https://koji.fedoraproject.org/koji/packageinfo?packageID=109 it's one thing that it takes ages to get security updates through te karma/testing nonsense but that it takes days to even start builds to fix https://nvd.nist.gov/vuln/detail/CVE-2020-1967 is a joke and yes every news portal in germany is aware about the issue and so bad guys are too
This is just a reminder that Fedora is a community supported Linux distribution/OS and not an Enterprise OS with paid subscription with SLA for security fixes. Anyway the openssl-1.1.1g-1 builds are now building in Koji.
FEDORA-2020-d7b29838f6 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d7b29838f6
FEDORA-2020-fcc91a28e8 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-fcc91a28e8
fully aware but i build enough packages outside fedora where i get noticed about each and every minor release and when some issue has news articles all over the world........ the problem with Fedora is that it a) it takes ages before a koji build arrives in update-testing at all b) it takes ages before the metadata is updated on testing users c) it takes ages to get karma d) it takes ages again to get it finally in the updates repo e) it takes ages again until enuduser machines without updates-testing get it
There is no tragedy here, this is at most a DOS so not a critically important update to have to drop everything and rush to fix. Let's not use hyperbole.
it's a *general* problem how long it takes to get updates out in Fedora where most of the time even CentOS is faster and a simple DOS is *critically important* for any public service
You can report what you want to the mailing list, or by opening a distribution bug, openssl bugzilla bugs are not a discussion forum for general issues.
Simo you don't get it! when it takes days that someone fires up a *trivial* build that *adds* to the time it takes i was notified *tuesday* about the issue and we have *thursday* not more and not less
FEDORA-2020-fcc91a28e8 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-fcc91a28e8` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-fcc91a28e8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-d7b29838f6 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d7b29838f6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d7b29838f6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-da2d1ef2d7 has been pushed to the Fedora 30 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-da2d1ef2d7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-da2d1ef2d7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-fcc91a28e8 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-da2d1ef2d7 has been pushed to the Fedora 30 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-d7b29838f6 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.