Active Topics
-
Extra softwares in Sailfish using CLI, repositories, etc (117)
to SailfishOS by nieldk - 1 day, 13 hrs ago -
Firefox with Leste (6)
to Maemo 7 / Leste by teroyk - 2 days, 10 hrs ago - more...
| The Following 10 Users Say Thank You to jonwil For This Useful Post: | ||
|
2014-06-05
, 22:48
|
|
Posts: 2,290 |
Thanked: 4,133 times |
Joined on Apr 2010
@ UK
|
#2
|
http://www.symantec.com/connect/blog...ter-heartbleed
It seems we avoided heartbleed issues by being on 0.9.8n, however, latest CVE's recommend updating 0.9.8 to 0.9.8za
I believe some of your question where discussed on the heartbleed thread http://talk.maemo.org/showthread.php?t=92998
It seems we avoided heartbleed issues by being on 0.9.8n, however, latest CVE's recommend updating 0.9.8 to 0.9.8za
I believe some of your question where discussed on the heartbleed thread http://talk.maemo.org/showthread.php?t=92998
__________________
Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -
Before posting or starting a thread please try this.
Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -
Before posting or starting a thread please try this.
| The Following 4 Users Say Thank You to sixwheeledbeast For This Useful Post: | ||
|
|
2014-06-06
, 02:36
|
|
Posts: 254 |
Thanked: 509 times |
Joined on Nov 2011
@ Canada
|
#3
|
Sounds like someone should compile and release 0.9.8za for the n900 at least. Is that part of CSSU, or just generally available in the repos as a separate package?
| The Following User Says Thank You to shawnjefferson For This Useful Post: | ||
|
|
2014-06-06
, 07:09
|
|
Posts: 2,290 |
Thanked: 4,133 times |
Joined on Apr 2010
@ UK
|
#4
|
http://maemo.org/packages/view/libssl0.9.8/
http://maemo.org/packages/view/openssl/
http://maemo.org/packages/view/openssl/
__________________
Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -
Before posting or starting a thread please try this.
Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -
Before posting or starting a thread please try this.
| The Following 2 Users Say Thank You to sixwheeledbeast For This Useful Post: | ||
|
|
2014-06-07
, 05:56
|
|
Posts: 254 |
Thanked: 509 times |
Joined on Nov 2011
@ Canada
|
#5
|
Seems like it's in the SSU repository (among others too). On my device, it's thumb compiled by fmg, so hopefully he will compile the newest one. I guess it will have to pass through CSSU-dev first though... I'm not really up on how CSSU stuff works and it seems like a very small group of people own it.
|
|
2014-06-07
, 08:29
|
|
Posts: 2,290 |
Thanked: 4,133 times |
Joined on Apr 2010
@ UK
|
#6
|
Originally Posted by shawnjefferson
I wouldn't say "own" it.
I'm not really up on how CSSU stuff works and it seems like a very small group of people own it.
More a small dedicated group of devs contribute to it as a team.
__________________
Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -
Before posting or starting a thread please try this.
Wiki Admin
sixwheeledbeast's wiki
Testing Squad Subscriber
- mcallerx - tenminutecore - FlopSwap - Qnotted - zzztop - Bander - Fight2048 -
Before posting or starting a thread please try this.
| The Following 5 Users Say Thank You to sixwheeledbeast For This Useful Post: | ||
|
|
2014-06-07
, 09:13
|
|
Posts: 638 |
Thanked: 1,692 times |
Joined on Aug 2009
|
#7
|
Community is not just ask and receive.
Everyone can contribute, maybe with small things, but the concept of community starts from this.
No one owns, everyone contributes to make it better
Everyone can contribute, maybe with small things, but the concept of community starts from this.
No one owns, everyone contributes to make it better
| The Following 3 Users Say Thank You to xes For This Useful Post: | ||
|
|
2014-06-07
, 09:26
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#8
|
Originally Posted by shawnjefferson
The only option we have is to backport the needed patches, otherwise we'll break the ABI.
Seems like it's in the SSU repository (among others too). On my device, it's thumb compiled by fmg, so hopefully he will compile the newest one. I guess it will have to pass through CSSU-dev first though... I'm not really up on how CSSU stuff works and it seems like a very small group of people own it.
Point me to the patch that fixes that CVE and I'll see what I can do
EDIT:
"Pointing" is raising a bug on BMO, place a link to bug here
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
| The Following 6 Users Say Thank You to freemangordon For This Useful Post: | ||
|
|
2014-06-07
, 12:26
|
|
Posts: 638 |
Thanked: 1,692 times |
Joined on Aug 2009
|
#9
|
@fremangordon
maybe that rebase on 0.9.8za and apply nokia/maemo patches to that would require almost the same time.
For sure latest CVE 2014-0224 is really a pain for every mobile device using a vpn.
ref: http://www.openssl.org/news/secadv_20140605.txt
So also CVE 2014 0195/221/3470 affect the N900's openssl current version.
After this, we should expect many openssl updates in the next months since actually there is a massive bug hunting..
Last edited by xes; 2014-06-07 at 12:35.
maybe that rebase on 0.9.8za and apply nokia/maemo patches to that would require almost the same time.
For sure latest CVE 2014-0224 is really a pain for every mobile device using a vpn.
ref: http://www.openssl.org/news/secadv_20140605.txt
So also CVE 2014 0195/221/3470 affect the N900's openssl current version.
After this, we should expect many openssl updates in the next months since actually there is a massive bug hunting..
Last edited by xes; 2014-06-07 at 12:35.
| The Following 3 Users Say Thank You to xes For This Useful Post: | ||
|
|
2014-06-07
, 18:41
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#10
|
Originally Posted by xes
No, as it will break the ABI, the version in CSSU is the latest that don't break it.
@fremangordon
maybe that rebase on 0.9.8za and apply nokia/maemo patches to that would require almost the same time.
So, if someone finds the relevant patches/commits, I'll backport them in CSSU
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
| The Following 6 Users Say Thank You to freemangordon For This Useful Post: | ||
http://it.slashdot.org/story/14/06/0...ts-all-clients
Do we have OpenSSL in CSSU? Do we want to pull in all the fixes for OpenSSL for issues like this?
Also, it would be good to have a security examination of the N900 and identify all the packages that are important for security (so that we can keep them maintained in CSSU or if they are closed, look at how to replace them with something open)