openssl with version information under sles11sp1
Posted on Tue 29 March 2011 in Linux • 2 min read
If you getting errors like this one
$ /path/to/program
/usr/lib/libcrypto.so.0.9.8: no version information available
you need a libcrypto.so and a libssl.so with version information.
Here are some information about the problem.
openssl has evolved to a very important library in Linux distribution. A
lot of cryptographic applications link to it including system libraries
like pam modules and apache modules. Now it becomes more and more
difficult to get all the binaries and libraries to link to the same
version of openssl. This leads to situations where an application uses
some libraries where on links to openssl 0.9.7 and another one to
version 0.9.8. Since the symbols of the libraries are not yet versioned
this leads to severe segfaults.
Install source package from the repository
$ zypper in -t srcpackages openssl
Create patches
/usr/src/packages/SOURCES/openssl-version-patch.patch
diff -Naur openssl-0.9.8h/Configure openssl-0.9.8h-new/Configure
--- openssl-0.9.8h/Configure 2008-05-02 01:11:30.000000000 +0200
+++ openssl-0.9.8h-new/Configure 2011-02-22 15:30:05.000000000 +0100
@@ -1327,6 +1327,8 @@
$shlib_minor=$2;
}
+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
+
open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n";
diff -Naur openssl-0.9.8h/engines/openssl.ld openssl-0.9.8h-new/engines/openssl.ld
--- openssl-0.9.8h/engines/openssl.ld 1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8h-new/engines/openssl.ld 2011-02-22 15:31:41.000000000 +0100
@@ -0,0 +1,4 @@
+OPENSSL_0.9.8 {
+ global:
+ *;
+};
diff -Naur openssl-0.9.8h/Makefile openssl-0.9.8h-new/Makefile
--- openssl-0.9.8h/Makefile 2008-05-28 10:48:27.000000000 +0200
+++ openssl-0.9.8h-new/Makefile 2011-02-22 15:30:59.000000000 +0100
@@ -140,9 +140,9 @@
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
+SHARED_LIBS=$(SHARED_FIPS) $(SHARED_CRYPTO) $(SHARED_SSL)
+SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+SHARED_LDFLAGS=-m64 -Wl,--version-script=openssl.ld
GENERAL= Makefile
BASENAME= openssl
diff -Naur openssl-0.9.8h/openssl.ld openssl-0.9.8h-new/openssl.ld
--- openssl-0.9.8h/openssl.ld 1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8h-new/openssl.ld 2011-02-22 15:31:48.000000000 +0100
@@ -0,0 +1,4 @@
+OPENSSL_0.9.8 {
+ global:
+ *;
+};
/usr/src/packages/SPECS/openssl.spec.patch
--- openssl.spec 2011-02-22 17:00:26.000000000 +0100
+++ openssl-new.spec 2011-02-22 16:59:58.000000000 +0100
@@ -32,7 +32,7 @@
%endif
#
Version: 0.9.8h
-Release: 30.30.1
+Release: 30.30.1.custom
Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/
Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -67,6 +67,7 @@
Patch26: bug608666.patch
Patch27: CVE-2010-3864.patch
Patch28: CVE-2010-4180.patch
+Patch29: openssl-version-patch.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -222,6 +223,7 @@
%patch26 -p1
%patch27 -p1
%patch28 -p1
+%patch29 -p1
cp -p %{S:10} .
# lib64 installation fixes
for i in Makefile.org engines/Makefile; do
@@ -433,6 +435,8 @@
%{_bindir}/%{name}
%changelog
+* Tue Feb 22 2011 rmichel@devnu11.net
+- added for rsa usage the version information.
* Tue Dec 7 2010 gjhe@novell.com
- fix bug [bnc#657663]
CVE-2010-4180
Patch the spec file
$ cd /usr/src/packages/SPEC/
$ patch -i openssl.spec.patch
patching file openssl.spec
Build the new rpm packages
$ rpmbuild -bb /usr/src/packages/SPECS/openssl.spec