Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Patch Fedora 18 OpenSSL for Heartbleed, CVE-2014-0160

To update Fedora 18 against Heartbleed, you'll need to roll your own RPMs since 18 is no longer supported. (Consider CentOS?)

Here's what worked for me, based heavily on the CentOS guide on rebuilding RPMs. Your mileage may vary. I did have things like gcc and make already installed.

$ sudo yum install rpm-build
$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
$ cd /tmp
$ wget http://mirrors.kernel.org/fedora/updates/18/SRPMS/openssl-1.0.1e-37.fc18.src.rpm
$ rpm -i openssl-1.0.1e-37.fc18.src.rpm
$ cd ~/rpmbuild/SPECS
$ vim openssl.spec

Now, apply the patch from the Fedora bug report. The previous release number is different, of course, so I just incremented by 1.

$ rpmbuild -ba openssl.spec
$ cd ~/rpmbuild/RPMS/x86_64
$ sudo yum install openssl*.rpm
@dahjelle

This comment has been minimized.

Copy link
Owner Author

commented Jun 16, 2014

If you need to add patches, note that you need to add the patches into the ~/rpmbuild/sources/ directory, add the patches to the first list of patches (i.e. lines beginning with Patchxx) and then add the patch to the actual execution of patches (i.e. a line beginning with %patch). There's documentation about the %patch manual available[1].

[1] http://www.rpm.org/max-rpm/s1-rpm-inside-macros.html#S2-RPM-INSIDE-PATCH-MACRO

@dahjelle

This comment has been minimized.

Copy link
Owner Author

commented Sep 24, 2014

As noted on StackOverflow, you can use yum-builddep from the yum-utils package if you need dependencies installed.

@dahjelle

This comment has been minimized.

Copy link
Owner Author

commented Feb 17, 2016

You can also download a source RPM by yumdownloader --source openssl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.