← Back to context

Comment by spatten

12 years ago

I'm totally confused by this. I'm running ubuntu LTS 12.04 and did

    sudo aptitude update
    sudo aptitude upgrade openssl

and then ran

    openssl version -a

and got the same results as you. How can it be built on January 8th if the patch was just made today?

[EDIT] running

    sudo aptitude upgrade

upgraded properly and now I'm getting a version that was compiled earlier today. I'm guessing I needed to update another package as well. Probably `libssl`?

3 comments

spatten

Reply
benmmurphy  12 years ago

upgrade will work because it updates libssl1.0.0 which is the package you want upgraded :) Openssl is the command line package and libssl1.0.0 is the library. i was able to upgrade openssl without upgrading libssl1.0.0.

  ben@ip-10-0-0-76:~$ dpkg -s libssl1.0.0 |grep Version
  Version: 1.0.1e-3ubuntu1

  ben@ip-10-0-0-76:~$ dpkg -s openssl |grep Version
  Version: 1.0.1e-3ubuntu1

  ben@ip-10-0-0-76:~$ sudo apt-get install openssl
  ...
  ben@ip-10-0-0-76:~$ dpkg -s libssl1.0.0 |grep Version
  Version: 1.0.1e-3ubuntu1

  ben@ip-10-0-0-76:~$ dpkg -s openssl |grep Version
  Version: 1.0.1e-3ubuntu1.2

  ben@ip-10-0-0-76:~$ openssl version -a
  OpenSSL 1.0.1e 11 Feb 2013
  built on: Mon Jul 15 12:44:45 UTC 2013
  platform: debian-amd64
  options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
  compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
  OPENSSLDIR: "/usr/lib/ssl"

  ben@ip-10-0-0-76:~$ sudo apt-get install libssl1.0.0

  ben@ip-10-0-0-76:~$ dpkg -s libssl1.0.0 |grep Version
  Version: 1.0.1e-3ubuntu1.2

  ben@ip-10-0-0-76:~$ openssl version -a
  OpenSSL 1.0.1e 11 Feb 2013
  built on: Mon Apr  7 20:33:19 UTC 2014
  platform: debian-amd64
  options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
  compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
  OPENSSLDIR: "/usr/lib/ssl"

i wonder how many people will do apt-get update openssl and assume they have fixed it

  • spatten  12 years ago

    Thank you. That makes more sense now.

    I'm guessing that tons of people will run into this. I bet a blog post would get you some traffic... :)

andrewaylett  12 years ago

The package is called libssl1.0.0 -- it holds the shared libraries, while the openssl package contains utilities.