Learn about Centmin Mod LEMP Stack today
Register Now

CentOS 7.x Rolling back Axivo installed OpenSSL 1.0.2a

Discussion in 'CentOS, Redhat & Oracle Linux News' started by Sunka, Mar 3, 2016.

  1. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    @eva2000 my nginx - V show that is compiled with open SSL 1.0.2f
    Code:
    [root@tvor-ocean ~]# nginx -V
    nginx version: nginx/1.9.12
    built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
    built with OpenSSL 1.0.2f  28 Jan 2016
    When try to yum update. there is no update for open ssl 1.0.2g
    Also, when run command openssl version it shows:
    Code:
    [root@tvor-ocean ~]# openssl version
    OpenSSL 1.0.2a-fips 19 Mar 2015
    And this:
    Code:
    [root@tvor-ocean ~]# rpm -qa | grep openssl
    openssl-libs-1.0.2a-2.el7.x86_64
    openssl-1.0.2a-2.el7.x86_64
    openssl-devel-1.0.2a-2.el7.x86_64
    Code:
    [root@tvor-ocean ~]# yum info openssl
    Loaded plugins: fastestmirror, priorities
    Loading mirror speeds from cached hostfile
    * base: mirror2.hs-esslingen.de
    * epel: mirror.23media.de
    * extras: mirror2.hs-esslingen.de
    * remi-safe: remi.schlundtech.de
    * rpmforge: mirror.de.leaseweb.net
    * updates: mirror.imt-systems.com
    235 packages excluded due to repository priority protections
    Installed Packages
    Name        : openssl
    Arch        : x86_64
    Epoch       : 1
    Version     : 1.0.2a
    Release     : 2.el7
    Size        : 1.3 M
    Repo        : installed
    From repo   : axivo
    Summary     : General purpose cryptography library with TLS implementation
    URL         : http://www.openssl.org/
    License     : OpenSSL
    Description : The OpenSSL toolkit provides support for secure communications
                : between machines. OpenSSL includes a certificate management tool
                : and shared libraries which provide various cryptographic
                : algorithms and protocols.
    So, how to update ssl first so that I can update/recompile nginx with open ssl 1.0.2g?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    could be same issue @ModeltogTossen ran into at Centmin Mod 123.09beta - Nginx + openssl 1.0.2g update issues | Centmin Mod Community
    woah how did you get openssl 1.02a ? oh i see you had axivo repo installed that is nasty as it's outdated and with security flaws now.. @Matt had alot of issues removing it from CentOS systems after it was installed :(

    I'll have to update Centmin Mod to disable Axivo repo from already installed systems. For now, I'd have investigate how to properly remove Axivo Openssl 1.0.2a so it doesn't break your system. Axivo is a repo created by Floren which is no longer updated Axivo - Axivo Yum Repo Updates | Centmin Mod Community
     
    • Agree Agree x 1
    • Optimistic Optimistic x 1
  3. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Thanks.
    Waiting for solution...
     
  4. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    @eva2000 maybe this tutorial could help?
    https://www.axivo.com/resources/repository-setup.1/update?update=20

     
    Last edited: Mar 3, 2016
  5. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    it won't work for the reverse of removing axivo openssl as i will complain of required dependencies

    can you post the output for these commands
    Code (Text):
    yum history

    then on far left column you see transaction ids for yum, post the output of the very last 2 id numbers replacing them from command below where XX is the id
    Code (Text):
    yum history info XX

    If you're lucky enough to have done yum update on just Axivo's openssl, you can use yum history to undo and rollback easily. If it's more than just openssl packages that got updated, it will rollback all packages. Not that big a deal as after Axivo openssl and yum repo removed, you can just do another yum update to bring system back up to date.

    for example if axivo installed and it's in yum transaction id 8
    Code (Text):
    yum history
    Loaded plugins: fastestmirror
    ID     | Login user               | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
         8 | root <root>              | 2016-03-03 11:57 | Update         |    2
         7 | root <root>              | 2016-03-03 11:50 | Install        |    1
         6 | root <root>              | 2016-03-03 11:49 | Erase          |    1
         5 | root <root>              | 2016-03-03 11:48 | Install        |    1
         4 | root <root>              | 2016-03-03 11:43 | I, U           |   40
         3 | root <root>              | 2016-01-15 18:46 | I, U           |   17
         2 | root <root>              | 2015-12-22 02:59 | I, O, U        |  262 EE
         1 | System <unset>           | 2014-07-08 13:28 | Install        |  401
    history list

