You are not logged in.

Pages: 1

#1 2010-04-11 11:56:53

Huulivoide
Member
From: Finaland->Lapland->Kemi
Registered: 2009-11-19
Posts: 19
Website

Script to check for packages linked whit old openssl

This is very simple script and wont chek binaries in directories other than the basic bin sbin usr/bin and usr/sbin.
But it bight be usefull if you have lots of svn and git packages installed.

here it is:

#!/bin/bash

tmp=""
pkgs=""

for i in {,/usr}/{,s}bin/* /usr/lib/*  ; do
echo $i
tmp=`readelf -d $i | grep -P '(libssl.so.0.9.8|libcrypto.so.0.9.8)'`
        if [ "$tmp" == "" ]; then
                echo clean
        else
                pkgs=$pkgs" "`pacman -Qo $i | awk '{ print $5 }'`
                echo "Old version of ssl found adding to package list."
        fi
done
echo "Here is list of packages that have binaries that use old version of openssl"
echo $pkgs

Bugs: Does not search dirs rescursively
output list can contain duplicate entrys

Last edited by Huulivoide (2010-04-11 15:08:51)

Offline

#2 2010-04-11 11:58:10

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,672
Website

Re: Script to check for packages linked whit old openssl

You really should check /usr/lib too.

PGP Key: F99FFE0FEAE999BD | I develop pacman - buy me a drink!

Offline

#3 2010-04-11 12:05:10

Huulivoide
Member
From: Finaland->Lapland->Kemi
Registered: 2009-11-19
Posts: 19
Website

Re: Script to check for packages linked whit old openssl

Now checks for libraries too, itotally forgot that. but still it wont check from sub dirs, im not good enought to do it.

Offline

#4 2010-04-11 12:30:47

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,967
Website

Re: Script to check for packages linked whit old openssl

and you should use readelf -d instead of ldd which shows deps recursively.

3E80 CA1A 8B89 F69C BA57  D98A 76A5 EF90 5444 9A5C

Offline

#5 2010-04-11 14:23:56

Mektub
Member
From: Lisbon /Portugal
Registered: 2008-01-02
Posts: 647

Re: Script to check for packages linked whit old openssl

Huulivoide,

Nice. 

tmp=`readefl -d $i | grep libssl.so.0.9.8`

should be:

tmp=`readelf -d $i | grep libssl.so.0.9.8`

(readefl --> readelf)

Mektub

Follow me on twitter: https://twitter.com/johnbina

Offline

#6 2010-04-11 14:38:24

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,967
Website

Re: Script to check for packages linked whit old openssl

You should also scan for libcrypto.so.0.9.8

3E80 CA1A 8B89 F69C BA57  D98A 76A5 EF90 5444 9A5C

Offline

#7 2010-04-11 15:58:06

xkero
Member
Registered: 2008-04-20
Posts: 7

Re: Script to check for packages linked whit old openssl

My recursive one liner version

find {,/usr}/{,s}bin/ /usr/lib/ -type f -printf \~%p -exec readelf -d \{\} \; 2>/dev/null | awk '/libssl.so.0.9.8|libcrypto.so.0.9.8/{print$1}' RS="~" FS="\n"

If your as lazy as me though this isn't enough so here's one that finds the offending packages in pacman

find {,/usr}/{,s}bin/ /usr/lib/ -type f -printf \~%p -exec readelf -d \{\} \; 2>/dev/null | awk '/libssl.so.0.9.8|libcrypto.so.0.9.8/{system("pacman -Qo "$1)}' RS="~" FS="\n"

And then update them! big_smile

yaourt -Sy $(find {,/usr}/{,s}bin/ /usr/lib/ -type f -printf \~%p -exec readelf -d \{\} \; 2>/dev/null | awk '/libssl.so.0.9.8|libcrypto.so.0.9.8/{system("pacman -Qqo "$1)}' RS="~" FS="\n" | sort | uniq)

Offline

Pages: 1

Board footer

Powered by FluxBB