Actions
Bug #10479
closedOpenSSL not upgrading to 1.0.1j while recompiling Ruby.
Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
1.9.3p550
Backport:
Description
I had my system running on ubuntu 14.04, Ruby 1.9.3p550, OpenSSL 1.0.1f. After MITM vulnerability when I tried to update my system level openssl its been upgraded to 1.0.1j.
But when I check ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'
to check latest version of openssl used by system's ruby services. It still shows old version i.e. 1.0.1f.
The workaround I find is to recompile ruby. But after recompiling ruby ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'
raising :-
/usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so: undefined symbol: SSLv2_method - /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so (LoadError)
I have tried:-
- using --with-openssl-dir while compiling ruby but its not a valid option.
- http://stackoverflow.com/questions/8206546/undefined-symbol-sslv2-method
- http://aaronparecki.com/articles/2014/04/08/1/how-to-test-and-confirm-openssl-is-updated-for-nginx-and-ruby-on-ubuntu-12-04
- recompiling a package with fPIC flag :- http://stackoverflow.com/questions/13812185/how-to-recompile-with-fpic
- Tried recompiling extconf.rb from ruby source as well :- http://stackoverflow.com/questions/9732591/rails-loaderror-with-openssl-so-undefined-symbol-d2i-ecpkparameters
Actions
Like0
Like0Like0Like0Like0Like0Like0Like0