Openssl update to 1.0.1k
Openssl update to 1.0.1k
A new security update to openssl. If one has the prior version (1.0.1j 1.0.0o, or 0.9.88zc) there is at least one reason to upgrade. The "no-ssl3" fix can be worked-around, causing a denial of service (DoS). This latest version repairs that flaw. There is a write up in vunerabilities.
The tar.bz can be found here along with an "L" version addressing a bug in windows/mac not security-related.
**Edit** The above link to the download is for developers/programmers of Puppies other than Slacko. Puppies based on Slackware can view any needed D/L's in MENU--> SETUP--> Updates Manager. Appologies for the lack of clarity.
The tar.bz can be found here along with an "L" version addressing a bug in windows/mac not security-related.
**Edit** The above link to the download is for developers/programmers of Puppies other than Slacko. Puppies based on Slackware can view any needed D/L's in MENU--> SETUP--> Updates Manager. Appologies for the lack of clarity.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
I share my newly compiled packages.
openssl-0.9.8ze-p4-i486.pet:
https://copy.com/IFkdp4Q6p3yBmtSw
openssl_DEV-0.9.8ze-p4-i486.pet:
https://copy.com/Tr3DzjaU9Hv2gppG
openssl-1.0.0q-w5-i486.pet:
https://copy.com/AQLQAw0tDFPviRD6
openssl_DEV-1.0.0q-w5-i486.pet:
https://copy.com/64j4gNAfKr4qgDR4
openssl-0.9.8ze-p4-i486.pet:
https://copy.com/IFkdp4Q6p3yBmtSw
openssl_DEV-0.9.8ze-p4-i486.pet:
https://copy.com/Tr3DzjaU9Hv2gppG
openssl-1.0.0q-w5-i486.pet:
https://copy.com/AQLQAw0tDFPviRD6
openssl_DEV-1.0.0q-w5-i486.pet:
https://copy.com/64j4gNAfKr4qgDR4
Thanks for the pets, but
Hi watchdog,
I greatly appreciate your efforts to maintain Puppy Linux as a safe computing environment, and especially that you share your hard work with others.
Thank you for your recent pets.
I explore many Puppy variations. At any time I usually have five or more Pups which I try to keep up to date. The "oldest" Ubuntu based is the original Lupu 5.28. The most recent, Unicorn. My "Slacko" based are Slacko 5.6, Banksy based on 5.6, and rufwoof's variant based, I believe, on Slacko 5.3.3. I also have Carolina-Vanguard Release 2.
As you know, applications built for one Pup variant may not be compatible in Pups built from other sources. So it would be helpful if your pets' description indicated which Pup variant they were built for, and perhaps in which other Pup variants they might properly function.
If I were to guess, it would be that openssl-0.9.8ze-p4-i486.pet should function in debian and ubuntu based Pups; while openssl-1.0.0q-w5-i486.pet should function in wary/racy/saluki and the Carolinas.
But that's just a guess.
Thanks in advance.
mikesLr
I greatly appreciate your efforts to maintain Puppy Linux as a safe computing environment, and especially that you share your hard work with others.
Thank you for your recent pets.
I explore many Puppy variations. At any time I usually have five or more Pups which I try to keep up to date. The "oldest" Ubuntu based is the original Lupu 5.28. The most recent, Unicorn. My "Slacko" based are Slacko 5.6, Banksy based on 5.6, and rufwoof's variant based, I believe, on Slacko 5.3.3. I also have Carolina-Vanguard Release 2.
As you know, applications built for one Pup variant may not be compatible in Pups built from other sources. So it would be helpful if your pets' description indicated which Pup variant they were built for, and perhaps in which other Pup variants they might properly function.
If I were to guess, it would be that openssl-0.9.8ze-p4-i486.pet should function in debian and ubuntu based Pups; while openssl-1.0.0q-w5-i486.pet should function in wary/racy/saluki and the Carolinas.
But that's just a guess.
Thanks in advance.
mikesLr
Slackware security advisories >> Ubuntu security notices << Pup requires manual update to stay current..
I don't profess to know much, but it surprises me that active members don't know where to look for these.
Furthermore, pay attention to what's on the table for each variant..
I don't profess to know much, but it surprises me that active members don't know where to look for these.
Furthermore, pay attention to what's on the table for each variant..
Thanks, Semme.Semme wrote:Slackware security advisories >> Ubuntu security notices << Pup requires manual update to stay current..
