Puppy Linux Discussion Forum

scsijon has brought to our attention the need --in some instances urgent-- to update openssl: viewtopic.php?p=37005#p37005. That post provides links to current packages.
The problem is that those packages do not contain binaries but rather the files needed to compile the respective current versions. I'd estimate that over 90% of Puppy users know nothing about compiling.
I may be wrong, but that problem may be exacerbated: while openssl, itself, may not be kernel-specific --that is, must be compiled under and against a specific kernel of which Puppys have scores-- it is specific to glibc. If I am correct, then before you can update openssl you have to update glibc. Updating glibc will break many builtin applications. Perhaps the work-around is, in fact, to compile openssl against specific kernels.
Please correct or amplify and explain the above. I am among the 90% and haven't had reason to resolve details. The above results from an often flaky memory's rendition of what I've read.
Even if I am mistaken about exacerbating factors, it would be far more efficient if a few of us to compile distributable binaries and published them than for each of the current 1686 members --and many unregistered users-- to work on his/her own. Under this scenario a thread on the forum to upload openssl binaries (if small enough) or to provide links to them would be helpful.

I will begin to look at compiling the packages needed to upgrade

I have not looked into openssl-3.* yet, but have compiled some versions of openssl-1.1.1 in recent months. It is not kernel specific and will link against the glibc that is in the build environment (whatever puppy it is being compiled in). However it is not just a case of needing to update openssl in all older Puppies. The library versions will probably be different (version numbers) so then you would have to recompile anything which is depending on openssl and those programs may not like the new openssl version anyway, so it may be that in some cases the upgrade is of limited practical advantage and you have to live with what you have got. More information will come to light in due course I expect.

If the reason is panic (the old version, they'll hack me now), then you don't need to make unnecessary movements and update anything.
Excerpt from OpenSSL instruction:

On some platforms OpenSSL is preinstalled as part of the Operating System. In this case it is highly recommended not to overwrite the system versions, because other applications or libraries might depend on it. To avoid breaking other applications, install your copy of OpenSSL to a different location which is not in the global search path for system libraries.

If you really need it desperately, can't wait to look at the fresh version number in the terminal, then I compiled version 3.0.0 in Fossapup. Here is the .pet:
https://disk.yandex.ru/d/fRSBXZlbuUDkgw
The version can be checked with the openssl version command. It is advisable to first try on a "clean" system.
The new version will REPLACE the old one, and will not be installed nearby. Because bigpup says we are Puppy and not like everyone else. And I'm too lazy.
(In fact, the old libraries will remain intact and will lie next to the new ones, only the utility will change).

The new Ryzen 5 3600 works (compiles and packages) pretty decently. AMD didn't lie this time.

UPDATE: Finished a build of Openssl-3.0.0 and I have created a PET version. Compiled on a Bionic64-8.0 this PET is TESTED in a Puppy Linux Bionic64-8.0
This build is 4 separate packages:
BIN.pet (for all users)
DEV.pet (developer files)
DOC.pet (documentation)
NLS.pet (localizations)

Any testers welcome! Here is the direct link to the PET for the user openssl-3.0.0-x86_64.pet --- 2.23 Megabytes -> https://rockedge.org/kernels/data/PET/B ... x86_64.pet

All files are here -> https://rockedge.org/kernels
in PET->Bionic->Openssl-3.0.0

When you're traveling 60 mph and witness the bridge 30 yards ahead collapse, you have reason to panic. When you read a "Bridge Out ahead" sign you slow down and look for alternate routes. With the OP, I posted a sign and acknowledged my confusion as to how to proceed.
Thanks to all who responded. Thanks to those who cleared up the confusion. Thanks to those who began the building of alternate routes. And especially thanks to Grey who has either begun the building of a new route and/or suggested an efficient way to do so: alternate SSLs. [Pre-Second cup of coffee and am still clearing the fog].
As a result of the ease with which kernels can be swapped in recent Puppys, new-with-up-to-date openssl kernels for those may be the most efficient route. Perhaps the sign's real importance was to alert kernel-builders of the need to take openssl into account.

But --if I read Grey correctly-- that an operating system can use two versions of openssl, perhaps for older Puppys some technique such as 'run-as-spot' or watchdog's building glibc into browsers may be possible; the former seems the most efficient.
Although web-facing applications are of extreme importance, there are really only a handful of them. With the slow death of 32-bit versions, efforts to grant old Puppys immortality may be rituals to be performed only by True Believers.
"We are Puppy. Resistance is futile". That may be true. But what is certainly true is that the environment in which Puppys live is constantly changing. Puppy must adapt or die.

mikeslr wrote: ↑Fri Sep 17, 2021 2:43 pm

But what is certainly true is that the environment in which Puppys live is constantly changing. Puppy must adapt or die.

Perhaps the concept needs to be changed, the way Puppy is positioned on the Internet. Everywhere there is an emphasis on "old equipment that I accidentally found in my uncle's attic".

There can be 2 separate openssl versions installed. The original openssl PET I compiled using the default --PREFIX=/usr/local/. Which the build installed Openssl-3.0.0 components using /usr/local/ as the base path. In Puppy's Bionic64 openssl-1.1.0 is installed with /usr/ as the base path.

I have a large version of the openssl-3.0.0 PET build that includes the dev and documentation packages that will install openssl-3.0.0 using /usr/local/ as the base path set with --PREFIX=/usr/local/, for anyone interested in trying out having 2 different versions installed side by side.