Re: I installed Openssl 1.1.1k and Ubuntu 20.04 did an upgrade and reverted it back to 1.1.1f. Usually Ubuntu upgrades don’t break it.

Jakob Bohm jb-openssl at wisemo.com
Fri May 21 20:13:47 UTC 2021 

(Replying on list to bring this back to the public forum where others 
can help you)

On 2021-05-21 16:18, Michael McKenney wrote:
> It took awhile to run all these commands
> 
> Sorry, but you did not state what command and output indicates
> that Ubuntu undid your upgrade, what is the output of each of
> the following diagnostic commands (after Ubuntu apparently
> undid your upgrade).
> 
> $ dpkg --status libssl1.1
> $ dpkg --status libssl-dev
> $ dpkg --status openssl
> $ type openssl
> $ openssl version -a
> $ ls -alF /usr/lib/x86_64-linux-gnu/libssl*
> $ ls -alF /usr/locallib/libssl*

Oops, my bad, should have been /usr/local/lib/libssl*

> $ ls -alF /usr/local/bin/openssl
> $ /usr/local/bin/openssl version -a
> 
> 
> Here is the results
> 
> $ dpkg --status libssl1.1
> 
> sudo dpkg --status libssl1.1

This shouldn't require root privileges, at least on Debian (Ubuntu is a 
heavily modified Debian).

> 
> [sudo] password for michael:
> 
> Package: libssl1.1
> Status: install ok installed
> Priority: optional
> Section: libs
> Installed-Size: 4027
> Maintainer: Ubuntu Developers ubuntu-devel-discuss at lists.ubuntu.com 
>   <mailto:ubuntu-devel-discuss at lists.ubuntu.com>
> Architecture: amd64
> Multi-Arch: same
> Source: openssl
> Version: 1.1.1f-1ubuntu2.4

Ok, go to the Ubuntu website and check which OpenSSL bug fixes are 
included in Ubuntu OpenSSL 1.1.1f-1ubuntu2.4, or look in the file
/usr/share/doc/libssl1.1/Changelog.Debian.gz

> Depends: libc6 (>= 2.25), debconf (>= 0.5) | debconf-2.0
> Breaks: isync (<< 1.3.0-2), lighttpd (<< 1.4.49-2), python-boto (<< 
>   2.44.0-1.1), python-httplib2 (<< 0.11.3-1), python-imaplib2 (<< 2.57-5), 
>   python3-boto (<< 2.44.0-1.1), python3-imaplib2 (<< 2.57-5)
> Description: Secure Sockets Layer toolkit - shared libraries
>  This package is part of the OpenSSL project's implementation of the SSL
>  and TLS cryptographic protocols for secure communication over the
>  Internet.
>  .
>  It provides the libssl and libcrypto shared libraries.
> Homepage: https://www.openssl.org/
> Original-Maintainer: Debian OpenSSL Team 
>  pkg-openssl-devel at lists.alioth.debian.org 
>  <mailto:pkg-openssl-devel at lists.alioth.debian.org>
> 
> $ dpkg --status libssl-dev
> 
> sudo dpkg --status libssl-dev
> 

This shouldn't require root privileges, at least on Debian (Ubuntu is a 
heavily modified Debian).

> dpkg-query: package 'libssl-dev' is not installed and no information is 
> available
> 
> Use dpkg --info (= dpkg-deb --info) to examine archive files.
> 

Ok, this confirms that you have not installed the OpenSSL development 
files from Ubuntu.

> $ dpkg --status openssl
> 
> sudo dpkg --status openssl
> 

This shouldn't require root privileges, at least on Debian (Ubuntu is a 
heavily modified Debian).

> Package: openssl
> Status: install ok installed
> Priority: optional
> Section: utils
> Installed-Size: 1257
> Maintainer: Ubuntu Developers ubuntu-devel-discuss at lists.ubuntu.com 
>  <mailto:ubuntu-devel-discuss at lists.ubuntu.com>
> Architecture: amd64
> Multi-Arch: foreign
> Version: 1.1.1f-1ubuntu2.4
> Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.1)
> Suggests: ca-certificates
> Conffiles:
>  /etc/ssl/openssl.cnf fb92a2dab53f11f4f5f22adc5257b553
> Description: Secure Sockets Layer toolkit - cryptographic utility
>  This package is part of the OpenSSL project's implementation of the SSL
>  and TLS cryptographic protocols for secure communication over the
>  Internet.
>  .
>  It contains the general-purpose command line binary /usr/bin/openssl,
>  useful for cryptographic operations such as:
>    * creating RSA, DH, and DSA key parameters;
>    * creating X.509 certificates, CSRs, and CRLs;
>    * calculating message digests;
>    * encrypting and decrypting with ciphers;
>    * testing SSL/TLS clients and servers;
>    * handling S/MIME signed or encrypted mail.
> Homepage: https://www.openssl.org/
> Original-Maintainer: Debian OpenSSL Team 
>  pkg-openssl-devel at lists.alioth.debian.org 
>  <mailto:pkg-openssl-devel at lists.alioth.debian.org>

Ok, go to the Ubuntu website and check which OpenSSL bug fixes are 
included in Ubuntu OpenSSL 1.1.1f-1ubuntu2.4, or look in the file
/usr/share/doc/openssl/Changelog.Debian.gz

> 
> $ type openssl
> openssl is hashed (/usr/local/ssl/bin/openssl)

Ok, this shows that your locally built OpenSSL is still there under
/usr/local/...

