* openssl and heartbleed
@ 2014-04-14 14:37 Richard Schmitt
2014-04-14 14:41 ` Martin Jansa
0 siblings, 1 reply; 4+ messages in thread
From: Richard Schmitt @ 2014-04-14 14:37 UTC (permalink / raw)
To: yocto@yoctoproject.org
[-- Attachment #1: Type: text/plain, Size: 159 bytes --]
Does the Yocto project plan to have some response to the heartbleed exploit in openssl in the near term? Has this already been addressed?
Thanks,
Rich
[-- Attachment #2: Type: text/html, Size: 2361 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: openssl and heartbleed
2014-04-14 14:37 openssl and heartbleed Richard Schmitt
@ 2014-04-14 14:41 ` Martin Jansa
2014-04-14 17:26 ` Paul Eggleton
2014-04-16 22:42 ` Michael Halstead
0 siblings, 2 replies; 4+ messages in thread
From: Martin Jansa @ 2014-04-14 14:41 UTC (permalink / raw)
To: Richard Schmitt; +Cc: yocto@yoctoproject.org
[-- Attachment #1: Type: text/plain, Size: 334 bytes --]
On Mon, Apr 14, 2014 at 02:37:52PM +0000, Richard Schmitt wrote:
> Does the Yocto project plan to have some response to the heartbleed exploit in openssl in the near term? Has this already been addressed?
It was already addressed for master, daisy, dora and dylan.
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: openssl and heartbleed
2014-04-14 14:41 ` Martin Jansa
@ 2014-04-14 17:26 ` Paul Eggleton
2014-04-16 22:42 ` Michael Halstead
1 sibling, 0 replies; 4+ messages in thread
From: Paul Eggleton @ 2014-04-14 17:26 UTC (permalink / raw)
To: Richard Schmitt; +Cc: yocto
On Monday 14 April 2014 16:41:21 Martin Jansa wrote:
> On Mon, Apr 14, 2014 at 02:37:52PM +0000, Richard Schmitt wrote:
> > Does the Yocto project plan to have some response to the heartbleed
> > exploit in openssl in the near term? Has this already been addressed?
>
> It was already addressed for master, daisy, dora and dylan.
Specifically, for master and daisy (what will be the 1.6 release), OpenSSL was
upgraded to 1.0.1g which includes the fix. For dora (1.5) and dylan (1.4)
branches, the specific fix was backported as a patch on top of 1.0.1e.
We haven't yet had a point release of 1.4 or 1.5 that includes the fix. At this
point given the nature of our project, I'm not sure if we would rush to do
one. It's certainly likely we will have a 1.5 point release in the near future
though.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: openssl and heartbleed
2014-04-14 14:41 ` Martin Jansa
2014-04-14 17:26 ` Paul Eggleton
@ 2014-04-16 22:42 ` Michael Halstead
1 sibling, 0 replies; 4+ messages in thread
From: Michael Halstead @ 2014-04-16 22:42 UTC (permalink / raw)
To: Martin Jansa, Richard Schmitt; +Cc: yocto@yoctoproject.org
[-- Attachment #1: Type: text/plain, Size: 879 bytes --]
On 04/14/2014 07:41 AM, Martin Jansa wrote:
> On Mon, Apr 14, 2014 at 02:37:52PM +0000, Richard Schmitt wrote:
>> Does the Yocto project plan to have some response to the heartbleed exploit in openssl in the near term? Has this already been addressed?
> It was already addressed for master, daisy, dora and dylan.
It's a separate issue but as far as the yoctoproject.org infrastructure
is concerned our primary SSL termination server runs OpenSSL 0.9.8k and
was not vulnerable to heartbleed. Other servers were not publicly
accessible and were patched quickly after the announcement. On the build
hosts the only running service linked linked against OpenSSL was NTP. We
discussed this on the
https://www.yoctoproject.org/tools-resources/community/weekly-technical-call
the day after heartbleed was announced.
Michael Halstead
Yocto Project / Sys Admin
>
>
[-- Attachment #2: Type: text/html, Size: 1740 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-04-16 22:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-14 14:37 openssl and heartbleed Richard Schmitt
2014-04-14 14:41 ` Martin Jansa
2014-04-14 17:26 ` Paul Eggleton
2014-04-16 22:42 ` Michael Halstead
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.