Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Repacking the OpenSSL Debian package for Ubuntu 10.04 of SafeSync for Enterprise

    • Updated:
    • 6 Jan 2017
    • Product/Version:
    • SafeSync for Enterprise 3.1
    • SafeSync for Enterprise 3.2
    • Platform:
    • iOS 9.2
Summary

Since Ubuntu 10.04 of SafeSync for Enterprise (SSFE) 2.1 has reached its end-of-life, OpenSSL-related Debian packages will no longer be officially maintained. You need to manually repack the packages in order to fix the OpenSSL vulnerability included in the latest version.

Details
Public

To repack the OpenSSL Debian package for Ubuntu 10.04:

  1. Install SafeSync for Enterprise 2.1 Service Pack 1 (Build 2.1.0.1496).
  2. Download the following OpenSSL source packages:
  3. Find the configuration option for ./configure while building OpenSSL manually.
    1. Run the following command:

      tar zxvf openssl-1.0.1u.tar.gz
      tar zxvf openssl_1.0.1-4ubuntu5.38.debian.tar.gz -C openssl-1.0.1u
      cd openssl-1.0.1u

    2. Find the option at line 38 in debian/rules:

      vim debian/rules

      CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 $(ARCH_CONFARGS)

    3. Retrieve the option value after changing the variable.

      CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 enable-ec_nistp_64_gcc_128

    4. Refer to ./INSTALL file and add the Shared option to create shared libraries on platforms.

      CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 enable-ec_nistp_64_gcc_128 shared

  4. Build OpenSSL using the commands below:

    ./config --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 enable-ec_nistp_64_gcc_128a shared
    make depend
    make
    make install

  5. Verify the new settings.
    1. Check the version using the command "openssl version". The expected result should be:
      OpenSSL 1.0.1u 22 Sep 2016 
    2. Check the shared libraries using the command "ldd /usr/bin/openssl". The expected result should be:
      linux-vdso.so.1 =>  (0x00007fff289f9000)
      libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f7264c61000)
      libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f7264885000)
      libdl.so.2 => /lib/libdl.so.2 (0x00007f7264677000)
      libz.so.1 => /lib/libz.so.1 (0x00007f7264460000)
      libc.so.6 => /lib/libc.so.6 (0x00007f72640dd000)
      /lib64/ld-linux-x86-64.so.2 (0x00007f7264ec8000)
  6. Install the dpkg-repack file.

    cd /home/safesync
    wget http://mirrors.kernel.org/ubuntu/pool/main/d/dpkg-repack/dpkg-repack_1.37_all.deb
    dpkg -i dpkg-repack_1.37_all.deb

  7. Repack the OpenSSL Debian package.
    1. Update the version of OpenSSL:

      sed -i 's/Version: 1.0.1h-1/Version: 1.0.1u/' /var/lib/dpkg/status

    2. Modify the file list by appending "/usr/lib/ssl" and "/usr/lib/ssl/openssl.cnf".

      sed -i '/\/usr\/lib\/libcrypto.so/a \/usr\/lib\/ssl\n\/usr\/lib\/ssl\/openssl.cnf' /var/lib/dpkg/info/openssl.list

      The result should be similar to the following:

      /usr/lib/libcrypto.so
      /usr/lib/ssl
      /usr/lib/ssl/openssl.cnf
      /etc/ssl/openssl.cnf
    3. Run the dpkg-repack file using the command "dpkg-repack openssl". The expected result should be:
      dpkg-repack: Skipping obsolete conffile /etc/ssl/openssl.cnf
      dpkg-deb: building package `openssl' in `./openssl_1.0.1u_amd64.deb'
  8. Verify the repacked Debian package.
    1. Install the repacked Debian package on a newly installed SSFE 2.1 SP1.
      dpkg -i openssl_1.0.1u_amd64.deb
      (Reading database ... 86633 files and directories currently installed.)
      Preparing to replace openssl 1.0.1h-1 (using openssl_1.0.1u_amd64.deb) ...
      Unpacking replacement openssl ...
      Setting up openssl (1.0.1u) ...
    2. Check the version of the OpenSSL Debian package.

      dpkg -l | grep openssl

      It should show "ii openssl 1.0.1u Package created with checkinstall 1.6.1."

Premium
Internal
Rating:
Category:
Upgrade
Solution Id:
1116428
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.