upgrade openssl
60 views
Skip to first unread message
kcrisman
Jan 28, 2016, 12:42:25 PM1/28/16
to sage-devel
In some correspondence with William he notes:
I'll also note there is a "high severity" security update to openssl
that came out today (version 1.0.2f) -- I hope Sage gets an updated
package in a timely manner.
https://www.openssl.org/news/secadv/20160128.txt
I'll also note there is a "high severity" security update to openssl
that came out today (version 1.0.2f) -- I hope Sage gets an updated
package in a timely manner.
https://www.openssl.org/news/secadv/20160128.txt
Thierry
Jan 28, 2016, 1:16:00 PM1/28/16
to sage-...@googlegroups.com
Hi,
On Thu, Jan 28, 2016 at 09:42:25AM -0800, kcrisman wrote:
> In some correspondence with William he notes:
>
> I'll also note there is a "high severity" security update to openssl
> that came out today (version 1.0.2f) -- I hope Sage gets an updated
> package in a timely manner.
I usually do a check when Sage beta get a big number, or during a rc0 if
it comes earlier i thought, see
https://trac.sagemath.org/search?q=update+openssl&noquickjump=1&branch=on&milestone=on&ticket=on&wiki=on
Indeed, with our current framework, there is a benefit only for the next
release (the user's $SAGE_ROOT/build/pkgs/openssl is not updated on the
fly).
Note that it only affects people that do not use the openssl provided by
their distro.
Ciao,
Thierry
> https://www.openssl.org/news/secadv/20160128.txt
>
> --
> You received this message because you are subscribed to the Google Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
On Thu, Jan 28, 2016 at 09:42:25AM -0800, kcrisman wrote:
> In some correspondence with William he notes:
>
> I'll also note there is a "high severity" security update to openssl
> that came out today (version 1.0.2f) -- I hope Sage gets an updated
> package in a timely manner.
it comes earlier i thought, see
https://trac.sagemath.org/search?q=update+openssl&noquickjump=1&branch=on&milestone=on&ticket=on&wiki=on
Indeed, with our current framework, there is a benefit only for the next
release (the user's $SAGE_ROOT/build/pkgs/openssl is not updated on the
fly).
Note that it only affects people that do not use the openssl provided by
their distro.
Ciao,
Thierry
> https://www.openssl.org/news/secadv/20160128.txt
>
> --
> You received this message because you are subscribed to the Google Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
kcrisman
Jan 28, 2016, 1:25:12 PM1/28/16
to sage-devel
Note that it only affects people that do not use the openssl provided by
their distro.
I don't know how easy it would be for Mac to use that one in Sage. But anyway this is mostly for the sagenb which people would be running on Linux, or so I believe. (This occurred in the context of discussion of Jupyter, which apparently requires ssl for the one-user version.)
Thierry
Jan 28, 2016, 1:39:22 PM1/28/16
to sage-...@googlegroups.com
1.0.1e https://trac.sagemath.org/ticket/16454
It is also required for pip to work (use of https).
Ciao,
Thierry
Michael Orlitzky
Jan 28, 2016, 1:41:59 PM1/28/16
to sage-...@googlegroups.com
On 01/28/2016 01:39 PM, Thierry wrote:
>
> It should work on OSX as well, at least it was tested on OSX 32bit for
> 1.0.1e https://trac.sagemath.org/ticket/16454
>
Unrelated: the self-signed certificate on trac.sagemath.org is expired.
>
> It should work on OSX as well, at least it was tested on OSX 32bit for
> 1.0.1e https://trac.sagemath.org/ticket/16454
>
If someone can generate a new one, just make it valid for ten years.
William Stein
Jan 28, 2016, 2:27:12 PM1/28/16
to sage-devel
Of related interest, Jupyter will maybe soon not *require* openssl to
work locally. See
https://github.com/jupyter/notebook/issues/1019
William (http://wstein.org)
work locally. See
https://github.com/jupyter/notebook/issues/1019
> --
> You received this message because you are subscribed to the Google Groups
> "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sage-devel+...@googlegroups.com.
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
--
> You received this message because you are subscribed to the Google Groups
> "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sage-devel+...@googlegroups.com.
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
William (http://wstein.org)
kcrisman
Jan 28, 2016, 8:52:46 PM1/28/16
to sage-devel
On Thursday, January 28, 2016 at 2:27:12 PM UTC-5, William wrote:
Of related interest, Jupyter will maybe soon not *require* openssl to
work locally. See
https://github.com/jupyter/notebook/issues/1019
+1
Reply all
Reply to author
Forward
0 new messages