (good), ran apt-get and installed, did openssl version, got the string as noted above (which seemed just a tad out of date).
So... I built and installed from source, and got... the same string.
@stormbrew is correct about ubuntu, use -a or -v -b
I'm totally confused by this. I'm running ubuntu LTS 12.04 and did
and then ran
and got the same results as you. How can it be built on January 8th if the patch was just made today?
[EDIT] running
upgraded properly and now I'm getting a version that was compiled earlier today. I'm guessing I needed to update another package as well. Probably `libssl`?
upgrade will work because it updates libssl1.0.0 which is the package you want upgraded :) Openssl is the command line package and libssl1.0.0 is the library. i was able to upgrade openssl without upgrading libssl1.0.0.
i wonder how many people will do apt-get update openssl and assume they have fixed it
1 reply →
The package is called libssl1.0.0 -- it holds the shared libraries, while the openssl package contains utilities.
As far as I can tell, on ubuntu this reports "OpenSSL 1.0.1 14 Mar 2012" for all ubuntu versions, including the fixed one.
With "openssl version -a" you can see the built time.
Same here.
I got a "security warning" update when I logged in to the server (good), ran apt-get and installed, did openssl version, got the string as noted above (which seemed just a tad out of date).
So... I built and installed from source, and got... the same string.
Annoying.
My Linux Mint machine (based on 13.10) went from 1.0.1e Feb 2014 to 1.01 Mar 2012 int the last 2 hours, so that's definitely new.
I think someone screwed up on the version string big time.
try: dpkg -s openssl