Re: I installed Openssl 1.1.1k and Ubuntu 20.04 did an upgrade and reverted it back to 1.1.1f. Usually Ubuntu upgrades don’t break it.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(Replying on list to bring this back to the public forum where others can help you)

On 2021-05-21 16:18, Michael McKenney wrote:
It took awhile to run all these commands

Sorry, but you did not state what command and output indicates
that Ubuntu undid your upgrade, what is the output of each of
the following diagnostic commands (after Ubuntu apparently
undid your upgrade).

$ dpkg --status libssl1.1
$ dpkg --status libssl-dev
$ dpkg --status openssl
$ type openssl
$ openssl version -a
$ ls -alF /usr/lib/x86_64-linux-gnu/libssl*
$ ls -alF /usr/locallib/libssl*

Oops, my bad, should have been /usr/local/lib/libssl*

$ ls -alF /usr/local/bin/openssl
$ /usr/local/bin/openssl version -a


Here is the results

$ dpkg --status libssl1.1

sudo dpkg --status libssl1.1

This shouldn't require root privileges, at least on Debian (Ubuntu is a heavily modified Debian).


[sudo] password for michael:

Package: libssl1.1
Status: install ok installed
Priority: optional
Section: libs
Installed-Size: 4027
Maintainer: Ubuntu Developers ubuntu-devel-discuss@xxxxxxxxxxxxxxxx <mailto:ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
Architecture: amd64
Multi-Arch: same
Source: openssl
Version: 1.1.1f-1ubuntu2.4

Ok, go to the Ubuntu website and check which OpenSSL bug fixes are included in Ubuntu OpenSSL 1.1.1f-1ubuntu2.4, or look in the file
/usr/share/doc/libssl1.1/Changelog.Debian.gz

Depends: libc6 (>= 2.25), debconf (>= 0.5) | debconf-2.0
Breaks: isync (<< 1.3.0-2), lighttpd (<< 1.4.49-2), python-boto (<< 2.44.0-1.1), python-httplib2 (<< 0.11.3-1), python-imaplib2 (<< 2.57-5), python3-boto (<< 2.44.0-1.1), python3-imaplib2 (<< 2.57-5)
Description: Secure Sockets Layer toolkit - shared libraries
 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It provides the libssl and libcrypto shared libraries.
Homepage: https://www.openssl.org/
Original-Maintainer: Debian OpenSSL Team pkg-openssl-devel@xxxxxxxxxxxxxxxxxxxxxxx <mailto:pkg-openssl-devel@xxxxxxxxxxxxxxxxxxxxxxx>

$ dpkg --status libssl-dev

sudo dpkg --status libssl-dev


This shouldn't require root privileges, at least on Debian (Ubuntu is a heavily modified Debian).

dpkg-query: package 'libssl-dev' is not installed and no information is available

Use dpkg --info (= dpkg-deb --info) to examine archive files.


Ok, this confirms that you have not installed the OpenSSL development files from Ubuntu.

$ dpkg --status openssl

sudo dpkg --status openssl


This shouldn't require root privileges, at least on Debian (Ubuntu is a heavily modified Debian).

Package: openssl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 1257
Maintainer: Ubuntu Developers ubuntu-devel-discuss@xxxxxxxxxxxxxxxx <mailto:ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
Architecture: amd64
Multi-Arch: foreign
Version: 1.1.1f-1ubuntu2.4
Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.1)
Suggests: ca-certificates
Conffiles:
 /etc/ssl/openssl.cnf fb92a2dab53f11f4f5f22adc5257b553
Description: Secure Sockets Layer toolkit - cryptographic utility
 This package is part of the OpenSSL project's implementation of the SSL
 and TLS cryptographic protocols for secure communication over the
 Internet.
 .
 It contains the general-purpose command line binary /usr/bin/openssl,
 useful for cryptographic operations such as:
   * creating RSA, DH, and DSA key parameters;
   * creating X.509 certificates, CSRs, and CRLs;
   * calculating message digests;
   * encrypting and decrypting with ciphers;
   * testing SSL/TLS clients and servers;
   * handling S/MIME signed or encrypted mail.
Homepage: https://www.openssl.org/
Original-Maintainer: Debian OpenSSL Team pkg-openssl-devel@xxxxxxxxxxxxxxxxxxxxxxx <mailto:pkg-openssl-devel@xxxxxxxxxxxxxxxxxxxxxxx>

Ok, go to the Ubuntu website and check which OpenSSL bug fixes are included in Ubuntu OpenSSL 1.1.1f-1ubuntu2.4, or look in the file
/usr/share/doc/openssl/Changelog.Debian.gz


$ type openssl
openssl is hashed (/usr/local/ssl/bin/openssl)

Ok, this shows that your locally built OpenSSL is still there under
/usr/local/...