    info shows yes this is yum transaction that updated to axivo openssl 1.0.2a packages
    Code (Text):
    yum history info 8
    Loaded plugins: fastestmirror
    Transaction ID : 8
    Begin time     : Thu Mar  3 11:57:33 2016
    Begin rpmdb    : 420:158003b4b8673f8d54db00cc59b661119f6bbb60
    End time       :            11:57:34 2016 (1 seconds)
    End rpmdb      : 420:37dcf64f2569b7a1603058847bbd1fe64ca87f71
    User           : root <root>
    Return-Code    : Success
    Command Line   : --enablerepo=axivo update openssl*
    Transaction performed with:
        Installed     rpm-4.11.3-17.el7.x86_64                      @base
        Installed     yum-3.4.3-132.el7.centos.0.1.noarch           @base
        Installed     yum-plugin-fastestmirror-1.1.31-34.el7.noarch @base
    Packages Altered:
        Updated openssl-1:1.0.1e-51.el7_2.4.x86_64      @updates
        Update          1:1.0.2a-2.el7.x86_64           @axivo
        Updated openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 @updates
        Update               1:1.0.2a-2.el7.x86_64      @axivo
    history info

    I can then undo and rollback that transaction
    Code (Text):
    yum history undo 8
    

    Code (Text):
    yum history undo 8
    Loaded plugins: fastestmirror
    Undoing transaction 8, from Thu Mar  3 11:57:33 2016
        Updated openssl-1:1.0.1e-51.el7_2.4.x86_64      @updates
        Update          1:1.0.2a-2.el7.x86_64           @axivo
        Updated openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 @updates
        Update               1:1.0.2a-2.el7.x86_64      @axivo
    
    Resolving Dependencies
    --> Running transaction check
    ---> Package openssl.x86_64 1:1.0.1e-51.el7_2.4 will be a downgrade
    ---> Package openssl.x86_64 1:1.0.2a-2.el7 will be erased
    ---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.4 will be a downgrade
    ---> Package openssl-libs.x86_64 1:1.0.2a-2.el7 will be erased
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ==========================================================================================================================================================================================================================================================
    Package                                                      Arch                                                   Version                                                                Repository                                               Size
    ==========================================================================================================================================================================================================================================================
    Downgrading:
    openssl                                                      x86_64                                                 1:1.0.1e-51.el7_2.4                                                    updates                                                 711 k
    openssl-libs                                                 x86_64                                                 1:1.0.1e-51.el7_2.4                                                    updates                                                 951 k
    
    Transaction Summary
    ==========================================================================================================================================================================================================================================================
    Downgrade  2 Packages
    
    Total download size: 1.6 M
    Is this ok [y/d/N]: y
    Downloading packages:
    (1/2): openssl-1.0.1e-51.el7_2.4.x86_64.rpm                                                                                                                                                                                        | 711 kB  00:00:00  
    (2/2): openssl-libs-1.0.1e-51.el7_2.4.x86_64.rpm                                                                                                                                                                                   | 951 kB  00:00:00  
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Total                                                                                                                                                                                                                     2.2 MB/s | 1.6 MB  00:00:00  
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : 1:eek:penssl-libs-1.0.1e-51.el7_2.4.x86_64                                                                                                                                                                                                1/4
      Installing : 1:eek:penssl-1.0.1e-51.el7_2.4.x86_64                                                                                                                                                                                                     2/4
      Cleanup    : 1:eek:penssl-1.0.2a-2.el7.x86_64                                                                                                                                                                                                          3/4
      Cleanup    : 1:eek:penssl-libs-1.0.2a-2.el7.x86_64                                                                                                                                                                                                     4/4
      Verifying  : 1:eek:penssl-libs-1.0.1e-51.el7_2.4.x86_64                                                                                                                                                                                                1/4
      Verifying  : 1:eek:penssl-1.0.1e-51.el7_2.4.x86_64                                                                                                                                                                                                     2/4
      Verifying  : 1:eek:penssl-libs-1.0.2a-2.el7.x86_64                                                                                                                                                                                                     3/4
      Verifying  : 1:eek:penssl-1.0.2a-2.el7.x86_64                                                                                                                                                                                                          4/4
    
    Removed:
      openssl.x86_64 1:1.0.2a-2.el7             openssl-libs.x86_64 1:1.0.2a-2.el7                                                                                         
    
    Installed:
      openssl.x86_64 1:1.0.1e-51.el7_2.4        openssl-libs.x86_64 1:1.0.1e-51.el7_2.4                                                                                    
    
    Complete!

