Any plan for updating OpenSSL in chef client package from 1.0.1h to 1.0.1i?


#1

Hi Chefs,

As mentioned by "Chef Server 11.1.4 Release"
http://www.getchef.com/blog/2014/08/14/chef-server-11-1-4-release/ ,
OpenSSL packaged in Chef Server 11.1.4 is updated from 1.0.1h to 1.0.1i.
However the latest chef client rpm package chef-11.14.2-1.el6.x86_64 stills
use OpenSSL 1.0.1h.

According to https://www.openssl.org/news/secadv_20140806.txt , the OpenSSL
1.0.1h client is also affected by the issues. Is chef client going to use
OpenSSL 1.0.1i ? Or is it not needed for chef client ?

Thanks in advance.

Thanks
Jesse Hu, Project Serengeti http://www.projectserengeti.org/


#2

On Mon, Sep 8, 2014 at 11:36 PM, Hui Hu huhui14@gmail.com wrote:

As mentioned by "Chef Server 11.1.4 Release"
http://www.getchef.com/blog/2014/08/14/chef-server-11-1-4-release/ , OpenSSL
packaged in Chef Server 11.1.4 is updated from 1.0.1h to 1.0.1i.
However the latest chef client rpm package chef-11.14.2-1.el6.x86_64 stills
use OpenSSL 1.0.1h.

According to https://www.openssl.org/news/secadv_20140806.txt , the OpenSSL
1.0.1h client is also affected by the issues. Is chef client going to use
OpenSSL 1.0.1i ? Or is it not needed for chef client ?

Chef Client 11.16.0 released today contains OpenSSL 1.0.1i.

  • Julian


[ Julian C. Dunn jdunn@aquezada.com * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]


#3

11.16.0 was a feature release to get the DSC support out. It was your
comment on the 11.1.4 server release that made me realize that we hadn’t
updated OpenSSL in the client yet, so I made sure it got included. All the
news on Monday overshadowed the inclusion of OpenSSL though. I’m working on
an email update to the chef list to mention this right now.

Bryan


#4

@Julian @Bryan, Thanks a lot for the info.

Thanks
Jesse Hu, Project Serengeti http://www.projectserengeti.org/

2014-09-09 23:03 GMT+08:00 Bryan McLellan btm@loftninjas.org:

11.16.0 was a feature release to get the DSC support out. It was your
comment on the 11.1.4 server release that made me realize that we hadn’t
updated OpenSSL in the client yet, so I made sure it got included. All the
news on Monday overshadowed the inclusion of OpenSSL though. I’m working on
an email update to the chef list to mention this right now.

Bryan