Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (3)
to SailfishOS by edp17 - 7 hrs, 14 mins ago -
The N900 is now 15 years old! (6)
to Nokia N900 by Macros - 1 day, 11 hrs ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 1 day, 23 hrs ago -
n770 youtube video (0)
to General by nmdv - 5 days, 23 hrs ago - more...
| The Following User Says Thank You to ric9K For This Useful Post: | ||
 |
|
2019-11-19
, 19:19
|
|
Posts: 1,718 |
Thanked: 4,764 times |
Joined on Apr 2018
@ Helsinki, Finland.
|
#22
|
Sorry. That was the trick yes. But wasn't it also neccessary to uppgrade openssl and certs? So sorry. Having a real brain malfunction at the moment and on the sick leave for it. Not the best to give working answers.
__________________
"I don't know how but I can try!" (active)
Master of not knowing (active)
For me it is possible to get lost in any case (active)
Learning to fall from high (DONE)
Learning to code with BASIC (WIP)
"I don't know how but I can try!" (active)
Master of not knowing (active)
For me it is possible to get lost in any case (active)
Learning to fall from high (DONE)
Learning to code with BASIC (WIP)
|
|
2019-11-19
, 20:28
|
|
Posts: 330 |
Thanked: 860 times |
Joined on May 2011
|
#23
|
Originally Posted by Maemish
No problem, there is frequently no good answer but good parts of it.
Sorry. That was the trick yes. But wasn't it also neccessary to uppgrade openssl and certs? So sorry. Having a real brain malfunction at the moment and on the sick leave for it. Not the best to give working answers.
Then we have to puzzle...
I guess it was necessary to upgrade these too as said by Halftux.
It's good to do what Halftux says
Except that we (hmmm... am I the last one who cares about Backupmenus's password?) still have the non-working password = free access to Backupmenu once new lib/openssl installed!
|
|
2019-11-20
, 14:53
|
|
Posts: 1,718 |
Thanked: 4,764 times |
Joined on Apr 2018
@ Helsinki, Finland.
|
#24
|
I don't do backups. I do reflashes. About twenty in two years. Messing a lot. Almost brick device when once installed backup and tried to recover from there. Never again.
__________________
"I don't know how but I can try!" (active)
Master of not knowing (active)
For me it is possible to get lost in any case (active)
Learning to fall from high (DONE)
Learning to code with BASIC (WIP)
"I don't know how but I can try!" (active)
Master of not knowing (active)
For me it is possible to get lost in any case (active)
Learning to fall from high (DONE)
Learning to code with BASIC (WIP)
| The Following User Says Thank You to Maemish For This Useful Post: | ||
 |
|
2019-11-20
, 20:29
|
|
Posts: 868 |
Thanked: 2,516 times |
Joined on Feb 2012
@ Germany
|
#26
|
Originally Posted by Maemish
To install the latest certs shouldn't harm anything and should be done. Otherwise it is a security issue.
But wasn't it also neccessary to uppgrade openssl and certs?
Openssl could break things but should not. Because in principle no other application will access directly the rehashed certificates and the old libssl is still available.
For backupmenu it is somehow special, it could be that it generates something which will be later encrypted with an older openssl. The question is why it jumps over the password query and doesn't stop.
For qt application to gain profit from the new openssl, it is necessary to install the patched qt. This could break qt applications due to historical reasons. In the past it was not the qt library which got fixed first. Many application switched from secure protocols to only-tlsv1 which is now depreciated. Switching back and recompiling should fix this situation. Other way would be to patch qt library so that only-tlsv1 will be redirected to secure protocols.
However not every application uses openssl, we have also gnutls and nss. It is also possible that application have there own ssl code and not using the maemo infrastructure.
How Opera works I don't know, maybe it still uses nss.
__________________
N900: gpxsee, fahrplan, gpscon, genwall, qrcode, hextool, libjansson4, libevent-2.0-5, cnee, psi-plus, mihphoto, shc
Maemo flasher/rescue live image.
Fremantle Harmattan SDK VM
N900: gpxsee, fahrplan, gpscon, genwall, qrcode, hextool, libjansson4, libevent-2.0-5, cnee, psi-plus, mihphoto, shc
Maemo flasher/rescue live image.
Fremantle Harmattan SDK VM
|
|
2019-11-20
, 21:56
|
|
Posts: 330 |
Thanked: 860 times |
Joined on May 2011
|
#27
|
Originally Posted by Halftux
Because the case of empty return of the openssl instruction seems not to be handled correctly. (If I dare, cause I wouldn'have been able to write something like Backupmenu)
...
For backupmenu it is somehow special, it could be that it generates something which will be later encrypted with an older openssl. The question is why it jumps over the password query and doesn't stop.
...
I took a look into usr/share/backupmenu, we see that Backupmenu compares the root encrypted password with the output of openssl.
If openssl returns nothing because it was looking for a lib which is not present, the shell (/bin/sh) has to compare a variable with nothing.
