Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread m . roth 
Johnny Hughes wrote:
> On 05/11/2016 11:44 AM, Patrick Rael wrote:
>> On 05/11/2016 09:45 AM, Steve Snyder wrote:
>>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" 
>>> said:
Is there an ETA on the openssl security update
 (CVE-2016-0799) for
 CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
 awaiting the same for 6.7.

 Thanks!
>>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless
>>> CentOS does a special back-port we'll have to wait for CentOS v6.8 to
>>> get the OpenSSL update.
>> Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?)
>> I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7.
>> I thought security updates would be available on 6.7 for many more
>> years.
>
> Because Red Hat built that against 6.8 and not 6.7, I have to do the same.
>
> I expect that the CR rpms for os/ and that openssl update will be
> released in the next 2-3 days.
>
> Thanks,

No, thank *you*, Johnny, for all the work you do... and, as I've offered
before, if we're ever in the same metro area, I'd be happy to buy you a
drink for it all.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Johnny Hughes 
On 05/11/2016 11:44 AM, Patrick Rael wrote:
> On 05/11/2016 09:45 AM, Steve Snyder wrote:
>>
>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" 
>> said:
>>
>>> Hi,
>>>  Is there an ETA on the openssl security update
>>> (CVE-2016-0799) for
>>> CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
>>> awaiting
>>> the same for 6.7.
>>>
>>> Thanks!
>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless
>> CentOS does a special back-port we'll have to wait for CentOS v6.8 to
>> get the OpenSSL update.
> Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?)
> I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7.
> I thought security updates would be available on 6.7 for many more years.
> 

Because Red Hat built that against 6.8 and not 6.7, I have to do the same.

I expect that the CR rpms for os/ and that openssl update will be
released in the next 2-3 days.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Patrick Rael 

On 05/11/2016 11:24 AM, m.r...@5-cent.us wrote:

Patrick Rael wrote:

On 05/11/2016 09:45 AM, Steve Snyder wrote:

On Wednesday, May 11, 2016 11:20am, "Patrick Rael" 
said:


Hi,
  Is there an ETA on the openssl security update (CVE-2016-0799) for
CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
awaiting the same for 6.7.


Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless
CentOS does a special back-port we'll have to wait for CentOS v6.8 to
get the OpenSSL update.

Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?)
I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7.
I thought security updates would be available on 6.7 for many more years.


Please - it was *just* released, and the build team is presumably already
on it. Hopefully, upstream hasn't screwed with their build environment
again.

At any rate, when upstream did, it took our build team about a month to
get builds working again; if they haven't, then I'd hope for a few weeks.

PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day
arguing over whether the build team is lazy, or 75% of them "ANYTHING
NEW?! HOW SOON?!

Give them some bloody time, children. It's a job of work, as the old
saying goes.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Thanks!   You developers do a mountain of work, it's really appreciated 
greatly!


-->Pat
--

--
Patrick Rael
Contractor, Lumeta Corporation
Network Situational Awareness
Phone: 703-298-3276

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Richard 


> Date: Wednesday, May 11, 2016 13:24:43 -0400
> From: m.r...@5-cent.us
>
> Patrick Rael wrote:
>> On 05/11/2016 09:45 AM, Steve Snyder wrote:
>>> 
>>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael"
>>>  said:
>>> 
 Hi,
  Is there an ETA on the openssl security update (CVE-2016-0799)
  for CentOS 6.7?I saw the openssl update for CentOS 7 on
 5/9, eagerly awaiting the same for 6.7.
 