I don't profess to know much, but it surprises me that active members don't know where to look for these.
Furthermore, pay attention to what's on the table for each variant..
I'm on slacko-6.0b right now, and the slackware package you mentioned above
installed itself "just by clicking on it".
BFN.
musher0
Last edited by musher0 on Mon 26 Jan 2015, 06:26, edited 1 time in total.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
@mikeslr
I compiled openssl for the only two old puppies I mantain which have not patches in official repositories. They are puppy 4.31 (the packages should work in all puppies of 4.xx series) and wary-racy (the packages should work in every release of wary-racy). For the other puppies you can easily find updated openssl in official repositories of other distros. Slacko 5.3x is slackware 13.37 based so you should look at:
http://mirrors.slackware.com/slackware/ ... /packages/
(install patched openssl and openssl-solibs).
Lucid is ubuntu lucid based and you should look at:
http://packages.ubuntu.com/lucid-updates/allpackages
(install patched openssl and libssl).
And so on. For recent puppies whose official repositories are still mantained you can just update packages in PPM and reinstall openssl by PPM. Some recent puppy have quickpet-updates managers: in tahr you just run quickpet. I don't know now if slacko 5.6 or 5.7 slackware 14.0 based have openssl patches in update manager. I'm now back to wary: my first love. I hope it's more clear.
I compiled openssl for the only two old puppies I mantain which have not patches in official repositories. They are puppy 4.31 (the packages should work in all puppies of 4.xx series) and wary-racy (the packages should work in every release of wary-racy). For the other puppies you can easily find updated openssl in official repositories of other distros. Slacko 5.3x is slackware 13.37 based so you should look at:
http://mirrors.slackware.com/slackware/ ... /packages/
(install patched openssl and openssl-solibs).
Lucid is ubuntu lucid based and you should look at:
http://packages.ubuntu.com/lucid-updates/allpackages
(install patched openssl and libssl).
And so on. For recent puppies whose official repositories are still mantained you can just update packages in PPM and reinstall openssl by PPM. Some recent puppy have quickpet-updates managers: in tahr you just run quickpet. I don't know now if slacko 5.6 or 5.7 slackware 14.0 based have openssl patches in update manager. I'm now back to wary: my first love. I hope it's more clear.
I am not an expert so I am asking to you. Why all linux distros provide openssl authomatic updates to our pcs for this patch? Is there a possibility that our puppy pcs take acting as servers as consequence of malicious software? I also use sometimes to boot an old puppy and to surf the internet without security fears mantaining an updated puppy only to enjoy playing with softwares and online banking. How much have you to take care for security bugs in puppy softwares and in what circumstances? Allthough I think having an updated openssl package is one more our choice.
Ok well from what I read this security flaw applies to server usage...it does not turn your system into a server. In other words for desktop usage/internet browsing it appears the update/fix is not required.
Just wanted to clarification before altering these core libraries.... I previously read the original problem did not apply to 0.9.8 but it appears this is no longer the case.
The bash update seems to be of similar nature...ie relevant to servers only.
mike
Just wanted to clarification before altering these core libraries.... I previously read the original problem did not apply to 0.9.8 but it appears this is no longer the case.
The bash update seems to be of similar nature...ie relevant to servers only.
mike
Not that I understand "all things Internet," correct. Unless you're running a server, fix *not* required. Sensing an unsatisfactory response to Mikes initial post, I'm all for challenging folks to think, question and understand for themselves whether they should overreact to these type of advisories.
Why bother? Because I possess a sense of responsibility.
I am new to Puppy, and have Puppy 5.7.1 which I intend to use as portable desktop and to carry an encrypted file of financial information and passwords.
I have not figured out if openssl is part of that solution, but I checked my version
Do I need to upgrade? If so, can I do it with the package manager?
My thanks in advance,
I have not figured out if openssl is part of that solution, but I checked my version
Code: Select all
# openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 15 15:27:09 UTC 2013
platform: debian-i386
options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
My thanks in advance,
- Rob M.
Puppy in My Pocket
Puppy in My Pocket
On yout version;
MENU --> Setup --> Updates from Slackware
This will enlighten.
To view your present version
Open Terminal
type openssl version
exit when done
Regards
8Geee
MENU --> Setup --> Updates from Slackware
This will enlighten.