    Check openssl version
    Code (Text):
    openssl version
    OpenSSL 1.0.1e-fips 11 Feb 2013
    

    Then remove axivo YUM repo
    Code (Text):
    yum -y remove axivo-release
    
     
    Last edited: Mar 3, 2016
    • Winner Winner x 1
  6. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Code:
    [root@tvor-ocean ~]# yum history
    Loaded plugins: fastestmirror, priorities
    ID     | Command line             | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
        83 | -y update --disableplugi | 2016-03-03 01:06 | Update         |    7 
        82 | update                   | 2016-02-29 02:17 | I, U           |    4 
        81 | update                   | 2016-02-25 23:59 | Update         |    6 
        80 | -y update --disableplugi | 2016-02-22 22:00 | Update         |    5 
        79 | update                   | 2016-02-17 17:14 | E, I, U        |   41 EE
        78 | update --disableplugin=p | 2016-02-16 10:19 | I, U           |   14 EE
        77 | -y -q install figlet     | 2016-02-12 14:55 | Install        |    1 
        76 | update redis --enablerep | 2016-02-10 22:09 | Update         |    1 
        75 | -y update ImageMagick-la | 2016-02-09 17:11 | Update         |    5 
        74 | update                   | 2016-02-09 17:06 | Update         |    2 
        73 | -q -y install fio        | 2016-02-06 00:42 | Install        |    5 
        72 | update                   | 2016-02-05 22:44 | Update         |    1 EE
        71 | update -y                | 2016-01-29 22:41 | Update         |    6  <
        70 | -y install libmetalink l | 2016-01-28 10:28 | Install        |    6 >
        69 | update                   | 2016-01-28 10:15 | Update         |    4 
        68 | update                   | 2016-01-26 19:56 | E, I, U        |    9 EE
        67 | -q -y remove axel        | 2016-01-25 15:36 | Erase          |    1 
        66 | update redis --enablerep | 2016-01-25 15:31 | Update         |    1 
        65 | -y update ImageMagick-la | 2016-01-25 15:19 | Update         |    5 
        64 | update                   | 2016-01-25 10:16 | Update         |    1 
    history list
    How to list all history?
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    you don't need to latest yum transactions are at top as it's listed in descending date order

    but if you want to list all
    Code (Text):
    yum history list all


    so id 83 seems to be one i want output for as axivo installed by Centmin Mod has yumpriorities setup so only way axivo would be able to install it's openssl version is if you ran yum update with --disableplugin=priorities
    Code (Text):
    yum history info 83
     
  8. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    I think not, it is for imagemagic remi (updated few hours ago)
    Axivo openssl was I think before 2-3 months, so need to grep somehow axivo openssl

    Code:
    [root@tvor-ocean ~]# yum history info 83
    Loaded plugins: fastestmirror, priorities
    Transaction ID : 83
    Begin time     : Thu Mar  3 01:06:18 2016
    Begin rpmdb    : 764:82a50334e787904fa315763d28b3ce6ec2f92181
    End time       :            01:06:23 2016 (5 seconds)
    End rpmdb      : 764:6140c845a7369e92ef2b0e4b1e900dcba63d804f
    User           : root <root>
    Return-Code    : Success
    Command Line   : -y update --disableplugin=priorities --enablerepo=remi
    Transaction performed with:
        Installed     rpm-4.11.3-17.el7.x86_64                      @base
        Installed     yum-3.4.3-132.el7.centos.0.1.noarch           @base
        Installed     yum-plugin-fastestmirror-1.1.31-34.el7.noarch @base
    Packages Altered:
        Updated ImageMagick-last-6.9.3.5-1.el7.remi.x86_64           @remi
        Update                   6.9.3.6-1.el7.remi.x86_64           @remi
        Updated ImageMagick-last-c++-6.9.3.5-1.el7.remi.x86_64       @remi
        Update                       6.9.3.6-1.el7.remi.x86_64       @remi
        Updated ImageMagick-last-c++-devel-6.9.3.5-1.el7.remi.x86_64 @remi
        Update                             6.9.3.6-1.el7.remi.x86_64 @remi
        Updated ImageMagick-last-devel-6.9.3.5-1.el7.remi.x86_64     @remi
        Update                         6.9.3.6-1.el7.remi.x86_64     @remi
        Updated ImageMagick-last-libs-6.9.3.5-1.el7.remi.x86_64      @remi
        Update                        6.9.3.6-1.el7.remi.x86_64      @remi
        Updated galera-25.3.12-1.rhel7.el7.centos.x86_64             @mariadb
        Update         25.3.14-1.rhel7.el7.centos.x86_64             @mariadb
        Updated postgresql-libs-9.2.14-1.el7_1.x86_64                @updates
        Update                  9.2.15-1.el7_2.x86_64                @updates
    history info
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    From yum history list look at ids 78 and 80 too they also have --disableplugin=priorities in listed command line column
     