>>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday.
>>> Unless CentOS does a special back-port we'll have to wait for
>>> CentOS v6.8 to get the OpenSSL update.
> 
>> Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?)
>> I just need to predict when CVE-2016-0799 will be fixed for CentOS
>> 6.7. I thought security updates would be available on 6.7 for many
>> more years.
>> 
> Please - it was *just* released, and the build team is presumably
> already on it. Hopefully, upstream hasn't screwed with their build
> environment again.
> 
> At any rate, when upstream did, it took our build team about a
> month to get builds working again; if they haven't, then I'd hope
> for a few weeks.
> 
> PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts
> a day arguing over whether the build team is lazy, or 75% of them
> "ANYTHING NEW?! HOW SOON?!
> 
> Give them some bloody time, children. It's a job of work, as the old
> saying goes.
> 

Security updates will be available for rhel/centos 6 for many years
(november 2020 I believe). 6.7 is simply a point-in-time snapshot
which is not explicitly supported once the next point release has
come out.

  > I thought security updates would be available 
  > on 6.7 for many more years.

When there are cusp security issues like this the security update
sometimes comes out ahead of the rest of the new point release via
the fasttrack or CR repositories.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread m . roth 
Patrick Rael wrote:
> On 05/11/2016 09:45 AM, Steve Snyder wrote:
>>
>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" 
>> said:
>>
>>> Hi,
>>>  Is there an ETA on the openssl security update (CVE-2016-0799) for
>>> CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
>>> awaiting the same for 6.7.
>>>
>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless
>> CentOS does a special back-port we'll have to wait for CentOS v6.8 to
>> get the OpenSSL update.

> Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?)
> I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7.
> I thought security updates would be available on 6.7 for many more years.
>
Please - it was *just* released, and the build team is presumably already
on it. Hopefully, upstream hasn't screwed with their build environment
again.

At any rate, when upstream did, it took our build team about a month to
get builds working again; if they haven't, then I'd hope for a few weeks.

PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day
arguing over whether the build team is lazy, or 75% of them "ANYTHING
NEW?! HOW SOON?!

Give them some bloody time, children. It's a job of work, as the old
saying goes.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Patrick Rael 

On 05/11/2016 09:45 AM, Steve Snyder wrote:


On Wednesday, May 11, 2016 11:20am, "Patrick Rael"  said:


Hi,
 Is there an ETA on the openssl security update (CVE-2016-0799) for
CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
awaiting
the same for 6.7.

Thanks!

Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless CentOS 
does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL 
update.

Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?)
I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7.
I thought security updates would be available on 6.7 for many more years.

Best regards!



--
Patrick Rael
Contractor, Lumeta Corporation
Network Situational Awareness
Phone: 703-298-3276

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Peter Kjellström 
On Wed, 11 May 2016 09:20:54 -0600
Patrick Rael  wrote:

> Hi,
> Is there an ETA on the openssl security update
> (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for
> CentOS 7 on 5/9, eagerly awaiting
> the same for 6.7.

The fix/RHSA is here:
https://rhn.redhat.com/errata/RHSA-2016-0996.html

But as Steve pointed out it's part of 6.8 (hence the current
unavailability).

/Peter K
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Gilbert Sebenste 

On Wed, 11 May 2016, Steve Snyder wrote:


On Wednesday, May 11, 2016 11:20am, "Patrick Rael"  said:


Hi,
Is there an ETA on the openssl security update (CVE-2016-0799) for
CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
awaiting
the same for 6.7.

Thanks!


Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless
CentOS does a special back-port we'll have to wait for CentOS v6.8 to 
get the OpenSSL update.


Or, if you have the CR repo installed, you should get it a lot quicker.

Gilbert

***
Gilbert Sebenste
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Steve Snyder 


On Wednesday, May 11, 2016 11:20am, "Patrick Rael"  said:

> Hi,
> Is there an ETA on the openssl security update (CVE-2016-0799) for
> CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly
> awaiting
> the same for 6.7.
> 
> Thanks!

Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless CentOS 
does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL 
update.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] openssl Security Update for CentOS 6.7 ETA

2016-05-11 Thread Patrick Rael 

Hi,
   Is there an ETA on the openssl security update (CVE-2016-0799) for
CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly 
awaiting

the same for 6.7.

Thanks!
-->Pat

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos