Patch Fedora 18 OpenSSL for Heartbleed, CVE-2014-0160

Patch Fedora 18 OpenSSL for Heartbleed, CVE-2014-0160.markdown

To update Fedora 18 against Heartbleed, you'll need to roll your own RPMs since 18 is no longer supported. (Consider CentOS?)

Here's what worked for me, based heavily on the CentOS guide on rebuilding RPMs. Your mileage may vary. I did have things like gcc and make already installed.

$ sudo yum install rpm-build
$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
$ cd /tmp
$ wget http://mirrors.kernel.org/fedora/updates/18/SRPMS/openssl-1.0.1e-37.fc18.src.rpm
$ rpm -i openssl-1.0.1e-37.fc18.src.rpm
$ cd ~/rpmbuild/SPECS
$ vim openssl.spec

Now, apply the patch from the Fedora bug report. The previous release number is different, of course, so I just incremented by 1.

$ rpmbuild -ba openssl.spec
$ cd ~/rpmbuild/RPMS/x86_64
$ sudo yum install openssl*.rpm

If you need to add patches, note that you need to add the patches into the ~/rpmbuild/sources/ directory, add the patches to the first list of patches (i.e. lines beginning with Patchxx) and then add the patch to the actual execution of patches (i.e. a line beginning with %patch). There's documentation about the %patch manual available[1].

[1] http://www.rpm.org/max-rpm/s1-rpm-inside-macros.html#S2-RPM-INSIDE-PATCH-MACRO

As noted on StackOverflow, you can use yum-builddep from the yum-utils package if you need dependencies installed.

You can also download a source RPM by yumdownloader --source openssl.