This is generating an error and it skips the instructions following the comparison (stop and reboot).
usr/share/backupmenu:
Code:
if [ -e /usr/share/backupmenu/lock-enable.txt ]; then #display password screen #clear display $T2S -c -x 16 -y 18 -w 768 -h 440 y=20 passhash=`cat /usr/share/backupmenu/lock-enable.txt` if [ -z "$passhash" ] || [ ! `expr length $passhash` == 13 ]; then passhash=`cat /etc/passwd | grep root |cut -d ':' -f 2` fi pass2dig=`echo "$passhash" | cut -c 1-2` for i in 1 2 3; do password="" $T2S -s 2 -H center -y $y -T 0 -t ">> Enter Password <<"; y=$((y+40)) $T2S -s 2 -H left -y $y -T 0x0000 -t " Alt/shift keys must be pressed one at a time" $T2S -s 2 -H left -y $y -T 0x0410 -t " Alt shift"; y=$((y+20)) getUserInputString 1 password=$inputString y=$((y+60)) encpass=`openssl passwd -crypt -salt "$pass2dig" "$password"` if [ $passhash == $encpass ]; then break fi $T2S -s 2 -H center -y $y -T 0xF800 -t "Password wrong."; y=$((y+20)) done ################################################## #Is the error here in next line? ################################################## if [ ! $passhash == $encpass ]; then $T2S -s 2 -H center -y $y -T 0xF800 -t "You have entered an incorrect password 3 times"; y=$((y+20)) $T2S -s 2 -H center -y $y -T 0xF800 -t "Rebooting in 30 seconds."; y=$((y+20)) sleep 30 reboot -f sleep 60 fi fi
Code:
if [ ! $passhash == $encpass ]; then
Code:
if [ ! x$passhash == x$encpass ]; then
But now, why is openssl not finding the right libssl once we installed version 1.1?
Because when I use it from within maemo, both libs are present.
When I test openssl from the terminal in Backupmenu, openssl complains not finding the version 1.1. And if I look for it with find, it'is not there, effectively.
Isn't it the same root?
Is it a kind of initramsomething and not the definitive root filesystem?
But in this case, why is the new openssl installed on it?
edit: I meant:
Code:
if [ ! "x"$passhash == "x"$encpass ]; then
Code:
if [ ! "$passhash" = "$encpass" ]; then
Last edited by ric9K; 2019-11-21 at 08:03.
|
|
2019-11-20
, 23:01
|
|
Posts: 868 |
Thanked: 2,516 times |
Joined on Feb 2012
@ Germany
|
#28
|
Originally Posted by ric9K
The files get copied to a temp directory. But now the new openssl and the old libssl get copied.
Isn't it the same root?
Is it a kind of initramsomething and not the definitive root filesystem?
But in this case, why is the new openssl installed on it?
Code:
cp /usr/lib/libssl.so.0.9.8 /tmp/disk/usr/lib/
__________________
N900: gpxsee, fahrplan, gpscon, genwall, qrcode, hextool, libjansson4, libevent-2.0-5, cnee, psi-plus, mihphoto, shc
Maemo flasher/rescue live image.
Fremantle Harmattan SDK VM
N900: gpxsee, fahrplan, gpscon, genwall, qrcode, hextool, libjansson4, libevent-2.0-5, cnee, psi-plus, mihphoto, shc
Maemo flasher/rescue live image.
Fremantle Harmattan SDK VM
 |
|
2019-11-21
, 00:44
|
|
Posts: 304 |
Thanked: 1,246 times |
Joined on Aug 2015
|
#29
|
Originally Posted by ric9K
No.
[...] Instead of
Shouldn't we write this?Code:if [ ! $passhash == $encpass ]; then
Code:if [ ! x$passhash == x$encpass ]; then
The original is a classic case on non-failsafe coding. Quoting per
Code:
"
Plus the
Code:
==
Hence using
Code:
if [ ! "$passhash" = "$encpass" ]; then
Thus that has to be resolved by adapting the environment variable PATH or LD_LIBRARY_PATH or other measures.
Then you may also leave Backup-Menu's code as it is.
Last edited by olf; 2019-11-21 at 16:45.
| The Following 4 Users Say Thank You to olf For This Useful Post: | ||
|
|
2019-11-21
, 07:43
|
|
Posts: 330 |
Thanked: 860 times |
Joined on May 2011
|
#30
|
Originally Posted by Maemish
Don't abandon! Bm is a great help for messing
I don't do backups. I do reflashes. About twenty in two years. Messing a lot. Almost brick device when once installed backup and tried to recover from there. Never again.
If you intend to reflash, just be carefull to reinstall the right (same than when you made the backup) kernel before restoring the rootfs and optfs. I have been blocked because of that problem once.
| The Following User Says Thank You to ric9K For This Useful Post: | ||
Delicious!!!
Lots og thanks to you guys for the help.
Some more month/years to go, no Fx to buy, beautyfull.