  10. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Found how to list all history, but without repos :unsure:
    Code:
    [root@tvor-ocean ~]# yum history list all
    Loaded plugins: fastestmirror, priorities
    ID     | Login user               | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
        83 | root <root>              | 2016-03-03 01:06 | Update         |    7 
        82 | root <root>              | 2016-02-29 02:17 | I, U           |    4 
        81 | root <root>              | 2016-02-25 23:59 | Update         |    6 
        80 | root <root>              | 2016-02-22 22:00 | Update         |    5 
        79 | root <root>              | 2016-02-17 17:14 | E, I, U        |   41 EE
        78 | root <root>              | 2016-02-16 10:19 | I, U           |   14 EE
        77 | root <root>              | 2016-02-12 14:55 | Install        |    1 
        76 | root <root>              | 2016-02-10 22:09 | Update         |    1 
        75 | root <root>              | 2016-02-09 17:11 | Update         |    5 
        74 | root <root>              | 2016-02-09 17:06 | Update         |    2 
        73 | root <root>              | 2016-02-06 00:42 | Install        |    5 
        72 | root <root>              | 2016-02-05 22:44 | Update         |    1 EE
        71 | root <root>              | 2016-01-29 22:41 | Update         |    6  <
        70 | root <root>              | 2016-01-28 10:28 | Install        |    6 >
        69 | root <root>              | 2016-01-28 10:15 | Update         |    4 
        68 | root <root>              | 2016-01-26 19:56 | E, I, U        |    9 EE
        67 | root <root>              | 2016-01-25 15:36 | Erase          |    1 
        66 | root <root>              | 2016-01-25 15:31 | Update         |    1 
        65 | root <root>              | 2016-01-25 15:19 | Update         |    5 
        64 | root <root>              | 2016-01-25 10:16 | Update         |    1 
        63 | root <root>              | 2016-01-22 10:20 | Update         |    2 EE
        62 | root <root>              | 2016-01-16 09:18 | Update         |    2 
        61 | root <root>              | 2016-01-15 10:04 | Update         |    3 
        60 | root <root>              | 2016-01-11 18:52 | Update         |    1 EE
        59 | root <root>              | 2016-01-08 15:26 | Update         |    4 
        58 | root <root>              | 2016-01-07 09:48 | Install        |    3 
        57 | root <root>              | 2016-01-07 09:42 | E, I, U        |    9 EE
        56 | root <root>              | 2015-12-27 09:29 | Update         |    5 
        55 | root <root>              | 2015-12-26 00:44 | I, U           |    6  <
        54 | root <root>              | 2015-12-21 02:47 | Update         |    1 >E
        53 | root <root>              | 2015-12-17 20:31 | Update         |    1 
        52 | root <root>              | 2015-12-16 23:21 | Update         |    6 
        51 | root <root>              | 2015-12-15 20:40 | E, I, O, U     |  325 EE
        50 | root <root>              | 2015-12-04 20:51 | Update         |    5 
        49 | root <root>              | 2015-12-01 20:44 | Install        |    1 EE
        48 | root <root>              | 2015-12-01 20:43 | Erase          |    1 EE
        47 | root <root>              | 2015-12-01 19:21 | Update         |    1 EE
        46 | root <root>              | 2015-11-28 21:58 | Install        |    4 
        45 | root <root>              | 2015-11-27 03:19 | Install        |    1 EE
        44 | root <root>              | 2015-11-27 03:18 | Install        |   11 
        43 | root <root>              | 2015-11-25 03:41 | Update         |    1 ##
        42 | root <root>              | 2015-11-25 03:35 | I, U           |    8 ##
        41 | root <root>              | 2015-11-25 03:34 | Update         |    5 
        40 | root <root>              | 2015-11-24 23:29 | Update         |    3 
        39 | root <root>              | 2015-11-23 00:32 | Update         |    1 
        38 | root <root>              | 2015-11-11 20:08 | Update         |    5 
        37 | root <root>              | 2015-11-08 23:38 | Install        |   23 
        36 | root <root>              | 2015-11-05 19:52 | Install        |    1 
        35 | root <root>              | 2015-11-04 02:10 | E, I, U        |   15 EE
        34 | root <root>              | 2015-11-02 12:43 | Install        |    3 
        33 | root <root>              | 2015-11-02 00:36 | Install        |    1 
        32 | root <root>              | 2015-10-31 00:31 | Install        |    2  <
        31 | root <root>              | 2015-10-31 00:30 | Install        |    3 >
        30 | root <root>              | 2015-10-31 00:29 | Install        |    2 
        29 | root <root>              | 2015-10-31 00:28 | Install        |    2 
        28 | root <root>              | 2015-10-31 00:27 | Install        |    4 
        27 | root <root>              | 2015-10-31 00:27 | Install        |    1 
        26 | root <root>              | 2015-10-31 00:21 | Install        |    2 
        25 | root <root>              | 2015-10-31 00:21 | Install        |    2 
        24 | root <root>              | 2015-10-31 00:21 | Install        |    2 
        23 | root <root>              | 2015-10-31 00:20 | Install        |    6 E<
        22 | root <root>              | 2015-10-31 00:15 | Install        |    3 >
        21 | root <root>              | 2015-10-31 00:14 | Install        |   18 
        20 | root <root>              | 2015-10-31 00:14 | Erase          |    4 
        19 | root <root>              | 2015-10-31 00:14 | Install        |   12  <
        18 | root <root>              | 2015-10-31 00:13 | Install        |    3 >
        17 | root <root>              | 2015-10-31 00:13 | Install        |    6 
        16 | root <root>              | 2015-10-31 00:13 | Install        |    1 
        15 | root <root>              | 2015-10-31 00:13 | Install        |    2 
        14 | root <root>              | 2015-10-31 00:12 | Install        |   22 
        13 | root <root>              | 2015-10-31 00:12 | Install        |    1 
        12 | root <root>              | 2015-10-31 00:11 | Install        |  262 
        11 | root <root>              | 2015-10-09 16:43 | I, O, U        |  175 EE
        10 | root <root>              | 2015-01-28 17:31 | I, U           |   38 
         9 | root <root>              | 2014-10-21 23:49 | Update         |    7 
         8 | root <root>              | 2014-10-10 00:16 | Update         |    5 
         7 | root <root>              | 2014-10-02 21:18 | Install        |    1 
         6 | root <root>              | 2014-10-02 21:16 | Install        |   27 
         5 | root <root>              | 2014-09-26 18:25 | Update         |   11 
         4 | root <root>              | 2014-09-26 00:03 | I, U           |   57 
         3 | root <root>              | 2014-07-10 23:39 | I, U           |   19 EE
         2 | root <root>              | 2014-07-09 01:42 | Install        |    2 
         1 | System <unset>           | 2014-07-09 01:02 | Install        |  292 
    history list
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    try this
    Code:
    yum history list openssl-libs
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    Sunka but if it's a yum update done months ago, rolling back could roll back alot of packages too so could be problematic
     
