Re: Forthcoming OpenSSL release

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Forthcoming OpenSSL release

Sam Roberts
Will it include ONLY the CVE fix, or will it include other fixes, such
as to the getrandom() call on some archs?

        commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02
        Author: Kurt Roeckx <[hidden email]>
        Date:   Sat Sep 28 14:59:32 2019 +0200

          Add defines for __NR_getrandom for all Linux architectures

          Fixes: https://github.com/openssl/openssl/issues/10015

          Reviewed-by: Bernd Edlinger <[hidden email]>
          GH: https://github.com/openssl/openssl/pull/10044

See https://github.com/nodejs/node/pull/32002 for background.

On Wed, Mar 11, 2020 at 8:53 AM Matt Caswell <[hidden email]> wrote:

>
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL version 1.1.1e.
>
> This release will be made available on Tuesday 17th March 2020 between
> 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551
> previously announced here:
> https://www.openssl.org/news/secadv/20191206.txt
>
> Please see the following page for further details of severity levels:
> https://www.openssl.org/policies/secpolicy.html
>
> Yours
>
> The OpenSSL Project Team
Reply | Threaded
Open this post in threaded view
|

Re: Forthcoming OpenSSL release

Matt Caswell-2


On 11/03/2020 17:42, Sam Roberts wrote:
> Will it include ONLY the CVE fix, or will it include other fixes, such
> as to the getrandom() call on some archs?

It will include all fixes currently in the 1.1.1-dev branch including
commit eee565ec4 which is the 1.1.1 equivalent of the commit you mention.

Matt


>
>         commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02
>         Author: Kurt Roeckx <[hidden email]>
>         Date:   Sat Sep 28 14:59:32 2019 +0200
>
>           Add defines for __NR_getrandom for all Linux architectures
>
>           Fixes: https://github.com/openssl/openssl/issues/10015
>
>           Reviewed-by: Bernd Edlinger <[hidden email]>
>           GH: https://github.com/openssl/openssl/pull/10044
>
> See https://github.com/nodejs/node/pull/32002 for background.
>
> On Wed, Mar 11, 2020 at 8:53 AM Matt Caswell <[hidden email]> wrote:
>>
>> The OpenSSL project team would like to announce the forthcoming release
>> of OpenSSL version 1.1.1e.
>>
>> This release will be made available on Tuesday 17th March 2020 between
>> 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551
>> previously announced here:
>> https://www.openssl.org/news/secadv/20191206.txt
>>
>> Please see the following page for further details of severity levels:
>> https://www.openssl.org/policies/secpolicy.html
>>
>> Yours
>>
>> The OpenSSL Project Team
>