Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 04-16-2014, 03:40 AM   #1
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 712

Rep: Reputation: 39
OpenSSL Heartbleed and my old Slackware 12

I read recently about OpenSSL security bug.
I have checked me very old Slackware 12.0.0 installation.

OpenSSL version there is:
# openssl version
OpenSSL 0.9.8e 23 Feb 2007
According to OpenSSL Security Advisory - TLS heartbeat read overrun (CVE-2014-0160), previous versions (1.0.0 branch and older) are not vulnerable.

Nevertheless I would like to update my OpenSSL to the latest version.
I guess there is no package update for Slackware 12.
So, I was thinking to compile the latest one from sources. Does anyone know any guide how to do that ?

Last edited by czezz; 04-16-2014 at 08:39 AM.
Old 04-16-2014, 04:21 AM   #2
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled

Upgrading to either the 1.0.0 or 1.0.1 branches will not be pain-free. There will be re-compiling of many other packages
involved so be sure that is what you want. Ask yourself if there's a feature missing in 0.9.8 that is critical for you.

Now, 12.0 is on OpenSSL 0.9.8x (not 0.9.8e) so you seem to not have applied all of 12.0's security updates.

If you decide to stay on 0.9.8, I recommend downloading Slackware 12.0's OpenSSL source files (from patches) and using
them to build 0.9.8y (not 0.9.8x).


Last edited by mancha; 04-16-2014 at 04:24 AM.
1 members found this post helpful.
Old 04-16-2014, 05:45 AM   #3
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 712

Original Poster
Rep: Reputation: 39
I have just found this Slackware Security Advisories
It says that for Slack 14 and 14.1 and -current it can be simply done with upgradepkg
Upgrade the packages as root:
# upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz
I guess it will not work with my Slackware 12 at all ?

If so, I have found latest binary/packages openssl-0.9.8x available at ?
Im thinking to do upgradepkg and as 1.0.0 branch and older are not vulnerable I should be quite safe ?


Last edited by czezz; 04-16-2014 at 06:08 AM.
Old 04-16-2014, 06:11 AM   #4
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Upgrading to openssl-0.9.8x and openssl-solibs-0.9.8x is pain-free.. Feel free download them from the slackware repositories and use, for example:
upgradepkg openssl-0.9.8x-i486-1_slack12.0.tgz
to upgrade openssl package

Slackware maintained security updates for 12.0 (I don't think it still does now) version so everything from here: should be useful for you...

Also, please search for slackpkg (I don't think it's included in slackware 12.0 by default) .. it will help you a lot..

If you want to further upgrade your system, you could consider upgrading step by step to 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, 14.1 .. But I would simply make backups of some setting, dbs and other stuff and do a fresh 14.1 install ..

Please be aware that installing the binaries of openssl-1.0.1g will most likely break your system (not render it unusable, but break it)... You could consider getting the sources from here, modify the slackbuild script and try to see if it compiles (then run upgradepkg on the resulting package), but changes are slim..

Last edited by Smokey_justme; 04-16-2014 at 06:12 AM.
Old 04-17-2014, 01:32 PM   #5
Registered: Feb 2014
Posts: 215

Rep: Reputation: Disabled
You could try to compile from source.
Grab all the source and patchfiles from:

You could skip the openssl0 directory. Then go to the directory containing the downloaded files.
If you already had 1.0.1g you had to edit the buildversion but this is not the case for 12.0
chmod +x openssl.Slackbuild
upgradepkg /tmp/openssl-...
I cannot test this since I use 14.1.
1 members found this post helpful.
Old 05-06-2014, 10:42 AM   #6
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 712

Original Poster
Rep: Reputation: 39
Good point Mancha.
I did like you said. I used openssl.SlackBuild to create package with latest source code for version openssl-0.9.8

# ls -al /var/log/packages/ | grep -i openssl
-rw-r--r--  1 root root   27951 2014-05-06 16:28 openssl-0.9.8y-i486-1_slack12.0
-rw-r--r--  1 root root    1602 2014-05-06 16:29 openssl-solibs-0.9.8y-i486-1_slack12.0
# openssl version -a
OpenSSL 0.9.8y 5 Feb 2013
built on: Sun May  4 23:25:27 CEST 2014
platform: linux-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -mtune=i686 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/ssl"
I am going to stay with 0.9.8 version as it is immune for Heartbleed.

@Hendrickxm - actually your link and dir openssl0 contains everything to build 0.9.8y

Last edited by czezz; 05-06-2014 at 10:43 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
CVE-2014-0160: Heartbleed Bug: OpenSSL Vulnerability tronayne Linux - Security 66 04-21-2014 04:13 PM
LXer: Test Sites for Heartbleed OpenSSL Vulnerability LXer Syndicated Linux News 0 04-09-2014 02:00 PM
LXer: How to find out if your server is affected from Openssl Heartbleed vulnerability (CVE-2014-016 LXer Syndicated Linux News 0 04-08-2014 11:20 AM
LXer: Heartbleed: Serious OpenSSL zero day vulnerability revealed LXer Syndicated Linux News 1 04-08-2014 08:38 AM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration