devnumbertwo - $h!t for developers

View Original

You should rebuild using libgmp >= 5 to avoid timing attack vulnerability

getting this on your linux when trying to run something?

See this content in the original post

yup, seen it…

RHEL has GMP version 4.something
PyCrypto needs GMP >= 5

RHEL is a tad behind we have to re-make The GNU Multiple Precision Arithmetic Library stuff.

solution:

    1. download the sources from https://gmplib.org/#DOWNLOAD

    2. and according to the instructions from the package:

      tar -xvjpf gmp-6.0.0a.tar.bz2
      ./configure 
      make 
      make check
      make install 
      
      
    3. rebuild PyCrypto

      pip install --ignore-installed PyCrypto
    4. for good measure, re-build and re-install some stuff (trust me, just go with it)

      yum -y groupinstall "Development tools" 
      yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-devel openssl-devel zlib-devel bzip2-devel ncurses-devel

tada! send me a nice thank you note when you’re done.