[ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

Here is the deb for OpenSSL v1.0.1g for Maemo 5 (N900).

The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptography functions to other packages, such as OpenSSH, email applications and web browsers (for accessing HTTPS sites).

Sorry, it is not in repositories, but sharing on my dropbox for you.

https://www.dropbox.com/s/wppzs1vhn9...0.1g_armel.deb

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

> crucial security package
> not in repositories, on dropbox
> no sources

No, thank you. Is it packaged in a way that it replaces the default Maemo one? If so, have you checked if it is fully binary compatible with 0.9.8 branch?

Sorry for rants, apart from concerns I stated in this post, nice job:)

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

1. Yes, crucial security package ;) propably a fair reason to update ;)
2. On dropbox, simply because I dont have the hang on garage (yet) and - I basically needed this for my own pentesting purposes (together with ruby1.93) for Metasploit.
3. Right, sources are available. This is compiled straight of original sources ( http://www.openssl.org/source/openssl-1.0.1e.tar.gz )

No, not a rant :) I completely understand Your security concerns, as well as compatibility. I only tested this personally, and I an not guarantee issues, as it does make a replacement of the standard 0.98 installed version (this was needed for me).
So, I am sure further testing and more complex testing will be a good idea, before it will/can/should make it into any official repositories.

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

I think there's a reason why openssl keeps updating their old branches at the same time why new and there might be some binary incompatibilities and api breaking changes. In my oppinion we should rather update to 0.9.8y instead of 1.0.1e (they were published the same week, and each contains newest bugfixes, just in different branches). And, if you need 1.0.1e, you could package it e.g. as "openssl1" (i think in MeeGo Harmattan the "libssl.so.0.9.8" was replaced with "libssl1.so.1.0.0", so if we follow the scheme, we could have both openssls installed and the newer one could be distributed via extras).

If you're paranoid, you can never be sure ;) And, Debian and/or Maemo usually add platform-specific patches for the sources, so it might be good idea to append those while packaging, too.

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

@misiak - good points

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

Again same as the other thread is it safe from heartbleed?

Edit: NO, maybe a newer version but definitly a warning is needed.

Re: [ANNOUNCE] OpenSSL-1.0.1e (Maemo 5)
 

Updated first post with my version 1.0.1g
Still didnt figure out garage :/

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

same question for harmattan

--
http://rzr.online.fr/q/ssl

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

done, is on my openrepos
openssl-1.0.1g and openssl1.0.1g-devel packages

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

could you tell me how to install your harmattan package of openssh?

i always get errors...

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

download to phone

devel-su
dpkg -i --force-all /path/to/deb

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

oh well, been using 1 series since ... e version with no issues so far, like said in other threads,
But, for sure, to gain full (benefits) some packages will need recompilation - if they have been statically linked to v 0,9.
Otherwise, those are still using the 0.9 version of openssl.

It is possible to brutally link 0.9 libraries to the 1.0.1g libraries? but that will probably make a situation ;)

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

from same source btw

http://upstream-tracker.org/versions/openssl.html

EDIT: got it....

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

What happened to the OP? As this package is still available, I can't help but wonder what happened to his or her account.

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

Still here ;)

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

That's good. I had been passing by the forum, only to run as quick as I could because some cold war seemed to have broken out between members here, when I noticed this.

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

Cold War? Pray tell. I stay away from maemo organisational type threads as I got tired of squabbling. Guess I missed something.

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

On my MeeGo machine, still with its stock OS and Aegis "security", I had to slightly edit the .deb file: it did not like that system files were not owned by root, but once I changed ownership, it got accepted.
How did you produce the binaries? Problem now is namely that in the year 2018 OpenSSL 1.0 is again not new enough!

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

same problem with root. What did you change inside the deb? Thanks

Re: [ANNOUNCE] OpenSSL-1.0.1g (Maemo 5)
 

I need to purchase an N900 again 😁