Mushure meiyo HeartBleedGate uye nzizi dzevanhu vakanyorwa nezvenyaya iyi, manga akasindimara ayo ari vagadziri veOpenBSD, anotungamirwa naTheo de Raadt, akati "Tichagadzira yedu yeOpenSSL nemitambo yemhanza uye sluts." Asi sei mari haivape Zvekubhejera uye sluts, ivo vakasara neforogo chete yeOpenSSL, iyo yavanodaidza FreeSSL uye kuti pakutanga ichave yeOpenBSD 5.6 uye, kana zvese zvikafamba mushe, kune mamwe maPOSIX masisitimu, kusanganisira zvekare Linux.
Muzvokwadi OpenBSD mugadziri Ted Unangst akataura kuti Heartbleed yaive ingori imwe yeakaverengeka egore OpenSSL yakaipa bugs uye kuti iyi tsikidzi yakanga isiri chikonzero cheforogo. Iyo bhagidhi iyo Ted inotarisa pairi (iyo yaizopedzisira ichikonzera iyo forogo) ine chekuita nayo emukati ma OpenSSL freelists uye chii ngnix haishande vasina ma freelists. Asi yakaipisisa yaive kushomeka kwemhinduro kubva kuOpenSSL sezvo iyi bug yatove nechikwata chakatsanangurwa uye havasati vaishandisa izvozvi. Icho chigamba chiri kwegore risingabatanidzwe; OpenSSL, OpenBSD, uye Debian vakazvigadzira pachavo. Kana vagadziri veOpenSLL vasina kushandisa chigamba, vanga vasiri kuenda kuzovanyengetedza kuti vabvise rutsigiro rwavo rweVisual C ++ 5.0 (C programmers vanogona kuseka nemienzaniso iyi).
Saka vakabvisa zviuru zana nemakumi mashanu emitsetse yekodhi uye kuverenga, kunyanya mushure mekubvisa rutsigiro rweVMS, inosemesa yakavharwa mashandiro esisitimu anochengetwa naHewlett Packard. Zvinoita sekunge X inofananidzwa neWayland.
Zvichakadaro, ndinokusiya newebsite OpenSSL Valhalla Rampage ine gallery yekutyisa iyo iyo OpenBSD inoedza kugadzirisa.
Kutenda maforogo aya, software senge LibreOffice naMariaDB vane zvavanoda (muSlackware, vakatsiva MySQL naMariaDB, uye mumadistros mazhinji, vese vakatsiva OpenOffice yavo neLibreOffice).
Asi iwo maforogo aive nekuti ivo vaisada kuve nedanho rakafanana neOpenSolaris pamaoko e "muridzi" mutsva, yaive nyaya yezvinodiwa, uye ruzhinji rwakakurumidza kutsigira imwe nzira (inova ndivo vadziri vayo asi nerimwe zita). Izvi zvinondirova zvakanyanya sevanhu veOpenBSD (NaRaadt's Theo "Linux ndeyaLosers" pachinzvimbo) havafari kuti havana kusanganisira shanduko dzavo. Nechikonzero ichocho pane MaharaBSD, NetBSD, uye OpenBSD.
Ini ndinobvumirana newe 100%. Iwe haufanire kunyanyisa, kana fanboy.
Ndine urombo, zvese zvandaigona kufunga nezvaive "Nikzon, wemamota."
Sezviri pachena nhasi ivo vaisanganisira chigamba chekupokana.
https://rt.openssl.org/Ticket/Display.html?id=2167#txn-39826
SaFelipe, shamwari yaMafalda yakati:
"Chido chinofanira kunge chiri icho chete chinhu icho, kana chakasvibiswa, chinoda kubayiwa."
Ini handinzwisise rant nezve forogo iyi, mushure mezvose, aya ndiwo mashandiro enharaunda yakavhurika nharaunda inoshanda, nemaforogo uye merges. Pane kupokana, ndinoona zvichirumbidzwa kuti vafunga kugadzira pasuru hombe yakadaro.
Ini handisi nyanzvi muOpenSSL, asi zvinoenderana nemapoinzi matatu ataurwa naDiazepan, ndiko kuti "Tsigiro yehurongwa hwakavharwa zvachose" (VMS), "yechinyakare kodhi" (Visual C ++ 5.0) "uye" Kushaya rutsigiro ", zvinoita kwandiri kuti zvingadai zvisina kudaro.
Uye hongu, ndati kushaya rutsigiro, kuti chigamba chambotaurwa chakabatanidzwa nhasi, hazvireve kuti chaive chinopfuura gore pane zvinyorwa zvekukumbira. Ichokwadi chekuti OpenBSD, inova imwe yenzira dzakatsiga kwazvo kunze uko, kwete chete nekuti iri OpenBSD, asi zvakare nekuti iri BSD, uye naDebian vakaiisa mumabhuku avo zvinoratidza kuti yanga isiri chigamba chekuyedza, asi yakagadzikana.
Nehurombo Linux Foundation haina kuzviona nenzira iyoyo uye yakapa mari yeOpenSSL, iyo, kubva pakuona kwangu kukanganisa, vanofanirwa kutsigira LibreSSL, chimwe chinhu chinotanga kusvika zero, kutanga tsika dzakaipa dzeOpenSSL, semuenzaniso malloc.