> $ openssl version -a
> OpenSSL 1.1.1k  25 Mar 2021
> built on: Thu May 20 12:00:48 2021 UTC
> platform: linux-x86_64
> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
> compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 
> -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ 
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM 
> -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM 
> -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
> OPENSSLDIR: "/usr/local/ssl"
> ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
> Seeding source: os-specific
> 
> michael at ubuntuwpmm1tb:~$
> 
> $ ls -alF /usr/lib/x86_64-linux-gnu/libssl*
> 
> -rw-r--r-- 1 root root 598104 Apr 27 20:37 /usr/lib/x86_64-linux-gnu/libssl.so.1.1

This shows that the Ubuntu installed OpenSSL was built by Ubuntu on the 
most recent April 27 (2021-04-27) at 20:37 your timezone.

> 
> michael at ubuntuwpmm1tb:~$
> 
> $ ls -alF /usr/locallib/libssl*
> 
> ls -alF /usr/locallib/libssl*
> 
> ls: cannot access '/usr/locallib/libssl*': No such file or directory
> 
> $ ls -alF /usr/local/bin/openssl
> 
> ls -alF /usr/local/bin/openssl
> 
> ls: cannot access '/usr/local/bin/openssl': No such file or directory
> 
> $ /usr/local/bin/openssl version -a
> 
> /usr/local/bin/openssl version -a
> 
> -bash: /usr/local/bin/openssl: No such file or directory
> 
> 
> 
> *From:*openssl-users <openssl-users-bounces at openssl.org> *On Behalf Of 
> *Jakob Bohm via openssl-users
> *Sent:* Friday, May 21, 2021 10:03 AM
> *To:* openssl-users at openssl.org
> *Subject:* Re: I installed Openssl 1.1.1k and Ubuntu 20.04 did an 
> upgrade and reverted it back to 1.1.1f. Usually Ubuntu upgrades don’t 
> break it.
> 
> On 2021-05-19 19:56, Michael McKenney wrote:
> 
>     I installed Openssl 1.1.1k and Ubuntu 20.04 did an upgrade and
>     reverted it back to 1.1.1f.   Usually Ubuntu upgrades don’t break it.
> 
>     OpenSSL 1.1.1f  31 Mar 2020 (Library: OpenSSL 1.1.1k  25 Mar 2021)
> 
>     built on: Thu Apr 29 14:11:04 2021 UTC
> 
>     platform: linux-x86_64
> 
>     options:  bn(64,64) rc4(16x,int) des(int) blowfish(ptr)
> 
>     compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
>     -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
>     -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
>     -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
>     -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM
>     -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB
>     -DNDEBUG
> 
>     OPENSSLDIR: "/usr/local/ssl"
> 
>     ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
> 
>     Seeding source: os-specific
> 
>     How do I change it back to 1.1.1k?  I tried a reinstall.  Didn’t work.
> 
>     This is the directions I use to install
> 
>     sudo apt-get update && sudo apt-get upgrade
> 
>     openssl version -a
> 
>     sudo apt install build-essential checkinstall zlib1g-dev -y
> 
>     cd /usr/local/src/
> 
>     sudo wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
> 
>     sudo tar -xf openssl-1.1.1k.tar.gz
> 
>     cd openssl-1.1.1k
> 
>     sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl
>     shared zlib
> 
>     sudo make
> 
>     sudo make test
> 
>     sudo make install
> 
>     cd /etc/ld.so.conf.d/
> 
>     sudo vim openssl-1.1.1k.conf
> 
>              add    /usr/local/ssl/lib
> 
>     sudo ldconfig -v
> 
>     sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup
> 
>     sudo mv /usr/bin/openssl /usr/bin/openssl.backup
> 
>     sudo vim /etc/environment
> 
>     add    
>     PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> 
>                             :/usr/local/games:/usr/local/ssl/bin"
> 
>     source /etc/environment
> 
>     echo $PATH
> 
>     which openssl
> 
>     openssl version -a
> 
> Sorry, but you did not state what command and output indicates
> that Ubuntu undid your upgrade, what is the output of each of
> the following diagnostic commands (after Ubuntu apparently
> undid your upgrade).
> 
> $ dpkg --status libssl1.1
> $ dpkg --status libssl-dev
> $ dpkg --status openssl
> $ type openssl
> $ openssl version -a
> $ ls -alF /usr/lib/x86_64-linux-gnu/libssl*
> $ ls -alF /usr/locallib/libssl*
> $ ls -alF /usr/local/bin/openssl
> $ /usr/local/bin/openssl version -a
> 



Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list