openssl, SSL2, KDE

Elan Ruusamäe glen at pld-linux.org
Fri Mar 4 23:14:35 CET 2016 

On 04.03.2016 23:18, Elan Ruusamäe wrote:
> due nature of the change of recent openssl (removing symbol) and 
> upstream not tracking this in SONAME it is impossible to know what got 
> broken 

it's not that impossible to find, but rebuilding them is. here's list of 
files affected (the first dir is name of the package):

1:./apache1-mod_ssl/usr/lib/apache1/libssl.so
2:./apache-tools/usr/bin/ab
3:./asterisk/usr/sbin/asterisk
4:./curl-libs/usr/lib/libcurl.so.4.4.0
5:./eagle-light/usr/lib/eagle-light/bin/eagle
6:./fetchmail/usr/bin/fetchmail
7:./libtorrent-rasterbar/usr/lib/libtorrent-rasterbar.so.8.0.0
8:./links2/usr/bin/links2
9:./mailx/bin/mailx
10:./monit/usr/sbin/monit
11:./nagios-plugins/usr/lib/nagios/plugins/check_http
12:./nagios-plugins/usr/lib/nagios/plugins/check_smtp
13:./nagios-plugins/usr/lib/nagios/plugins/check_tcp
14:./neon/usr/lib/libneon.so.27.3.1
15:./nessus-client/usr/bin/nessus
16:./nessus-client-gtk/usr/bin/nessus-gtk
17:./nessusd/usr/sbin/nessusd
18:./nessus-libs/usr/lib/libnessus.so.2.2.7
19:./nodejs/usr/lib/libnode.so.10.3.0
20:./ocaml-ssl/usr/lib/ocaml/stublibs/dllssl_stubs.so
21:./ocaml-ssl/usr/lib/ocaml/stublibs/dllssl_threads_stubs.so
22:./openssl-tools/usr/bin/openssl
23:./partimage/usr/sbin/partimage
24:./perl-Crypt-SSLeay/usr/lib/perl5/vendor_perl/5.22.0/i686-pld-linux-thread-multi/auto/Crypt/SSLeay/SSLeay.so
25:./perl-Net-SSLeay/usr/lib/perl5/vendor_perl/5.22.0/i686-pld-linux-thread-multi/auto/Net/SSLeay/SSLeay.so
26:./php52-openssl/usr/lib/php52/openssl.so
27:./php53-openssl/usr/lib/php53/openssl.so
28:./php54-openssl/usr/lib/php54/openssl.so
29:./php55-openssl/usr/lib/php55/openssl.so
30:./php56-openssl/usr/lib/php56/openssl.so
31:./pjproject/usr/lib/libpj.so.2
32:./primecoin/usr/bin/primeminer
33:./primecoin-qt/usr/bin/primecoin-qt
34:./python3-cryptography/usr/lib/python3.5/site-packages/cryptography/_Cryptography_cffi_89292e72x399b1113.cpython-35m-i386-linux-gnu.so
35:./python3-modules/usr/lib/python3.5/lib-dynload/_ssl.cpython-35m-i386-linux-gnu.so
36:./python-cryptography/usr/lib/python2.7/site-packages/cryptography/_Cryptography_cffi_f3e4673fx399b1113.so
37:./python-M2Crypto/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so
38:./python-modules/usr/lib/python2.7/lib-dynload/_ssl.so
39:./qt4-plugin-qca-ossl/usr/lib/qt4/plugins/crypto/libqca-ossl.so
40:./Qt5Network/usr/lib/libQt5Network.so.5.5.1
41:./QtNetwork/usr/lib/libQtNetwork.so.4.8.7
42:./ruby-modules/usr/lib/ruby/2.0/openssl.so
43:./socat/usr/bin/socat
44:./squid/usr/sbin/squid
45:./stunnel/usr/bin/stunnel
46:./tcl-tls/usr/lib/tls1.6/libtls1.6.so
47:./tn5250/usr/lib/lib5250.so.0.0.0
48:./uim/usr/lib/uim/plugin/libuim-openssl.so
49:./vacm/usr/lib/vacm/exports/vacm_sys_stat_proxy
50:./vacm/usr/lib/vacm/modules/sys_stat.loose
51:./vacm/usr/lib/vacm/modules/user_adm.loose
52:./vacm-libs/usr/lib/libvacmclient-2.0.5a.so
53:./vacm-node/usr/sbin/vacm_sys_stat_proxy
54:./w3c-libwww/usr/lib/libwwwssl.so.0.1.0
55:./wget/usr/bin/wget


and not sure it is correct scanning, as wget works without being rebuilt:

# objdump -T /lib64/libcrypto.so.1.0.0|grep SSLv2
0000000000106c00 g    DF .text  00000000000000e1  Base        RSA_padding_add_SSLv23
0000000000106cf0 g    DF .text  0000000000000170  Base        RSA_padding_check_SSLv23


# objdump -T /usr/bin/wget |grep SSLv2
0000000000000000      DF *UND*  0000000000000000              SSLv23_client_method
0000000000000000      DF *UND*  0000000000000000              SSLv2_client_method

# wget --version|head -n1
GNU Wget 1.16.3 built on linux-gnu.


# rpm -q wget openssl
wget-1.16.3-4.x86_64
openssl-1.0.2g-6.x86_64

also known to work similarly is "monit" package

----

commands used to obtain the list:
repos="-n th"
pattern="libssl.so.1.0.0"

poldek $repos --up
poldek $repos --cmd "search -r $pattern" | tee pkgs.log

         
alias rpmget='poldek --fetch=$(pwd) --force -u --nodeps --nohold'
rpmget `less ../pkgs.log|grep i686` --noask
for a in `less ../pkgs.log|grep i686`; do mv $a.rpm ssl; done
for a in *.rpm; do (p=$PWD && d=/tmp/unpack/`rpm -qp $a --qf '%{name}'` && mkdir -p $d && cd $d && unpack $p/$a); done
find -type f > files
cat files | xargs -d '\n' file > filetypes
cat filetypes |grep 'ELF.*dynamically'|cut -d: -f1>elflist
while read a; do ldd $a|grep libssl.so -q && echo $a; done < elflist > ssllist
for a in `cat ssllist`; do objdump -T $a|grep -qE 'SSLv2_client_method|SSLv2_server_method|SSLv2_method' && echo $a; done > symlist


ps: unpack is shell script doing  rpm2cpio "$1" | cpio --no-absolute-filenames -dimu --quiet

-- 
glen

More information about the pld-devel-en mailing list