OpenBMC CVE issues in openssl

Wang, Kuiying kuiying.wang at intel.com
Tue Sep 24 12:48:21 AEST 2019


Hi Brad,
Ok sure.
I prefer to upgrading openssl related separately first and then others.
Because I have urgent requirement for the latest version to fix security issues, do you agree on that?

That means I submit another patch just to upgrading openssl to 1.1.1d, is it acceptable?

Thanks,
Kwin.

-----Original Message-----
From: Brad Bishop [mailto:bradleyb at fuzziesquirrel.com] 
Sent: Tuesday, September 24, 2019 10:41 AM
To: Wang, Kuiying <kuiying.wang at intel.com>
Cc: openbmc at lists.ozlabs.org; Jia, Chunhui <chunhui.jia at intel.com>; Shi, Yilei <yilei.shi at intel.com>; Mihm, James <james.mihm at intel.com>; Xu, Qiang <qiang.xu at intel.com>
Subject: Re: OpenBMC CVE issues in openssl

at 10:25 PM, Wang, Kuiying <kuiying.wang at intel.com> wrote:

> Hi Brad,
> Openssl is already upgrade to 1.1.1d, so please help sync to the 
> latest version.
> https://github.com/openembedded/openembedded-core/tree/master/meta/rec
> ipes-connectivity/openssl
>
> Please let me know, if you need me to submit patch for this upgrading.
>
> Thanks,
> Kwin.

Hi Kwin

I pushed a change last week that picks it up:  
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/25306

Something broke though, so that will need to get debugged before we can pick it up.  If you are able to help you could cherry-pick this change and do some builds and/or testing.

thanks!

-brad


More information about the openbmc mailing list