Active Topics

 


Reply
Thread Tools
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#11
Originally Posted by reinob View Post
I actually replaced openssl with version 1.0.1e some time ago.
And no package in extras-devel, eh? You selfish bastard You make our hearts bleed... Or not, in this particular case.
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following User Says Thank You to Estel For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#12
hehe, well lets do 1.0.1g on extras then
 

The Following 3 Users Say Thank You to For This Useful Post:
Posts: 254 | Thanked: 509 times | Joined on Nov 2011 @ Canada
#13
I think OpenSSL is 0.98 on the n900 anyway?

GnuTLS should be patched, as it's actually used by a couple of apps (IIRC), including claws-mail.

BTW, you can run the various python POC heartbleed exploit codes on the n900, works great. I guess you can even run the newest metasploit too if you're adventurous.
 
Dave999's Avatar
Posts: 7,075 | Thanked: 9,073 times | Joined on Oct 2009 @ Moon! It's not the East or the West side... it's the Dark Side
#14
Originally Posted by Estel View Post
And no package in extras-devel, eh? You selfish bastard You make our hearts bleed... Or not, in this particular case.
It's the big boy rule...
__________________
Do something for the climate today! Anything!

I don't trust poeple without a Nokia n900...
 
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#15
Originally Posted by Estel View Post
And no package in extras-devel, eh? You selfish bastard You make our hearts bleed... Or not, in this particular case.
OK, I think this might be the one:
http://talk.maemo.org/showthread.php?p=1385968
(from nieldk).

But this AFAIK does not overwrite 0.9.8, so both coexist. Have to find some time to actually check this.
 

The Following 2 Users Say Thank You to reinob For This Useful Post:
Posts: 43 | Thanked: 32 times | Joined on Jan 2010
#16
The versions with the bug are from 1.0.1 to 1.0.1f so maemo's version is ok
 
Posts: 115 | Thanked: 342 times | Joined on Dec 2010
#17
The question of course is whether programs will just continue to work with 1.0.1* as with 0.9.8.

I guess a first start would be 0.9.8y, which maybe should have these patches from the older version and obey the configuration in the rules file. too.

For a start, I didn't apply any patch at all, only configured it with " ./config shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib". Result: it crashes. Would have been too easy I guess.
 
Posts: 115 | Thanked: 342 times | Joined on Dec 2010
#18
Ok seems I managed to create a useable compile. Here is how to do it on a working scratchbox.

0. Read everything before you start.
1. Download 0.9.8y sources
2. Apply the patches. Many will apply with offsets. "10_pic.patch" won't apply. We have yet to determine what is actually does and whether we need it. The "2X_openssl-psk" do apply but cause the compilation to fail. I am not sure whether they are still needed for something.
3. ./Configure shared --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext debian-armel
4. make -f Makefile all. I skipped "make depend" because the rule script also does it does way...
5. Compiliation is done. Libraries can be copied to your N900.
6. This is only for tinkerers for now. I do not claim to know what I am doing.

Last edited by NIN101; 2014-04-14 at 00:00.
 

The Following 4 Users Say Thank You to NIN101 For This Useful Post:
PMaff's Avatar
Posts: 361 | Thanked: 219 times | Joined on Sep 2010
#19
Originally Posted by jonwil View Post
The question to be asked then is, will replacing OpenSSL on the N900 with the newest version break anything and if not, should CSSU do that?
I do not use CSSU currently.
So a replacement on the normal stock N900
would be interesting.

Maybe some accurate depends from the
one who makes the Debian package and some testing
before handout could avoid the largest part of fails?

Last edited by PMaff; 2014-04-15 at 13:11.
 
pichlo's Avatar
Posts: 6,447 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#20
Originally Posted by PMaff View Post
I do not use CSSU currently.
So a replacement on the normal stock N900
would be interesting.
It certainly would, considering that it is firmly in the hands of Nokia and has not been updated for 3 years

If you want updates, CSSU is the only viable option.
__________________
Русский военный корабль, иди нахуй!
 

The Following 2 Users Say Thank You to pichlo For This Useful Post:
Reply

Tags
heartbleed, nokia n900, openssl, security


 
Forum Jump


All times are GMT. The time now is 22:16.