I have tried your Pet in Slacko 5.5 as well as Puppy Precise 5.71, and Puppy Blue (Quirky Tahr) in disguise) and it updated according to a check as the new version.OscarTalks wrote:Hope it is OK for me to mention in this thread that I have compiled OpenSSL 1.0.1g in Dpup Wheezy if anyone would like to test it.
http://www.murga-linux.com/puppy/viewto ... &start=676
Precise and/or Slackware 14.0 packages will usually not work in Wheezy because (among other things) they have glibc 2.15 and Wheezy has glibc 2.13
CVE-2014-0160 OpenSSL Heartbleed
the pet for Dpup
Do not install the pet for Dpup on other Puppies.8-bit wrote:I have tried your Pet in Slacko 5.5 as well as Puppy Precise 5.71, and Puppy Blue (Quirky Tahr) in disguise) and it updated according to a check as the new version.OscarTalks wrote:Hope it is OK for me to mention in this thread that I have compiled OpenSSL 1.0.1g in Dpup Wheezy if anyone would like to test it.
http://www.murga-linux.com/puppy/viewto ... &start=676
Precise and/or Slackware 14.0 packages will usually not work in Wheezy because (among other things) they have glibc 2.15 and Wheezy has glibc 2.13
Debian installs the libraries in /usr/lib, remaining old libraries in /lib which Ubuntu and Slackware place.
For Dpup is for Dpup, not for other Puppies.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
For Puppy Precise 5.7.1 i installed these 2 packages and now i have updated openssl "OpenSSL 1.0.1g 7 Apr 2014"
https://launchpad.net/~george-edison55/ ... 1_i386.deb
https://launchpad.net/~george-edison55/ ... 1_i386.deb
https://launchpad.net/~george-edison55/ ... 1_i386.deb
https://launchpad.net/~george-edison55/ ... 1_i386.deb
openssl heartbleed fix for Precise and Raring
Thanks fantazam,
For the links to the debs you found for Precise 5.71. They also apparently work to update openssl in Upup raring 3.9.9.2 and upup precise 3.8.3.
mikeslr
For the links to the debs you found for Precise 5.71. They also apparently work to update openssl in Upup raring 3.9.9.2 and upup precise 3.8.3.
mikeslr
Update for Ubuntu compatible Puppies
Ubuntu provides its official deb packages for the fix.
For the Precise Puppy, tahr, you can get them from the Puppy Package Manager.
Follow the post by balloon.
http://murga-linux.com/puppy/viewtopic. ... 6&start=18
EDIT: Ubuntu does not provide the fix packages for raring.
See next post by balloon.
For the Precise Puppy, tahr, you can get them from the Puppy Package Manager.
Follow the post by balloon.
http://murga-linux.com/puppy/viewtopic. ... 6&start=18
EDIT: Ubuntu does not provide the fix packages for raring.
See next post by balloon.
Last edited by shinobar on Mon 14 Apr 2014, 10:15, edited 1 time in total.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
Oops, there are instructions,
The update with the Ubuntu package is not intended for Upup raring.
Ubuntu 13.04 Raring Ring already for the package update expire.(January, 2014)
The update of OpenSSL by Upup raring needs original build correspondence.
When this cannot support, As for the Internet connection of Rpup raring, danger increases.
The update with the Ubuntu package is not intended for Upup raring.
Ubuntu 13.04 Raring Ring already for the package update expire.(January, 2014)
The update of OpenSSL by Upup raring needs original build correspondence.
When this cannot support, As for the Internet connection of Rpup raring, danger increases.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Important notice
To the main very important person showing .iso,
These security issues have a big influence.
Puppy Linux thinks that it is hard to receive the attack for a client use,
Damage when we received an attack to Puppy is heavy.
There are many tendencies that Puppy Linux packages it and does not update.
This situation is not good.
It is necessary to examine the release of .iso which updated OpenSSL.
(include the Windows .exe version occurring partly)
These security issues have a big influence.
Puppy Linux thinks that it is hard to receive the attack for a client use,
Damage when we received an attack to Puppy is heavy.
There are many tendencies that Puppy Linux packages it and does not update.
This situation is not good.
It is necessary to examine the release of .iso which updated OpenSSL.
(include the Windows .exe version occurring partly)
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Fix PET for Precise Puppy
For all Precise Puppy:
http://shino.pos.to/linux/puppy/openssl ... tu5.12.pet
It contains 2 libraries under /lib from libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb,
/etc/ssl/openssl.cnf from openssl_1.0.1-4ubuntu5.12_i386.deb
Type next command on the terminal to see the openssl updated.
'Apr 7, 2014' is OK.
http://shino.pos.to/linux/puppy/openssl ... tu5.12.pet
It contains 2 libraries under /lib from libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb,
/etc/ssl/openssl.cnf from openssl_1.0.1-4ubuntu5.12_i386.deb
Type next command on the terminal to see the openssl updated.
Code: Select all
# openssl version -b
built on: Mon Apr 7 20:31:55 UTC 2014
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
As for the .pet file which Shinobar showed, Ubuntu package was made for the cause.
