On Wed, Jul 26, 2017 at 05:18:16PM -0500, Josh More wrote: > > I have done manual patches of OpenSSL on systems that were not otherwise > upgradeable. It usually works okay, but it depends on the distro and the > particular openSSL libraries they're looking for. This is why all of the > libraries symlink to .so.1 and .so versions. Usually this works fine ... > sometimes it doesn't and it's going to depend on the specific apps that > need SSL. The process is generally to download the source package (.srpm > in the RH world) and load a more modern source tarball and adjust the SPEC > file or whatever is being used for DPKG. Then you build it with a > different version number to avoid conflicts. Not hard in general. Really > hard if you've never done it before. > > I have also tested the heartbleed attack and was able to get data. As > everyone says, the data you get is random. You can, in theory, get private > data but what sort of data and how much is very use-case dependent. > Good info, and about what I was looking to get from here. Thanks much. Compiling software and dumping it on top of my systems is never a problem in my hood; backups will recover any wrong-doing very swiftly, at most at the cost of a reboot. This is going to be on Slackware, so it will be pretty easy. And I will report back.