"Low", "Medium" & “High
"Low", "Medium" & “High
...jeez, they are already cracking 1.1.0 openssl branch?? That was just released in August! Remember, 1.0.1 branch support stops the end of this December. More than a quite a few pups in Ally's repositories are affected....wonder how many users actually know about this or will ever know until it is....???
I sometimes think, Flash, the Murga-site needs some kind of popup or colored red-heading warning for the causal user (of the many puppies) who only sporadically drop by. These people may never know (until it is too late) that they may already have been pwned using a not critically updated puppy OS. These people either don't have the ability and/or time to stay on top of every security issue a puppy can present. Even when they try to go to their OS thread, where many of the builders/maintainers put critical updates (like openssl) in the thread, the updates are not made clear that they are even there. Color, bold, loud in your face notices would help mitigate that.
Some day, I am afraid, this is all going to come back and bite puppy land overall. It only takes one nasty instance, from a widely used distro, for all those years of puppy & pup-related goodwill to disappear. But, alas, guess this is just my opinion and maybe I am too paranoid.
Still, openssl is serious, despite what some here on murga think they know about how attacks to it operate.......those attacks, continually evolving, are the number one vector hackers use to go after any online financial online info moving around.....
http://www.securityweek.com/openssl-pat ... rability-0
I sometimes think, Flash, the Murga-site needs some kind of popup or colored red-heading warning for the causal user (of the many puppies) who only sporadically drop by. These people may never know (until it is too late) that they may already have been pwned using a not critically updated puppy OS. These people either don't have the ability and/or time to stay on top of every security issue a puppy can present. Even when they try to go to their OS thread, where many of the builders/maintainers put critical updates (like openssl) in the thread, the updates are not made clear that they are even there. Color, bold, loud in your face notices would help mitigate that.
Some day, I am afraid, this is all going to come back and bite puppy land overall. It only takes one nasty instance, from a widely used distro, for all those years of puppy & pup-related goodwill to disappear. But, alas, guess this is just my opinion and maybe I am too paranoid.
Still, openssl is serious, despite what some here on murga think they know about how attacks to it operate.......those attacks, continually evolving, are the number one vector hackers use to go after any online financial online info moving around.....
http://www.securityweek.com/openssl-pat ... rability-0
Last edited by belham2 on Thu 02 Nov 2017, 17:16, edited 1 time in total.
-
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
As they said, the OpenSSL team have released a update/fix today https://www.openssl.org/source/ ... but as of yet that's not rolled through the Debian mirrors. I did get some other updates today when I ran DebianDog apt-get update; apt-get upgrade, but still showing 1.0.1t in synaptic and not the 1.0.1u newer version.
I have tested during a long time the previous release of openssl-1.0.2h in puppy 4.31 and wary-racy so I hope for the best sharing the new compiled openssl-1.0.2i for puppy4 and wary.
openssl-1.0.2i-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DEV-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DOC-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DEV-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DOC-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DEV-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DOC-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DEV-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2i_DOC-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
6502coder wrote:Thanks watchdog. 1.0.2i has apparently already been superceded by 1.0.2j, in light of CVE-2016-7052. Does this affect your Puppy4 and Wary PETs?
You can test your browser with your current openssl at:CVE-2016-7052 (OpenSSL advisory) [Moderate severity] 26th September 2016:
This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Reported by Bruce Stephens and Thomas Jakobi.
Fixed in OpenSSL 1.0.2j (Affected 1.0.2i)
https://www.ssllabs.com/ssltest/viewMyClient.html
I'm now in racy using palemoon and openssl-1.0.2i and my result is:
I'll compile openssl-1.0.2j in puppy 4.31 and wary in my spare time sharing the packages.Your user agent has good protocol support.
openssl-1.0.2j-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DEV-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DOC-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DEV-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DOC-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DEV-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DOC-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DEV-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DOC-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
Watchdog thanks
Hi Watchdog,
Many thanks for the openssl update. Want to take this opportunity to thank you for the work you do for Wary and Puppy 4 and sacrificing a lot of your time to do so.
Robert
Many thanks for the openssl update. Want to take this opportunity to thank you for the work you do for Wary and Puppy 4 and sacrificing a lot of your time to do so.