$ openssl version -a
OpenSSL 1.1.1k  25 Mar 2021
built on: Thu May 20 12:00:48 2021 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific

michael@ubuntuwpmm1tb:~$

$ ls -alF /usr/lib/x86_64-linux-gnu/libssl*

-rw-r--r-- 1 root root 598104 Apr 27 20:37 /usr/lib/x86_64-linux-gnu/libssl.so.1.1

This shows that the Ubuntu installed OpenSSL was built by Ubuntu on the most recent April 27 (2021-04-27) at 20:37 your timezone.


michael@ubuntuwpmm1tb:~$

$ ls -alF /usr/locallib/libssl*

ls -alF /usr/locallib/libssl*

ls: cannot access '/usr/locallib/libssl*': No such file or directory

$ ls -alF /usr/local/bin/openssl

ls -alF /usr/local/bin/openssl

ls: cannot access '/usr/local/bin/openssl': No such file or directory

$ /usr/local/bin/openssl version -a

/usr/local/bin/openssl version -a

-bash: /usr/local/bin/openssl: No such file or directory



*From:*openssl-users <openssl-users-bounces@xxxxxxxxxxx> *On Behalf Of *Jakob Bohm via openssl-users
*Sent:* Friday, May 21, 2021 10:03 AM
*To:* openssl-users@xxxxxxxxxxx
*Subject:* Re: I installed Openssl 1.1.1k and Ubuntu 20.04 did an upgrade and reverted it back to 1.1.1f. Usually Ubuntu upgrades don’t break it.

On 2021-05-19 19:56, Michael McKenney wrote:

    I installed Openssl 1.1.1k and Ubuntu 20.04 did an upgrade and
    reverted it back to 1.1.1f.   Usually Ubuntu upgrades don’t break it.

    OpenSSL 1.1.1f  31 Mar 2020 (Library: OpenSSL 1.1.1k  25 Mar 2021)

    built on: Thu Apr 29 14:11:04 2021 UTC

    platform: linux-x86_64

    options:  bn(64,64) rc4(16x,int) des(int) blowfish(ptr)

    compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
    -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
    -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
    -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
    -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM
    -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB
    -DNDEBUG

    OPENSSLDIR: "/usr/local/ssl"

    ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"

    Seeding source: os-specific

    How do I change it back to 1.1.1k?  I tried a reinstall.  Didn’t work.

    This is the directions I use to install

    sudo apt-get update && sudo apt-get upgrade

    openssl version -a

    sudo apt install build-essential checkinstall zlib1g-dev -y

    cd /usr/local/src/

    sudo wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz

    sudo tar -xf openssl-1.1.1k.tar.gz

    cd openssl-1.1.1k

    sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl
    shared zlib

    sudo make

    sudo make test

    sudo make install

    cd /etc/ld.so.conf.d/

    sudo vim openssl-1.1.1k.conf

             add    /usr/local/ssl/lib

    sudo ldconfig -v

    sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup

    sudo mv /usr/bin/openssl /usr/bin/openssl.backup

    sudo vim /etc/environment

add PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

                            :/usr/local/games:/usr/local/ssl/bin"

    source /etc/environment

    echo $PATH

    which openssl

    openssl version -a

Sorry, but you did not state what command and output indicates
that Ubuntu undid your upgrade, what is the output of each of
the following diagnostic commands (after Ubuntu apparently
undid your upgrade).

$ dpkg --status libssl1.1
$ dpkg --status libssl-dev
$ dpkg --status openssl
$ type openssl
$ openssl version -a
$ ls -alF /usr/lib/x86_64-linux-gnu/libssl*
$ ls -alF /usr/locallib/libssl*
$ ls -alF /usr/local/bin/openssl
$ /usr/local/bin/openssl version -a




Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux