当试图在CentOS上更新OpenSSL时,我收到了一些奇怪的错误。
#rpm -qi openssl-libs Name : openssl-libs Relocations: (not relocatable) Version : 1.0.1e Vendor: (none) Release : 19.el6 Build Date: Thu 02 Jan 2014 07:35:50 PM UTC Install Date: Thu 02 Jan 2014 07:42:06 PM UTC Build Host: xxxxxx Group : System Environment/Libraries Source RPM: openssl-1.0.1e-19.el6.src.rpm Size : 2668401 License: OpenSSL Signature : (none) URL : http://www.openssl.org/ Summary : A general purpose cryptography library with TLS implementation Description : OpenSSL is a toolkit for supporting cryptography. The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols. # yum info openssl Loaded plugins: aliases, replace, security Installed Packages Name : openssl Arch : x86_64 Version : 1.0.1e Release : 16.el6_5.4 Size : 4.0 M Repo : installed Summary : A general purpose cryptography library with TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications between : machines. OpenSSL includes a certificate management tool and shared : libraries which provide various cryptographic algorithms and : protocols. Available Packages Name : openssl Arch : i686 Version : 1.0.1e Release : 30.el6_5.2 Size : 1.5 M Repo : updates Summary : A general purpose cryptography library with TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications between : machines. OpenSSL includes a certificate management tool and shared : libraries which provide various cryptographic algorithms and : protocols. Name : openssl Arch : x86_64 Version : 1.0.1e Release : 30.el6_5.2 Size : 1.5 M Repo : updates Summary : A general purpose cryptography library with TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications between : machines. OpenSSL includes a certificate management tool and shared : libraries which provide various cryptographic algorithms and : protocols. #openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Wed Jan 8 18:40:59 UTC 2014 platform: linux-x86_64 options: bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic 但是,当我尝试和运行yum来更新它有冲突:
#yum -y install openssl Loaded plugins: aliases, replace, security Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package openssl.x86_64 0:1.0.1e-16.el6_5.4 will be updated ---> Package openssl.x86_64 0:1.0.1e-30.el6_5.2 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Updating: openssl x86_64 1.0.1e-30.el6_5.2 updates 1.5 M Transaction Summary ======================================================================================================= Upgrade 1 Package(s) Total size: 1.5 M Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Check Error: file /usr/lib64/libcrypto.so.1.0.1e from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/libssl.so.1.0.1e from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/lib4758cca.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libaep.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libatalla.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libcapi.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libchil.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libcswift.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libgmp.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libnuron.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libpadlock.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libsureware.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64 file /usr/lib64/openssl/engines/libubsec.so from install of openssl-1.0.1e-30.el6_5.2.x86_64 conflicts with file from package openssl-libs-1:1.0.1e-19.el6.x86_64
任何帮助如何纠正?
UPDATE
使用@ Michael的build议,我能够更新OpenSSL
Installed Packages Name : openssl Arch : x86_64 Version : 1.0.1e Release : 30.el6_5.2 Size : 4.0 M Repo : installed From repo : updates
你的系统上安装了一个openssl-libs包,但是它的出处非常值得怀疑。 据我所知,EL6没有这样的二进制包。 虽然有一个包拆分,它只适用于EL7。
为了解决这个问题,你需要删除可疑的openssl-libs包,同时更新openssl包。 为此,你可以使用yum shell。
# yum shell > remove openssl-libs > update openssl > run
在此之前,您可能需要查看该可疑包裹的信息,以确定是否可以识别可能包裹的来源。 在系统上有这样的软件包可能是一个妥协的迹象。
rpm -qi openssl-libs
你发布的关于这个软件包的信息确认它不是官方软件包,但没有说明它来自哪里。 你几乎肯定想立即摆脱它,并发起一个安全事件,将系统视为可能被破坏。