OpenSSL 1.1.1 + 1.0.2

Rating: 
5
Your rating: None Average: 5 (4 votes)

These are the original OpenSSL RPM packages by Jolla from SailfishOS 4.2.0.21 for Aarch64, ARMv7hl and i486.
Note that only the SailfishOS 4.2.0 releases provide these packages (while SailfishOS 4.0.1 and 4.1.0 provide an older version of these OpenSSL 1.1.1 + 1.0.2 combi-packages).

They allow you to install OpenSSL 1.1.1k together with OpenSSL 1.0.2o on basically any SailfishOS release, no matter how old.
Specifically these OpenSSL RPMs are the last release by Jolla, which provide both libcrypto.so.10 and libcrypto.so.1.1 as well as both libssl.so.10 and libssl.so.1.1 in a single set of RPMs, hence they satisfy the dependencies of older and newer apps linked against libcrypto or libssl.

For the sake of convenience, the openssl-libs and openssl-devel RPMs, which are also provided by this repository, are shown on a separate Openrepos page.
After this repository has been added (e.g., in Storeman, Warehouse or per ssu ar), one only needs to install the openssl RPM proper (e.g., in Storeman, Warehouse or per pkcon update openssl), which will automatically pull openssl-libs in; the openssl-devel RPMs are only provided for the sake of completeness.

While these packages are primarily intended to be used on SailfishOS releases before 4.2.0, one may also utilise them on a SailfishOS release higher than 4.2.0, because SailfishOS 4.3.0 dropped OpenSSL 1.0 compatibility.  By installing these packages (which provide libcrypto.so.10 and libssl.so.10) on SailfishOS ≥ 4.3.0 the compatibility to apps using these libraries is restored.

Notes:

  • These OpenSSL RPMs are hosted in a separate, single purpose repository, because these RPMs supersede an extant system package.
    Thus it is fine to leave this repository enabled during SailfishOS upgrades, if you have installed OpenSSL from it (if not, it might be installed during an SailfishOS upgrade).
  • To restore the original behaviour and state of the OS, simply uninstall the OpenSSL package you installed.
    Then also remove or disable this repository in order to prevent automatic reinstallation of these OpenSSL RPMs when upgrading the OS.
  • You might also want to update the ca-certificates RPM to the version from SailfishOS 3.4.0 (when on an older release), as described in section B, method 1 of this guide.
  • Thoroughly tested on SailfishOS 3.2.1 and 2.2.1.
  • The source tree Jolla used for building these RPMs is at https://github.com/sailfishos/openssl/tree/1.1.1k+git1
  • The mangled RPM file names are caused by Openrepos's import filter: It eliminates every "+" and inserts an "_" before the .<arch>.rpm extension.  Never mind, that ultimately makes no difference.
  • The RPMs were downloaded per curl -O https://releases.jolla.com/releases/4.2.0.21/jolla/aarch64/oss/aarch64/o... etc.
Application versions: 
AttachmentSizeDate
File openssl-1.1.1kgit1-1.7.5.jolla_.aarch64.rpm243.57 KB15/11/2021 - 22:56
File openssl-1.1.1kgit1-1.7.4.jolla_.armv7hl.rpm243.7 KB15/11/2021 - 22:56
File openssl-1.1.1kgit1-1.7.4.jolla_.i486.rpm255.85 KB15/11/2021 - 22:56

Comments

delocoyo's picture

Thank you so much

delocoyo's picture

I cant install it in xperia x 4.3

olf's picture

Well, on any SailfishOS > 4.2.0 you obviously have to downgrade (only) the packages openssl and openssl-libs, because these "combi-packages" (providing both openssl 1.1.1 and 1.0.2) are from SailfishOS 4.2.0.
Note that you should only do that if you use applications, which depend on OpenSSL 1.0.x and will not install or run without it.  Still you should contact the author of these apps and ask kindly for an update, which uses OpenSSL 1.1.x

The simplest and safest way to perform the installation of these packages on a SailfishOS > 4.2.0 is to download them and install them locally (this way you even do not need to enable this respository).
Mind that an upgrade of SailfishOS will install a newer OpenSSL 1.1-only, again: You might re-apply the following steps (here for ARMv7hl, i.e. Xperia X, XA2 and 10) then.

curl -LO https://openrepos.net/sites/default/files/packages/17011/openssl-1.1.1kgit1-1.7.4.jolla_.armv7hl.rpm

curl -LO https://openrepos.net/sites/default/files/packages/17011/openssl-libs-1.1.1kgit1-1.7.4.jolla_.armv7hl.rpm

devel-su pkcon install-local --allow-downgrade openssl-1.1.1kgit1-1.7.4.jolla_.armv7hl.rpm openssl-libs-1.1.1kgit1-1.7.4.jolla_.armv7hl.rpm

P.S.: As denoted in the description, the primary use case for these packages is to upgrade a SailfishOS < 4.2.0 with the final OpenSSL "combi-packages" from Jolla, this application is only the secondary use case (hence I missed to describe how to install these packages then).

olf's picture

Well, for me the stability of SailfishOS and its upgrade process is paramount. Additionally I do not want to trust security critical packages patched and recompiled in a non-traceable manner, so I definitely prefer these, which were provided by Jolla.
Plus, as usual with CVE lists, most of the mentioned ones are not really relevant. There always will be some newer version fixing something, if not today then by tomorrow.

lpr's picture

hm, I think you should mention CVE-2021-3712 , CVE-2021-3711 (1.1.1k) and CVE-2018-5407 CVE-2020-1968 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 (Jollas 1.0.2o+git) affecting this packages and make it therefore only second choice...