To view your present version
Open Terminal
type openssl version
exit when done
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Hello all.
The revival of this thread prompted me to revisit the subject. So I compiled
openssl-1.0.2f on the DPup Wheezy I'm updating. This compilation should
work on any Puppy that has a (e)glibc of 2.13 or more.
(Typingin terminal will tell you which version of (e)glibc your Puppy is using.)
You can download it as pets:
https://www.adrive.com/public/Knut3A/openssl-1.0.2f.pet (main archive)
https://www.adrive.com/public/7avQ9B/op ... 2f_man.pet (separate man files)
... or as an sfs for any Puppy:
https://www.adrive.com/public/WJrAAh/openssl-1.0.2f.sfs
I don't expect anything fishy: it compiled fine from the source at the openssl site
and I tested it on my system -- but let me know if you experience any problems.
openssl-1.0.2f is the latest stable version at this time. A version 1.1.0 exists, but
it is still being tested, and the authors do not recommend it for general use yet.
Enjoy! BFN.
The revival of this thread prompted me to revisit the subject. So I compiled
openssl-1.0.2f on the DPup Wheezy I'm updating. This compilation should
work on any Puppy that has a (e)glibc of 2.13 or more.
(Typing
Code: Select all
ldd --version
You can download it as pets:
https://www.adrive.com/public/Knut3A/openssl-1.0.2f.pet (main archive)
https://www.adrive.com/public/7avQ9B/op ... 2f_man.pet (separate man files)
... or as an sfs for any Puppy:
https://www.adrive.com/public/WJrAAh/openssl-1.0.2f.sfs
I don't expect anything fishy: it compiled fine from the source at the openssl site
and I tested it on my system -- but let me know if you experience any problems.
openssl-1.0.2f is the latest stable version at this time. A version 1.1.0 exists, but
it is still being tested, and the authors do not recommend it for general use yet.
Enjoy! BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
It is not clear to me if this was intended to help me decide if I need an upgrade, or directed at another post.8Geee wrote:On yout version;
MENU --> Setup --> Updates from Slackware
This will enlighten.
To view your present version
Open Terminal
type openssl version
exit when done
Regards
8Geee
I posted my version (OpenSSL 1.0.1 14 Mar 2012 ) , and do not know which version is needed for Puppy 5.7.1 ( which is not the slackware version: do I care about updates from slackware?) I'm new to Puppy, enlightenment comes slowly!
I failed to plainly ask "Is openssl a good tool to encrypt a single file for later viewing on a flash drive install?'
- Rob M.
Puppy in My Pocket
Puppy in My Pocket
appologies robert_m you are using debian-related. Nonetheless, there 'should' be some update available thru deb-repos if needed. Essentially serrver-certificates on both ends are affected.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
8Geee? robert_m?
Please get new glasses? Or maybe you unlearned how to read?
I spent over an hour compiling and uploading the most recent stable openssl for
you guys -- on a Debian Wheezy compatible pup.
You could say: "thank you."
@Robert:
Yes my package should be compatible with Puppy Precise 5.7.1 since that
PrecisePup uses glibc 2.15, a higher version retro-compatible with the glibc 2.13
that I compiled your openssl on.
Another reason is that ubuntu is derived from debian, and therefore ubuntu-type
Puppies are also Debian-compatible Puppies.
The only real way to know is to try it. That's the way it is in PuppyLinux. It can't
break anything. There may be some other dependency I am not aware of on
Precise, but unfortunately, I don't read crystal balls for a living.
If it doesn't work properly, just send me feedback and I'll see what I can do.
Best regards to both of you.
Please get new glasses? Or maybe you unlearned how to read?
I spent over an hour compiling and uploading the most recent stable openssl for
you guys -- on a Debian Wheezy compatible pup.
You could say: "thank you."
@Robert:
Yes my package should be compatible with Puppy Precise 5.7.1 since that
PrecisePup uses glibc 2.15, a higher version retro-compatible with the glibc 2.13
that I compiled your openssl on.
Another reason is that ubuntu is derived from debian, and therefore ubuntu-type
Puppies are also Debian-compatible Puppies.
The only real way to know is to try it. That's the way it is in PuppyLinux. It can't
break anything. There may be some other dependency I am not aware of on
Precise, but unfortunately, I don't read crystal balls for a living.
If it doesn't work properly, just send me feedback and I'll see what I can do.
Best regards to both of you.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)