  13. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    uh, on 24 november, found it
    Code:
    [root@tvor-ocean ~]# yum history info 40
    Loaded plugins: fastestmirror, priorities
    Transaction ID : 40
    Begin time     : Tue Nov 24 23:29:20 2015
    Begin rpmdb    : 720:5cd87a036df3fb68e7e31131b1f55fe745d279bc
    End time       :            23:29:22 2015 (2 seconds)
    End rpmdb      : 720:c69d86a8c3c76b25efb8735aabdbbeed7eed8f91
    User           : root <root>
    Return-Code    : Success
    Command Line   : --disablerepo=* --enablerepo=axivo update openssl*
    Transaction performed with:
        Updated       rpm-4.11.1-25.el7.x86_64                      @base
        Updated       yum-3.4.3-125.el7.centos.noarch               @base
        Updated       yum-plugin-fastestmirror-1.1.31-29.el7.noarch @base
    Packages Altered:
        Updated openssl-1:1.0.1e-42.el7.9.x86_64       @updates
        Update          1:1.0.2a-2.el7.x86_64          @axivo
        Updated openssl-devel-1:1.0.1e-42.el7.9.x86_64 @updates
        Update                1:1.0.2a-2.el7.x86_64    @axivo
        Updated openssl-libs-1:1.0.1e-42.el7.9.x86_64  @updates
        Update               1:1.0.2a-2.el7.x86_64     @axivo
    history info
    What to do now?
     
  14. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    ah you're lucky it's just standalone openssl and openssl-libs and openssl-devel update so easier to rollback without consequences
    Code:
    yum history undo 40
    yum -y remove axivo-release
    yum clean all
    yum -y update
    these commands should remove axivo openssl package from transaction id 40 and remove axivo-release repo and then update you
     
    Last edited: Mar 3, 2016
    • Winner Winner x 1
  15. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    I am stuck on first one...
    What to answer?

