CVE-2014-0160 OpenSSL Heartbleed
hi ppl this is outrageous
as of now after updating PPM i still dont see an updated version of openssl and still get the output you just posted. is it important for me to uninstall the current version anyway and how?
does the web browser and other internet apps indirectly use that library?
i hope you all know this bug was planted by a government agent posing as a "volunteer developer" who contributed real code improvement while slipping this in at the same time, so they have definitely been exploiting it
this reminded me of how i dislike passwords anyway and gpg should just be used for every website
does the web browser and other internet apps indirectly use that library?
i hope you all know this bug was planted by a government agent posing as a "volunteer developer" who contributed real code improvement while slipping this in at the same time, so they have definitely been exploiting it
this reminded me of how i dislike passwords anyway and gpg should just be used for every website
It is said that this problem has a problem on the server side in particular.
Probably there will be few people using Puppy as a server.
However, in the case of Puppy,
I was convinced that what the contents of the file were included in as released memory information was a big problem.
(When it is Frugal Install. As for this, many people should choose it)
I hurried correspondence in Puppy from this importance.
Probably there will be few people using Puppy as a server.
However, in the case of Puppy,
I was convinced that what the contents of the file were included in as released memory information was a big problem.
(When it is Frugal Install. As for this, many people should choose it)
I hurried correspondence in Puppy from this importance.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
- OscarTalks
- Posts: 2196
- Joined: Mon 06 Feb 2012, 00:58
- Location: London, England
Hope it is OK for me to mention in this thread that I have compiled OpenSSL 1.0.1g in Dpup Wheezy if anyone would like to test it.
http://www.murga-linux.com/puppy/viewto ... &start=676
Precise and/or Slackware 14.0 packages will usually not work in Wheezy because (among other things) they have glibc 2.15 and Wheezy has glibc 2.13
http://www.murga-linux.com/puppy/viewto ... &start=676
Precise and/or Slackware 14.0 packages will usually not work in Wheezy because (among other things) they have glibc 2.15 and Wheezy has glibc 2.13
Oscar in England
Handling of openssl.cnf in Puppy
Even a Japanese forum examined correspondence of OpenSSL:
http://sakurapup.browserloadofcoolness. ... php?t=2581
It becomes the argument whether a package updates "openssl.cnf" here,
or it leave an old file.
openssl.cnf is in /etc/ssl .
The Ubuntu package overwrites in openssl.cnf to change the encryption,
but Puppy Linux does not update openssl.cnf for a long time.
This has indication considered not to update it daringly.
Please teach the person understanding handling of openssl.cnf.
http://sakurapup.browserloadofcoolness. ... php?t=2581
It becomes the argument whether a package updates "openssl.cnf" here,
or it leave an old file.
openssl.cnf is in /etc/ssl .
The Ubuntu package overwrites in openssl.cnf to change the encryption,
but Puppy Linux does not update openssl.cnf for a long time.
This has indication considered not to update it daringly.
Please teach the person understanding handling of openssl.cnf.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Updated in Package Manager by Slacko
I tried update in Slacko to convince information.
We can update OpenSSL in a procedure same as Precise.
After having started a Puppy Package Manager,
Configure package manager(The right of Uninstall) - Update Now
Package Manger gets the latest factpack by this operation from Slackware.
2 installation packages: openssl-1.0.1g openssl-solibs-1.0.1g
As a result of having updated it by this method, the openssl version is in this condition:
We can update OpenSSL in a procedure same as Precise.
After having started a Puppy Package Manager,
Configure package manager(The right of Uninstall) - Update Now
Package Manger gets the latest factpack by this operation from Slackware.
2 installation packages: openssl-1.0.1g openssl-solibs-1.0.1g
As a result of having updated it by this method, the openssl version is in this condition:
Code: Select all
# openssl version
OpenSSL 1.0.1g 7 Apr 2014
# openssl version -b
built on: Tue Apr 8 09:00:45 CDT 2014
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Re: Handling of openssl.cnf in Puppy
To all, especially who concern the woof(Puppy builder).
As balloon says, we found the file /etc/ssl/openssl.cnf built in most of Puppy is too old.
The file will be updated when we update the openssl package.
It maybe alright, but how do you think why the woof keeps this old config file?
The file /etc/ssl/openssl.cnf is fixed as the old one by the woof even new version of openssl is installed by the Puppy builder. Maybe Barry has implemented in the woof2, and now the woof-CE follows.
Therefore, the files /etc/ssl/openssl.cnf in most of Puppies, Precise Puppy, Slacko, Dpup, and etc.. are now all the same.
As balloon says, we found the file /etc/ssl/openssl.cnf built in most of Puppy is too old.
The file will be updated when we update the openssl package.
It maybe alright, but how do you think why the woof keeps this old config file?
The file /etc/ssl/openssl.cnf is fixed as the old one by the woof even new version of openssl is installed by the Puppy builder. Maybe Barry has implemented in the woof2, and now the woof-CE follows.
Therefore, the files /etc/ssl/openssl.cnf in most of Puppies, Precise Puppy, Slacko, Dpup, and etc.. are now all the same.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
openssl.cnf
Right.pemasu wrote:The replacement happens due to openssl package-template.woof-ce-december2/woof-out_x86_x86_debian_wheezy/packages-templates/openssl/etc/ssl/openssl.cnf
The question is why Barry put this, and how we interpret his intention.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
Re: openssl.cnf
That's a question for BKshinobar wrote: The question is why Barry put this, and how we interpret his intention.
but I would guess that he never bother to update it after whatever looked good at the time.
As a matter of fact all the is missing is the time stamp policy configuration
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==
Re: openssl.cnf
As for this, the Ubuntu package updates openssl.cnf this time, but do you think that it is not good?mavrothal wrote:
but I would guess that he never bother to update it after whatever looked good at the time.
