[ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

Here is the deb for OpenSSL v1.0.1g for Maemo 5 (N900).

The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptography functions to other packages, such as OpenSSH, email applications and web browsers (for accessing HTTPS sites).

Sorry, it is not in repositories, but sharing on my dropbox for you.

https://www.dropbox.com/s/wppzs1vhn9...0.1g_armel.deb

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

> crucial security package
> not in repositories, on dropbox
> no sources

No, thank you. Is it packaged in a way that it replaces the default Maemo one? If so, have you checked if it is fully binary compatible with 0.9.8 branch?

Sorry for rants, apart from concerns I stated in this post, nice job:)

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

1. Yes, crucial security package ;) propably a fair reason to update ;)
2. On dropbox, simply because I dont have the hang on garage (yet) and - I basically needed this for my own pentesting purposes (together with ruby1.93) for Metasploit.
3. Right, sources are available. This is compiled straight of original sources ( http://www.openssl.org/source/openssl-1.0.1e.tar.gz )

No, not a rant :) I completely understand Your security concerns, as well as compatibility. I only tested this personally, and I an not guarantee issues, as it does make a replacement of the standard 0.98 installed version (this was needed for me).
So, I am sure further testing and more complex testing will be a good idea, before it will/can/should make it into any official repositories.

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

I think there's a reason why openssl keeps updating their old branches at the same time why new and there might be some binary incompatibilities and api breaking changes. In my oppinion we should rather update to 0.9.8y instead of 1.0.1e (they were published the same week, and each contains newest bugfixes, just in different branches). And, if you need 1.0.1e, you could package it e.g. as "openssl1" (i think in MeeGo Harmattan the "libssl.so.0.9.8" was replaced with "libssl1.so.1.0.0", so if we follow the scheme, we could have both openssls installed and the newer one could be distributed via extras).

If you're paranoid, you can never be sure ;) And, Debian and/or Maemo usually add platform-specific patches for the sources, so it might be good idea to append those while packaging, too.

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

@misiak - good points

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

Again same as the other thread is it safe from heartbleed?

Edit: NO, maybe a newer version but definitly a warning is needed.

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

Updated first post with my version 1.0.1g
Still didnt figure out garage :/

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

same question for harmattan

--
http://rzr.online.fr/q/ssl

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

done, is on my openrepos
openssl-1.0.1g and openssl1.0.1g-devel packages

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

could you tell me how to install your harmattan package of openssh?

i always get errors...