    Code:
    [root@tvor-ocean ~]# yum history undo 40
    Loaded plugins: fastestmirror, priorities
    Undoing transaction 40, from Tue Nov 24 23:29:20 2015
        Updated openssl-1:1.0.1e-42.el7.9.x86_64       @updates
        Update          1:1.0.2a-2.el7.x86_64          @axivo
        Updated openssl-devel-1:1.0.1e-42.el7.9.x86_64 @updates
        Update                1:1.0.2a-2.el7.x86_64    @axivo
        Updated openssl-libs-1:1.0.1e-42.el7.9.x86_64  @updates
        Update               1:1.0.2a-2.el7.x86_64     @axivo
    Loading mirror speeds from cached hostfile
    * base: mirror2.hs-esslingen.de
    * epel: mirror.23media.de
    * extras: mirror2.hs-esslingen.de
    * remi-safe: remi.schlundtech.de
    * rpmforge: mirror.de.leaseweb.net
    * updates: mirror.imt-systems.com
    235 packages excluded due to repository priority protections
    Resolving Dependencies
    --> Running transaction check
    ---> Package openssl.x86_64 1:1.0.1e-42.el7.9 will be a downgrade
    ---> Package openssl.x86_64 1:1.0.2a-2.el7 will be erased
    ---> Package openssl-devel.x86_64 1:1.0.1e-42.el7.9 will be a downgrade
    ---> Package openssl-devel.x86_64 1:1.0.2a-2.el7 will be erased
    ---> Package openssl-libs.x86_64 1:1.0.1e-42.el7.9 will be a downgrade
    ---> Package openssl-libs.x86_64 1:1.0.2a-2.el7 will be erased
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
    Package              Arch          Version                   Repository   Size
    ================================================================================
    Downgrading:
    openssl              x86_64        1:1.0.1e-42.el7.9         base        711 k
    openssl-devel        x86_64        1:1.0.1e-42.el7.9         base        1.2 M
    openssl-libs         x86_64        1:1.0.1e-42.el7.9         base        949 k
    
    Transaction Summary
    ================================================================================
    Downgrade  3 Packages
    
    Total download size: 2.8 M
    Is this ok [y/d/N]: 
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    just answer yes = y
     
  17. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Code:
    [root@tvor-ocean ~]# yum history undo 40
    Loaded plugins: fastestmirror, priorities
    Undoing transaction 40, from Tue Nov 24 23:29:20 2015
        Updated openssl-1:1.0.1e-42.el7.9.x86_64       @updates
        Update          1:1.0.2a-2.el7.x86_64          @axivo
        Updated openssl-devel-1:1.0.1e-42.el7.9.x86_64 @updates
        Update                1:1.0.2a-2.el7.x86_64    @axivo
        Updated openssl-libs-1:1.0.1e-42.el7.9.x86_64  @updates
        Update               1:1.0.2a-2.el7.x86_64     @axivo
    Loading mirror speeds from cached hostfile
    * base: mirror2.hs-esslingen.de
    * epel: mirror.23media.de
    * extras: mirror2.hs-esslingen.de
    * remi-safe: remi.schlundtech.de
    * rpmforge: mirror.de.leaseweb.net
    * updates: mirror.imt-systems.com
    235 packages excluded due to repository priority protections
    Resolving Dependencies
    --> Running transaction check
    ---> Package openssl.x86_64 1:1.0.1e-42.el7.9 will be a downgrade
    ---> Package openssl.x86_64 1:1.0.2a-2.el7 will be erased
    ---> Package openssl-devel.x86_64 1:1.0.1e-42.el7.9 will be a downgrade
    ---> Package openssl-devel.x86_64 1:1.0.2a-2.el7 will be erased
    ---> Package openssl-libs.x86_64 1:1.0.1e-42.el7.9 will be a downgrade
    ---> Package openssl-libs.x86_64 1:1.0.2a-2.el7 will be erased
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
    Package              Arch          Version                   Repository   Size
    ================================================================================
    Downgrading:
    openssl              x86_64        1:1.0.1e-42.el7.9         base        711 k
    openssl-devel        x86_64        1:1.0.1e-42.el7.9         base        1.2 M
    openssl-libs         x86_64        1:1.0.1e-42.el7.9         base        949 k
    
    Transaction Summary
    ================================================================================
    Downgrade  3 Packages
    
