Ngemuva kwe-HeartBleedGate nemifula yabalingiswa ebhalwe kuleli cala, lelo manga elinenkani elingabathuthukisi be-OpenBSD, eliholwa nguTheo de Raadt, lathi "Masizenzele i-OpenSSL yethu ngemidlalo yenhlanhla nama-sluts." Kodwa kanjani imali ayibaniki ngokugembula nama-sluts, basala nemfoloko ye-OpenSSL kuphela, abazoyibiza Mahhala nokuthi ekuqaleni kuzoba nge-OpenBSD 5.6 futhi, uma konke kuhamba kahle, kwezinye izinhlelo ze-POSIX, kufaka phakathi ne-Linux.
Empeleni unjiniyela we-OpenBSD uTed Unangst ubalula ukuthi kwakuyi-Heartbleed eyodwa nje yezimbungulu ezimbalwa ze-OpenSSL eziyinhlekelele nokuthi le bug yayingeyona isizathu semfoloko. I-bug uTed agxile kuyo (leyo ezogcina ibange imfoloko) ihlobene nayo ozimele be-OpenSSL bangaphakathi yini futhi ngnix ayisebenzi ngaphandle kwalabo freelists. Kepha okubi kakhulu kwaba ukungabikho kwempendulo evela ku-OpenSSL ngoba leyo bug isivele ine-patch ehlongozwayo futhi abakayisebenzisi okwamanje. Leso sichibi sinjalo unyaka ongafakiwe; I-OpenSSL, i-OpenBSD kanye ne-Debian zizenzele iziqephu zazo. Uma abathuthukisi be-OpenSSL bengasisebenzisanga isichibi, bebengazukubakholisa ukuthi bahoxise ukwesekwa kwabo kwe-Visual C ++ 5.0 (abenzi bohlelo C bangahleka ngalezi zibonelo).
Ngakho-ke balahle cishe imigqa eyizinkulungwane eziyi-150 yekhodi nokubala, ikakhulukazi ngemuva kokukhipha ukwesekwa kwe-VMS, isistimu yokusebenza enyanyekayo evaliwe yamaseva agcinwa nguHewlett Packard. Kusengathi i-X iqhathaniswa neWayland.
Okwamanje, ngikushiya nesayithi Ukuhlasela kwe-OpenSSL Valhalla negalari yokwesabisa lapho i-OpenBSD izama ukuyilungisa.
Ngenxa yalezi zimfoloko, isoftware efana neLibreOffice neMariaDB baye bathanda (eSlackware, bathathe indawo ye-MySQL bafaka iMariaDB, futhi kuma-distros amaningi, bonke sebethathe indawo ye-OpenOffice yabo bafaka iLibreOffice).
Kodwa lezo zimfoloko zazingenxa yokuthi zazingafuni ukuba nesiphetho esifana nesika-OpenSolaris ezandleni "zomnikazi" omusha, kwakuyicala lokudingeka okukhulu, futhi iningi lasheshe lasekela enye indlela (okuyiyona empeleni engabakhi bayo kodwa elinye igama). Lokhu kungishaya kakhulu njengabantu be-OpenBSD (Nge-Raadt's Theo "Linux is for Losers" on the helm) abajabule ngokuthi abafakanga ushintsho lwabo. Ngaleso sizathu kukhona iFreeBSD, iNetBSD, ne-OpenBSD.
Ngivumelana nawe 100%. Akudingeki weqise ngokweqile, noma ube ngumuntu othanda izithandani.
Uxolo, engangikucabanga nje nge- "Nikzon, yama-hemorrhoids."
Ngokusobala namhlanje babefaka isiqephu sempikiswano.
https://rt.openssl.org/Ticket/Display.html?id=2167#txn-39826
NjengoFelipe, umngani kaMafalda wathi:
"Intando kumele kube yiyo kuphela into okumele ithi uma ihlanjululwa ihlulwe."
Angiqondi rant ngale imfoloko, ngemuva kwakho konke, le yindlela umphakathi ovulekile osebenza ngayo, ngezimfoloko nokuhlangana. Ngokuphambene nalokho, ngikuthola kudunyiswa ukuthi banqume ukwenza iphakethe elikhulu kangaka.
Angiyena uchwepheshe ku-OpenSSL, kodwa ngokwamaphoyinti amathathu ashiwo nguDiazepan, lokho "Ukuxhaswa kohlelo oluvaliwe ngokuphelele" (i-VMS), "ikhodi ephelelwe yisikhathi" (i-Visual C ++ 5.0) "ne" Ukuntuleka kokwesekwa " , kubonakala kimi ukuthi bekungeke kube ngenye indlela.
Futhi yebo, ngithe ukuntuleka kokwesekwa, ukuthi isichibi esishiwo ngenhla sifakiwe namuhla, akusho ukuthi bekungaphezu konyaka ohlwini lwezicelo. Iqiniso lokuthi i-OpenBSD, engenye yezinhlelo ezizinzile kakhulu lapho, hhayi nje ngoba i-OpenBSD, kepha futhi ngoba iyi-BSD, futhi abakwaDebian bayifakile ezinqolobaneni zabo kukhombisa ukuthi bekungeyona isichibi sokuhlola, kepha kuzinzile.
Ngeshwa i-Linux Foundation ayiboni kanjalo futhi yabela imali i-OpenSSL, okuthi, ngokombono wami kube yiphutha, kufanele basekele iLibreSSL, into eqala cishe ingu-zero, iqale imikhuba emibi ye-OpenSSL, njengesibonelo malloc.