Active Topics
-
Firefox with Leste (5)
to Maemo 7 / Leste by teroyk - 3 days, 6 hrs ago -
Handbook (2)
to Maemo 7 / Leste by teroyk - 4 days, 6 hrs ago - more...
| The Following User Says Thank You to Estel For This Useful Post: | ||
|
2014-04-13
, 16:44
|
|
Posts: 254 |
Thanked: 509 times |
Joined on Nov 2011
@ Canada
|
#13
|
I think OpenSSL is 0.98 on the n900 anyway?
GnuTLS should be patched, as it's actually used by a couple of apps (IIRC), including claws-mail.
BTW, you can run the various python POC heartbleed exploit codes on the n900, works great. I guess you can even run the newest metasploit too if you're adventurous.
GnuTLS should be patched, as it's actually used by a couple of apps (IIRC), including claws-mail.
BTW, you can run the various python POC heartbleed exploit codes on the n900, works great. I guess you can even run the newest metasploit too if you're adventurous.
 |
|
2014-04-13
, 16:47
|
|
Posts: 7,074 |
Thanked: 9,069 times |
Joined on Oct 2009
@ Moon! It's not the East or the West side... it's the Dark Side
|
#14
|
Originally Posted by Estel
It's the big boy rule...
And no package in extras-devel, eh? You selfish bastardYou make our hearts bleed... Or not, in this particular case.
__________________
Do something for the climate today! Anything!
I don't trust poeple without a Nokia n900...
Do something for the climate today! Anything!
I don't trust poeple without a Nokia n900...
|
|
2014-04-13
, 19:54
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#15
|
Originally Posted by Estel
OK, I think this might be the one:
And no package in extras-devel, eh? You selfish bastard
http://talk.maemo.org/showthread.php?p=1385968
(from nieldk).
But this AFAIK does not overwrite 0.9.8, so both coexist. Have to find some time to actually check this.
|
|
2014-04-13
, 21:18
|
|
Posts: 43 |
Thanked: 32 times |
Joined on Jan 2010
|
#16
|
The versions with the bug are from 1.0.1 to 1.0.1f so maemo's version is ok
|
|
2014-04-13
, 22:17
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#17
|
The question of course is whether programs will just continue to work with 1.0.1* as with 0.9.8.
I guess a first start would be 0.9.8y, which maybe should have these patches from the older version and obey the configuration in the rules file. too.
For a start, I didn't apply any patch at all, only configured it with " ./config shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib". Result: it crashes. Would have been too easy I guess.
I guess a first start would be 0.9.8y, which maybe should have these patches from the older version and obey the configuration in the rules file. too.
For a start, I didn't apply any patch at all, only configured it with " ./config shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib". Result: it crashes. Would have been too easy I guess.
|
|
2014-04-13
, 23:34
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#18
|
Ok seems I managed to create a useable compile. Here is how to do it on a working scratchbox.
0. Read everything before you start.
1. Download 0.9.8y sources
2. Apply the patches. Many will apply with offsets. "10_pic.patch" won't apply. We have yet to determine what is actually does and whether we need it. The "2X_openssl-psk" do apply but cause the compilation to fail. I am not sure whether they are still needed for something.
3. ./Configure shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext debian-armel
4. make -f Makefile all. I skipped "make depend" because the rule script also does it does way...
5. Compiliation is done. Libraries can be copied to your N900.
6. This is only for tinkerers for now. I do not claim to know what I am doing.
Last edited by NIN101; 2014-04-14 at 00:00.
0. Read everything before you start.
1. Download 0.9.8y sources
2. Apply the patches. Many will apply with offsets. "10_pic.patch" won't apply. We have yet to determine what is actually does and whether we need it. The "2X_openssl-psk" do apply but cause the compilation to fail. I am not sure whether they are still needed for something.
3. ./Configure shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext debian-armel
4. make -f Makefile all. I skipped "make depend" because the rule script also does it does way...
5. Compiliation is done. Libraries can be copied to your N900.
6. This is only for tinkerers for now. I do not claim to know what I am doing.
Last edited by NIN101; 2014-04-14 at 00:00.
 |
|
2014-04-15
, 13:08
|
|
Posts: 361 |
Thanked: 219 times |
Joined on Sep 2010
|
#19
|
Originally Posted by jonwil
I do not use CSSU currently.
The question to be asked then is, will replacing OpenSSL on the N900 with the newest version break anything and if not, should CSSU do that?
So a replacement on the normal stock N900
would be interesting.
Maybe some accurate depends from the
one who makes the Debian package and some testing
before handout could avoid the largest part of fails?
Last edited by PMaff; 2014-04-15 at 13:11.
 |
|
2014-04-15
, 16:39
|
|
Posts: 6,445 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#20
|
Originally Posted by PMaff
It certainly would, considering that it is firmly in the hands of Nokia and has not been updated for 3 years
I do not use CSSU currently.
So a replacement on the normal stock N900
would be interesting.
If you want updates, CSSU is the only viable option.
__________________
Русский военный корабль, иди нахуй!
Русский военный корабль, иди нахуй!
| The Following 2 Users Say Thank You to pichlo For This Useful Post: | ||
 |
| Tags |
| heartbleed, nokia n900, openssl, security |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 17:09.
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!