    Total download size: 2.8 M
    Is this ok [y/d/N]: y
    Downloading packages:
    (1/3): openssl-1.0.1e-42.el7.9.x86_64.rpm                  | 711 kB   00:00    
    (2/3): openssl-libs-1.0.1e-42.el7.9.x86_64.rpm             | 949 kB   00:00    
    (3/3): openssl-devel-1.0.1e-42.el7.9.x86_64.rpm            | 1.2 MB   00:00    
    --------------------------------------------------------------------------------
    Total                                              6.6 MB/s | 2.8 MB  00:00    
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : 1:openssl-libs-1.0.1e-42.el7.9.x86_64                        1/6
      Installing : 1:openssl-devel-1.0.1e-42.el7.9.x86_64                       2/6
      Installing : 1:openssl-1.0.1e-42.el7.9.x86_64                             3/6
      Cleanup    : 1:openssl-devel-1.0.2a-2.el7.x86_64                          4/6
      Cleanup    : 1:openssl-1.0.2a-2.el7.x86_64                                5/6
      Cleanup    : 1:openssl-libs-1.0.2a-2.el7.x86_64                           6/6
      Verifying  : 1:openssl-libs-1.0.1e-42.el7.9.x86_64                        1/6
      Verifying  : 1:openssl-devel-1.0.1e-42.el7.9.x86_64                       2/6
      Verifying  : 1:openssl-1.0.1e-42.el7.9.x86_64                             3/6
      Verifying  : 1:openssl-libs-1.0.2a-2.el7.x86_64                           4/6
      Verifying  : 1:openssl-devel-1.0.2a-2.el7.x86_64                          5/6
      Verifying  : 1:openssl-1.0.2a-2.el7.x86_64                                6/6
    
    Removed:
      openssl.x86_64 1:1.0.2a-2.el7          openssl-devel.x86_64 1:1.0.2a-2.el7   
      openssl-libs.x86_64 1:1.0.2a-2.el7   
    
    Installed:
      openssl.x86_64 1:1.0.1e-42.el7.9       openssl-devel.x86_64 1:1.0.1e-42.el7.9
      openssl-libs.x86_64 1:1.0.1e-42.el7.9
    
    Complete!
    You have new mail in /var/spool/mail/root
    [root@tvor-ocean ~]# yum -y remove axivo-release
    Loaded plugins: fastestmirror, priorities
    Resolving Dependencies
    --> Running transaction check
    ---> Package axivo-release.noarch 0:7-1 will be erased
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
    Package                Arch            Version        Repository          Size
    ================================================================================
    Removing:
    axivo-release          noarch          7-1            installed           37 k
    
    Transaction Summary
    ================================================================================
    Remove  1 Package
    
    Installed size: 37 k
    Downloading packages:
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Erasing    : axivo-release-7-1.noarch                                     1/1
    warning: /etc/yum.repos.d/axivo.repo saved as /etc/yum.repos.d/axivo.repo.rpmsave
      Verifying  : axivo-release-7-1.noarch                                     1/1
    
    Removed:
      axivo-release.noarch 0:7-1                                                   
    
    Complete!
    [root@tvor-ocean ~]# yum clean all
    Loaded plugins: fastestmirror, priorities
    Cleaning repos: base elasticsearch-2.x epel extras mariadb remi-safe rpmforge
                  : updates
    Cleaning up everything
    Cleaning up list of fastest mirrors
    [root@tvor-ocean ~]# yum -y update
    Loaded plugins: fastestmirror, priorities
    base                                                     | 3.6 kB     00:00    
    elasticsearch-2.x                                        | 2.9 kB     00:00    
    epel/x86_64/metalink                                     |  22 kB     00:00    
    epel                                                     | 4.3 kB     00:00    
    extras                                                   | 3.4 kB     00:00    
    mariadb                                                  | 2.9 kB     00:00    
    remi-safe                                                | 2.9 kB     00:00    
    rpmforge                                                 | 1.9 kB     00:00    
    updates                                                  | 3.4 kB     00:00    
    (1/10): base/7/x86_64/group_gz                             | 155 kB   00:00    
    (2/10): epel/x86_64/group_gz                               | 169 kB   00:00    
    (3/10): epel/x86_64/updateinfo                             | 503 kB   00:00    
    (4/10): extras/7/x86_64/primary_db                         | 101 kB   00:00    
    (5/10): elasticsearch-2.x/primary_db                       | 4.4 kB   00:00    
    (6/10): base/7/x86_64/primary_db                           | 5.3 MB   00:00    
    (7/10): mariadb/primary_db                                 |  18 kB   00:00    
    (8/10): remi-safe/primary_db                               | 358 kB   00:00    
    (9/10): epel/x86_64/primary_db                             | 3.9 MB   00:00    
    (10/10): updates/7/x86_64/primary_db                       | 3.1 MB   00:00    
    rpmforge/primary_db                                        | 125 kB   00:00    
    Determining fastest mirrors
    * base: ftp.plusline.de
    * epel: mirror.23media.de
    * extras: mirror.de.leaseweb.net
    * remi-safe: remi.schlundtech.de
    * rpmforge: mirror.de.leaseweb.net
    * updates: ftp.plusline.de
    235 packages excluded due to repository priority protections
    Resolving Dependencies
    --> Running transaction check
    ---> Package openssl.x86_64 1:1.0.1e-42.el7.9 will be updated
    ---> Package openssl.x86_64 1:1.0.1e-51.el7_2.4 will be an update
    ---> Package openssl-devel.x86_64 1:1.0.1e-42.el7.9 will be updated
    ---> Package openssl-devel.x86_64 1:1.0.1e-51.el7_2.4 will be an update
    ---> Package openssl-libs.x86_64 1:1.0.1e-42.el7.9 will be updated
    ---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.4 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
    Package             Arch         Version                   Repository     Size
    ================================================================================
    Updating:
    openssl             x86_64       1:1.0.1e-51.el7_2.4       updates       711 k
    openssl-devel       x86_64       1:1.0.1e-51.el7_2.4       updates       1.2 M
    openssl-libs        x86_64       1:1.0.1e-51.el7_2.4       updates       951 k
    