Robert
Devuan Linux, Stardust 013 (4.31) updated [url]https://archive.org/details/Stardustpup013glibc2.10[/url]
s57(2018)barebone[url]https://sourceforge.net/projects/puppy-linux-minimal-builds/files/s57%282018%29barebones.iso/download[/url]
s57(2018)barebone[url]https://sourceforge.net/projects/puppy-linux-minimal-builds/files/s57%282018%29barebones.iso/download[/url]
Re: Watchdog thanks
Many thanks. Puppy is my hobby and so I play with it. But we all might thank the developers of puppy (BK, 01micko, 666philb, jamesbond and the others we know) who put their skills in this enterprise.Robert123 wrote:Hi Watchdog,
Many thanks for the openssl update. Want to take this opportunity to thank you for the work you do for Wary and Puppy 4 and sacrificing a lot of your time to do so.
Robert
watchdog wrote:openssl-1.0.2j-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DEV-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DOC-p4-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DEV-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2j_DOC-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
Watchdog, been meaning to post and reiterate what Robert123 said. 'Thank you' for compiling these.
I've a question about these: is there any reason the wary (w5) versions you compiled would not work in other 32-bit pups? Say like Micko's & Peebee's pups over the past year (specifically on the ones where they use Ubuntu Xenial as the base)? Or do your compiles only work for the Slacko-based pups??
I know you said we can try them in "other pup distros", but would I wreck a pup just by installing a compiled ssl.pet? (sorry if this sounds and/or is a stupid question).
Thanks for any reply!!
I know that wary's libraries are built in T2 (linux from scratch). My experience suggests that what is compiled in wary has a large compatibility in more recent puppies. I tested my openssl-1.0.2j-w5 also in lucid and it works. Now I'm using old puppies and I have not tested my openssl in more recent puppies because there is no need. I think that when you have an official mantained repository where you can grab what you need then it is more secure to use the pathched openssl they propose (like ubuntu's packages). My compiled openssl-1.0.2j is intended for that puppies where there are not alternative packages to install to get a bugfixed openssl.belham2 wrote: I've a question about these: is there any reason the wary (w5) versions you compiled would not work in other 32-bit pups? Say like Micko's & Peebee's pups over the past year (specifically on the ones where they use Ubuntu Xenial as the base)? Or do your compiles only work for the Slacko-based pups??
I test new packages with the usual care in my puppies: make a backup of the savefile and keep the new installed test packages only if they work after a careful testing. Someone says that core libraries should not be upgraded: I'm desperate because I don't want to abandon my old puppies for the security bugs. There is a lot of old hardware out there which needs old puppies.I know you said we can try them in "other pup distros", but would I wreck a pup just by installing a compiled ssl.pet? (sorry if this sounds and/or is a stupid question).
Thanks for the notification on this. I just compiled a pet for RUXerus64, which will also work in Barry's Xerus64 under the RUXerus64 link:
http://www.murga-linux.com/puppy/viewto ... 633#926633
http://www.murga-linux.com/puppy/viewto ... 633#926633
openssl update lupu 5.2.5
Installed the j update and nothing broke that I know of. lupu 5.2.5
(which I use I think because it supports orinoco wifi cards).
(which I use I think because it supports orinoco wifi cards).
openssl-1.0.2k-w5-i486.pet
Quickly tested.
openssl-1.0.2k-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DEV-1.0.2k-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DOC-1.0.2k-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
EDIT: new openssl-1.0.2l released on May 2017 compiled for puppy4 and wary5.
openssl-1.0.2.l-i486-w5.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DEV-1.0.2l-i486-w5.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2l-i486-p4.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DEV-1.0.2l-i486-p4.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2k-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DEV-1.0.2k-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DOC-1.0.2k-w5-i486.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
Code: Select all
# openssl version -a
OpenSSL 1.0.2k 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-elf
options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/ssl"
openssl-1.0.2.l-i486-w5.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DEV-1.0.2l-i486-w5.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl-1.0.2l-i486-p4.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
openssl_DEV-1.0.2l-i486-p4.pet:
https://drive.google.com/file/d/0B9iMb4 ... sp=sharing
Last edited by watchdog on Sat 29 Jul 2017, 06:07, edited 1 time in total.
+1!!!!corvus wrote:Thank you so much watchdog.
Ciao
Thanks for making these pets for Puppy.
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)