[tor-talk] Does Tor need to be recompiled *after* the opensslupdate?
hikki at Safe-mail.net
hikki at Safe-mail.net
Sat Apr 12 18:17:49 UTC 2014
-------- Original Message --------
From: Nicolas Vigier <boklm at mars-attacks.org>
Apparently from: tor-talk-bounces at lists.torproject.org
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] Does Tor need to be recompiled *after* the opensslupdate?
Date: Sat, 12 Apr 2014 17:51:46 +0200
> On Sat, 12 Apr 2014, Matthew Finkel wrote:
>
> > On Sat, Apr 12, 2014 at 05:04:27AM -0400, hikki at Safe-mail.net wrote:
> > > For those of us who compile Tor from source, does Tor need to be recompiled
> > > *after* the openssl update from our OS vendors?
> >
> > "Maybe". If you are upgrading OpenSSL from a much older version then you
> > may need to recompile Tor (so it knows about the newer version and uses
> > the correct headers and such) but if you're simply upgrading from, say,
> > 1.0.1e to 1.0.1g then you should not need to recompile Tor. If you
> > restart Tor it should use the newer version of openssl without issue.
>
> Unless tor was linked statically to openssl, using for instance the
> --enable-static-openssl or --enable-static-tor configure options.
>
> Checking that tor is not linked statically can be done with ldd:
>
> $ ldd /usr/bin/tor
> [...]
> libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f6081b5c000)
I'm not sure what this means.
$ ldd src/or/tor on my system says:
[...]
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x0000...)
Is my system *still* at risk?
Do I need to recompile?
More information about the tor-talk
mailing list