    Transaction Summary
    ================================================================================
    Upgrade  3 Packages
    
    Total download size: 2.8 M
    Downloading packages:
    updates/7/x86_64/prestodelta                               | 248 kB   00:00    
    Delta RPMs reduced 2.8 M of updates to 797 k (72% saved)
    (1/3): openssl-devel-1.0.1e-42.el7.9_1.0.1e-51.el7_2.4.x86 | 267 kB   00:00    
    (2/3): openssl-libs-1.0.1e-42.el7.9_1.0.1e-51.el7_2.4.x86_ | 180 kB   00:00    
    (3/3): openssl-1.0.1e-42.el7.9_1.0.1e-51.el7_2.4.x86_64.dr | 350 kB   00:00    
    Finishing delta rebuilds of 3 package(s) (2.8 M)
    --------------------------------------------------------------------------------
    Total                                              457 kB/s | 797 kB  00:01    
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Updating   : 1:openssl-libs-1.0.1e-51.el7_2.4.x86_64                      1/6
      Updating   : 1:openssl-devel-1.0.1e-51.el7_2.4.x86_64                     2/6
      Updating   : 1:openssl-1.0.1e-51.el7_2.4.x86_64                           3/6
      Cleanup    : 1:openssl-devel-1.0.1e-42.el7.9.x86_64                       4/6
      Cleanup    : 1:openssl-1.0.1e-42.el7.9.x86_64                             5/6
      Cleanup    : 1:openssl-libs-1.0.1e-42.el7.9.x86_64                        6/6
      Verifying  : 1:openssl-devel-1.0.1e-51.el7_2.4.x86_64                     1/6
      Verifying  : 1:openssl-1.0.1e-51.el7_2.4.x86_64                           2/6
      Verifying  : 1:openssl-libs-1.0.1e-51.el7_2.4.x86_64                      3/6
      Verifying  : 1:openssl-libs-1.0.1e-42.el7.9.x86_64                        4/6
      Verifying  : 1:openssl-devel-1.0.1e-42.el7.9.x86_64                       5/6
      Verifying  : 1:openssl-1.0.1e-42.el7.9.x86_64                             6/6
    
    Updated:
      openssl.x86_64 1:1.0.1e-51.el7_2.4                                           
      openssl-devel.x86_64 1:1.0.1e-51.el7_2.4                                     
      openssl-libs.x86_64 1:1.0.1e-51.el7_2.4                                      
    
    Complete!
     
  18. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    not updated to 1.0.2g??
     
  19. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    1:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    read 1st post at Security - OpenSSL 1.0.2g & Updating Centmin Mod Nginx SSL Support | Centmin Mod Community
    CentOS/Redhat backports fixes into existing major versions
    so you have the updated fixed version
    Code (Text):
    Updated:
      openssl.x86_64 1:1.0.1e-51.el7_2.4                                          
      openssl-devel.x86_64 1:1.0.1e-51.el7_2.4                                    
      openssl-libs.x86_64 1:1.0.1e-51.el7_2.4 
     
  20. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    5:57 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    OK, so I have to reboot server now and then switch to Nginx recompile with OPENSSL_VER='1.02g' as it stand here