Estel | # 11 | 2014-04-13, 02:20 | Report

And no package in extras-devel, eh? You selfish bastard You make our hearts bleed... Or not, in this particular case.

nieldk | # 12 | 2014-04-13, 05:50 | Report

hehe, well lets do 1.0.1g on extras then

shawnjefferson | # 13 | 2014-04-13, 16:44 | Report

I think OpenSSL is 0.98 on the n900 anyway?

GnuTLS should be patched, as it's actually used by a couple of apps (IIRC), including claws-mail.

BTW, you can run the various python POC heartbleed exploit codes on the n900, works great. I guess you can even run the newest metasploit too if you're adventurous.

Dave999 | # 14 | 2014-04-13, 16:47 | Report

It's the big boy rule...

reinob | # 15 | 2014-04-13, 19:54 | Report

OK, I think this might be the one:
http://talk.maemo.org/showthread.php?p=1385968
(from nieldk).

But this AFAIK does not overwrite 0.9.8, so both coexist. Have to find some time to actually check this.

isorn | # 16 | 2014-04-13, 21:18 | Report

The versions with the bug are from 1.0.1 to 1.0.1f so maemo's version is ok

NIN101 | # 17 | 2014-04-13, 22:17 | Report

The question of course is whether programs will just continue to work with 1.0.1* as with 0.9.8.

I guess a first start would be 0.9.8y, which maybe should have these patches from the older version and obey the configuration in the rules file. too.

For a start, I didn't apply any patch at all, only configured it with " ./config shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib". Result: it crashes. Would have been too easy I guess.

NIN101 | # 18 | 2014-04-13, 23:34 | Report

Ok seems I managed to create a useable compile. Here is how to do it on a working scratchbox.

0. Read everything before you start.
1. Download 0.9.8y sources
2. Apply the patches. Many will apply with offsets. "10_pic.patch" won't apply. We have yet to determine what is actually does and whether we need it. The "2X_openssl-psk" do apply but cause the compilation to fail. I am not sure whether they are still needed for something.
3. ./Configure shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext debian-armel
4. make -f Makefile all. I skipped "make depend" because the rule script also does it does way...
5. Compiliation is done. Libraries can be copied to your N900.
6. This is only for tinkerers for now. I do not claim to know what I am doing.

---

Last edited by NIN101; 2014-04-14 at 00:00.

PMaff | # 19 | 2014-04-15, 13:08 | Report

I do not use CSSU currently.
So a replacement on the normal stock N900
would be interesting.

Maybe some accurate depends from the
one who makes the Debian package and some testing
before handout could avoid the largest part of fails?

---

Last edited by PMaff; 2014-04-15 at 13:11.

pichlo | # 20 | 2014-04-15, 16:39 | Report

It certainly would, considering that it is firmly in the hands of Nokia and has not been updated for 3 years

If you want updates, CSSU is the only viable option.