“Openssl heartbleed”的版本间差异
跳到导航
跳到搜索
(以“*Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. And its advised to upgrade to OpenSSL 1.0.1g ( https://www.openssl.org/...”为内容创建页面) |
无编辑摘要 |
||
| 第1行: | 第1行: | ||
*Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. |
*Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. |
||
:upgrade to OpenSSL 1.0.1g[https://www.openssl.org/source/openssl-1.0.1g.tar.gz] |
|||
:or recompile affected versions with the option -DOPENSSL_NO_HEARTBEATS. |
|||
*在没有升级包的系统上,可以选择自己重新编译openssl |
*在没有升级包的系统上,可以选择自己重新编译openssl |
||
$ yum groupinstall rpmdevtools |
|||
$ yum groupinstall rpmdevtools $ yumdownloader --source openssl $ rpm -ivh ./openssl*.src.rpm $ nano ~/rpmbuild/SPECS/openssl.spec --- replace a line like: Release: 1%{?dist} --- with something like: Release: 1%(?dist}.heartbleed --- replace a line like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack" --- with something like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DOPENSSL_NO_HEARTBEATS" $ rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec $ i386 rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec # execute it only if on x86_64 $ rpm -Fvh ~/rpmbuild/RPMS/*/openssl*.rpm |
|||
$ yumdownloader --source openssl |
|||
$ rpm -ivh ./openssl*.src.rpm |
|||
$ nano ~/rpmbuild/SPECS/openssl.spec |
|||
--- replace a line like: Release: 1%{?dist} |
|||
--- with something like: Release: 1%(?dist}.heartbleed |
|||
--- replace a line like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack" |
|||
--- with something like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DOPENSSL_NO_HEARTBEATS" |
|||
$ rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec |
|||
$ i386 rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec # execute it only if on x86_64 |
|||
$ rpm -Fvh ~/rpmbuild/RPMS/*/openssl*.rpm |
|||
2014年4月16日 (三) 03:29的最新版本
- Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
- upgrade to OpenSSL 1.0.1g[1]
- or recompile affected versions with the option -DOPENSSL_NO_HEARTBEATS.
- 在没有升级包的系统上,可以选择自己重新编译openssl
$ yum groupinstall rpmdevtools
$ yumdownloader --source openssl
$ rpm -ivh ./openssl*.src.rpm
$ nano ~/rpmbuild/SPECS/openssl.spec
--- replace a line like: Release: 1%{?dist}
--- with something like: Release: 1%(?dist}.heartbleed
--- replace a line like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
--- with something like: RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DOPENSSL_NO_HEARTBEATS"
$ rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec
$ i386 rpmbuild -ba ~/rpmbuild/SPECS/openssl.spec # execute it only if on x86_64
$ rpm -Fvh ~/rpmbuild/RPMS/*/openssl*.rpm