As a matter of fact all the is missing is the time stamp policy configuration
I want the clear answer. (that is not imagination)
Other distribution is thought to update openssl.cnf.
This is because it is necessary to change a coding logic for security enhancement.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
I have tried your Pet in Slacko 5.5 as well as Puppy Precise 5.71, and Puppy Blue (Quirky Tahr) in disguise) and it updated according to a check as the new version.OscarTalks wrote:Hope it is OK for me to mention in this thread that I have compiled OpenSSL 1.0.1g in Dpup Wheezy if anyone would like to test it.
http://www.murga-linux.com/puppy/viewto ... &start=676
Precise and/or Slackware 14.0 packages will usually not work in Wheezy because (among other things) they have glibc 2.15 and Wheezy has glibc 2.13
the pet for Dpup
Do not install the pet for Dpup on other Puppies.8-bit wrote:I have tried your Pet in Slacko 5.5 as well as Puppy Precise 5.71, and Puppy Blue (Quirky Tahr) in disguise) and it updated according to a check as the new version.OscarTalks wrote:Hope it is OK for me to mention in this thread that I have compiled OpenSSL 1.0.1g in Dpup Wheezy if anyone would like to test it.
http://www.murga-linux.com/puppy/viewto ... &start=676
Precise and/or Slackware 14.0 packages will usually not work in Wheezy because (among other things) they have glibc 2.15 and Wheezy has glibc 2.13
Debian installs the libraries in /usr/lib, remaining old libraries in /lib which Ubuntu and Slackware place.
For Dpup is for Dpup, not for other Puppies.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
For Puppy Precise 5.7.1 i installed these 2 packages and now i have updated openssl "OpenSSL 1.0.1g 7 Apr 2014"
https://launchpad.net/~george-edison55/ ... 1_i386.deb
https://launchpad.net/~george-edison55/ ... 1_i386.deb
https://launchpad.net/~george-edison55/ ... 1_i386.deb
https://launchpad.net/~george-edison55/ ... 1_i386.deb
openssl heartbleed fix for Precise and Raring
Thanks fantazam,
For the links to the debs you found for Precise 5.71. They also apparently work to update openssl in Upup raring 3.9.9.2 and upup precise 3.8.3.
mikeslr
For the links to the debs you found for Precise 5.71. They also apparently work to update openssl in Upup raring 3.9.9.2 and upup precise 3.8.3.
mikeslr
Update for Ubuntu compatible Puppies
Ubuntu provides its official deb packages for the fix.
For the Precise Puppy, tahr, you can get them from the Puppy Package Manager.
Follow the post by balloon.
http://murga-linux.com/puppy/viewtopic. ... 6&start=18
EDIT: Ubuntu does not provide the fix packages for raring.
See next post by balloon.
For the Precise Puppy, tahr, you can get them from the Puppy Package Manager.
Follow the post by balloon.
http://murga-linux.com/puppy/viewtopic. ... 6&start=18
EDIT: Ubuntu does not provide the fix packages for raring.
See next post by balloon.
Last edited by shinobar on Mon 14 Apr 2014, 10:15, edited 1 time in total.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
Oops, there are instructions,
The update with the Ubuntu package is not intended for Upup raring.
Ubuntu 13.04 Raring Ring already for the package update expire.(January, 2014)
The update of OpenSSL by Upup raring needs original build correspondence.
When this cannot support, As for the Internet connection of Rpup raring, danger increases.
The update with the Ubuntu package is not intended for Upup raring.
Ubuntu 13.04 Raring Ring already for the package update expire.(January, 2014)
The update of OpenSSL by Upup raring needs original build correspondence.
When this cannot support, As for the Internet connection of Rpup raring, danger increases.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Important notice
To the main very important person showing .iso,
These security issues have a big influence.
Puppy Linux thinks that it is hard to receive the attack for a client use,
Damage when we received an attack to Puppy is heavy.
There are many tendencies that Puppy Linux packages it and does not update.
This situation is not good.
It is necessary to examine the release of .iso which updated OpenSSL.
(include the Windows .exe version occurring partly)
These security issues have a big influence.
Puppy Linux thinks that it is hard to receive the attack for a client use,
Damage when we received an attack to Puppy is heavy.
There are many tendencies that Puppy Linux packages it and does not update.
This situation is not good.
It is necessary to examine the release of .iso which updated OpenSSL.
(include the Windows .exe version occurring partly)
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Fix PET for Precise Puppy
For all Precise Puppy:
http://shino.pos.to/linux/puppy/openssl ... tu5.12.pet
It contains 2 libraries under /lib from libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb,
/etc/ssl/openssl.cnf from openssl_1.0.1-4ubuntu5.12_i386.deb
Type next command on the terminal to see the openssl updated.
'Apr 7, 2014' is OK.
http://shino.pos.to/linux/puppy/openssl ... tu5.12.pet
It contains 2 libraries under /lib from libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb,
/etc/ssl/openssl.cnf from openssl_1.0.1-4ubuntu5.12_i386.deb
Type next command on the terminal to see the openssl updated.
Code: Select all
# openssl version -b
built on: Mon Apr 7 20:31:55 UTC 2014
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
As for the .pet file which Shinobar showed, Ubuntu package was made for the cause.
Ubuntu 13.04 is the situation that a package of OpenSSL is not shown now.
This is that it is difficult to offer .pet packag of most suitable OpenSSL for Upup Raring.
I suggest to a person using Upup Raring to stop use, This use continuation is bad.
Ubuntu 13.04 is the situation that a package of OpenSSL is not shown now.
This is that it is difficult to offer .pet packag of most suitable OpenSSL for Upup Raring.
I suggest to a person using Upup Raring to stop use, This use continuation is bad.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)