Ubuntu 13.04 is the situation that a package of OpenSSL is not shown now.
This is that it is difficult to offer .pet packag of most suitable OpenSSL for Upup Raring.
I suggest to a person using Upup Raring to stop use, This use continuation is bad.
Ubuntu 13.04 is the situation that a package of OpenSSL is not shown now.
This is that it is difficult to offer .pet packag of most suitable OpenSSL for Upup Raring.
I suggest to a person using Upup Raring to stop use, This use continuation is bad.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
I answer in place of Shinobar.
OpenSSL takes measures at 1.0.1g.
However, Ubuntu, Debian, Shackware does not adopt this and makes modifications with a patch.
This will be measures for stability to operate more application.
We begin this work with Precise. (Of the Japanese Edition release only Precise most newly)
Originally we confirmed that OpenSSL included in Precise obtained it from the Ubuntu package.
Shinobar brings the .pet package from the latest Ubuntu package to this.
The method to confirm the application of the patch refers to the past post of this topic.
OpenSSL takes measures at 1.0.1g.
However, Ubuntu, Debian, Shackware does not adopt this and makes modifications with a patch.
This will be measures for stability to operate more application.
We begin this work with Precise. (Of the Japanese Edition release only Precise most newly)
Originally we confirmed that OpenSSL included in Precise obtained it from the Ubuntu package.
Shinobar brings the .pet package from the latest Ubuntu package to this.
The method to confirm the application of the patch refers to the past post of this topic.
[b]BALLOON a.k.a. Fu-sen.[/b] from Japan | ãµã†ã›ã‚“ Fu-sen. (old: 2 8 6)
Balloon:
That certainly makes sense. Thank you.
Of course, the next question would need to come from this. If I used Shinobar's patch and after noticing no change in version I proceeded to install the 2 deb packages listed, would that still be ok? Now, my SSL Version reads 1.0.1g and everything appears to be working fine. What are your thoughts on this?
Thanks,
Slavvo67
That certainly makes sense. Thank you.
Of course, the next question would need to come from this. If I used Shinobar's patch and after noticing no change in version I proceeded to install the 2 deb packages listed, would that still be ok? Now, my SSL Version reads 1.0.1g and everything appears to be working fine. What are your thoughts on this?
Thanks,
Slavvo67
Re: Fix PET for Precise Puppy
I compared the contents of this Precise .pet with the package contents in the slacko repo and I don't understand why there is such a big difference - this pet for Precise has very few files, but the slacko one has many many files and renames and deletions (of certificates etc). I would have expected them to be quite similar. Does anyone know why the number of files is so different? For slacko could i maybe just grab the slack14 openssl.cnf and the 2 slack14 libs, just like in the Precise pet or is there a good reason why the slack14 packages have so much stuff in them??shinobar wrote:For all Precise Puppy:
http://shino.pos.to/linux/puppy/openssl ... tu5.12.pet
It contains 2 libraries under /lib from libssl1.0.0_1.0.1-4ubuntu5.12_i386.deb,
/etc/ssl/openssl.cnf from openssl_1.0.1-4ubuntu5.12_i386.deb
EDIT : A list of the files included in the slack package can be found 2/3 of the way down the page here:
http://pkgs.org/slackware-14.0/slackwar ... 0.txz.html
(keep clicking the "show more" button)
openssl-fix for Precise Puppy
openssl-fix for all Precise Puppy:
made of openssl/libssl 1.0.1-4ubuntu5.14 from Ubuntu precise repo, libssl0.9.8k-7ubuntu8.18 from lucid repo.
http://shino.pos.to/party/bridge.cgi?pu ... tu8.18.pet
Remove openssl-fix-1.0.1-4ubuntu5.12.pet before if you already installed it.
made of openssl/libssl 1.0.1-4ubuntu5.14 from Ubuntu precise repo, libssl0.9.8k-7ubuntu8.18 from lucid repo.
http://shino.pos.to/party/bridge.cgi?pu ... tu8.18.pet
Remove openssl-fix-1.0.1-4ubuntu5.12.pet before if you already installed it.
Downloads for Puppy Linux [url]http://shino.pos.to/linux/downloads.html[/url]
OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
The update is already listed in Slacko 5.7 Updates Manager.
openssl-1.0.1h
http://www.openssl.org/news/secadv_20140605.txt
The update is already listed in Slacko 5.7 Updates Manager.
openssl-1.0.1h
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
- OscarTalks
- Posts: 2196
- Joined: Mon 06 Feb 2012, 00:58
- Location: London, England
Hello oldyeller,oldyeller wrote:Is also affecting dpup wheezy?
I did try to compile openssl-1.0.1h for Dpup Wheezy.
It is here:-
http://smokey01.com/OscarTalks
Hope I got it right. I haven't seen an official Debian version anywhere, but maybe there is one and I just haven't spotted it. Folks may wish to try my one but not in other Puppies and take the usual precautions beforehand. One thing I have noticed is that some programs will warn in terminal that "No version information available" if they were compiled against the earlier version but they still seem to run perfectly well.
Oscar in England