Puppy Linux Discussion Forum

Grey has brought to our attention the "IdentTrust "armageddon", viewtopic.php?f=54&t=4136 pointing out that "Another horror story For XP SP3, macOS 10.12.0, Sony's PS3 and PS4 game consoles, Nintendo 3DS, iOS 9, etc." but also linking us to Scott Helme's post "Let's Encrypt's Root Certificate is expiring!", https://scotthelme.co.uk/lets-encrypt-o ... xpiration/.
Let's Encrypt is a provider of the application used to authenticate that the website you've reached is the one intended to be reached: the "s" in https. This is a good thing. When opening a new Amazon account I much prefer knowing that I am transmitting my banking account information to https://www.amazon.com/ than to http://www.amazoh.com/ or some web-site more ingeniously spoofing amazon's. One of the recommended Addons/Extensions for all web-browsers is "https everywhere".https://www.eff.org/https-everywhere

Let's Encrypt is not the only provider of such authenticating applications. But it is free and, thus, popular.

In reading the post Grey linked to, I noticed that among the devices effected which might be of concern to Puppians are:

OpenSSL <= 1.0.2
Mozilla Firefox < 50
Ubuntu < 16.04
Debian < 8
Java 8 < 8u141
Java 7 < 7u151
NSS < 3.26
*
I know nothing about NSS. I've noted it solely because those who know something might like to chime in.
The Java notations may not be much of a problem. As I understand it, newer versions of Java are backward compatible. So unless a newer version has dependencies which your Puppy can't meet, it should be a simple matter to just update the version you use*.
Debian 8 reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015. EOL means Debian will not provide further security updates. We know it better under its code name Jessie. At least one Puppy, Pupjibaro Jessie, was woof-built employing its binaries.
Ubuntu 16.04 was released in April 2016 and reached EOL this last April. We know Ubuntu 16.04 better as Xenial Xerus whose binaries were used to woof Xenialpuppys.
Slackware 14.1 was release in November of 2013. I believe the Slacko 6.3 Puppys use its binaries. I'll leave it to other more familiar with Slackos to chime-in.
Web-browsers:
Firefox 50 was released in November 2016. Any Seamonkey <49 predates that. The same goes for Google-Chome and Chromium-Clones < 54.0.2840 including Opera 41 and its predecessors.
But the above release dates have greater significance. My guess is that any Puppy created before November 2016, or employing relevant binaries of that date or earlier will be effected. Among those Puppies would be the still popular Slacko 5.7 series, Lupus, Tahrpups, racys and Saluki/Carolinas.
But I think the major problem pertains to "OpenSSL <= 1.0.2", discussed here: viewtopic.php?p=37063#p37063
-=-=-=-
* Although pzip and other encryption applications were not specifically mentioned, in the context of openssl dependencies, see this thread: viewtopic.php?p=35458#p35458

Using the links2 browser in Bionicpup64 8.0, I now get many error messages for expired certificates and do I want to connect anyway.

Firefox seems to work properly.

I use wget to download the rss feed from the Puppy forum (which links2 doesn't like). wget seems to work with the forum.

It occurs to me that links2 might be the only app with problems.

i suspect that because the links2 i am using is a static build, it probably has libs from an older version of openssl built into the executable.

EDIT: in FossaPup64, the static build links browser has the same error messages as in BionicPup64.
The dynamically built links does not have expired certificate errors.
So the problem is the older version of ssl in the links static build.

Concerning...

OpenSSL <= 1.0.2
Mozilla Firefox < 50
Ubuntu < 16.04
Debian < 8
Java 8 < 8u141
Java 7 < 7u151
NSS < 3.26
*
Interestingly enough, when you compile wine 3.15 or greater as an sfs, for the distro like Carolina, you can use the Palemoon's current x86 release, which was equivalent to v.73 at last check. Palemoon's auto update works just fine, the installs are running Palemoon 29.4.1. Java becomes current to the last x86 Windows 7 compatibility. I think I stopped loading dll's for java support at Java 9. The Kernel was re-built to v. 4.0 heading to 4.5, in Carolina. It isn't 5.11 for obvious reasons. The Firewall is now a recompile from Avira Anti-Virus's catalog. IO-Bit's Free Malaware software runs just fine. SSL's are more problematic, yet, https://themeisle.com/blog/renew-ssl-certificate/

It takes a bit of System Admin to stay current but can be done. There are many who don't bother with System Admin, for them upgrading makes sense. However, in a professional setting, it makes sense to take the time to keep current.