openSuse and open ssl 1.0.0 compliancy problem

FAH provides a V7 client installer for Debian / Mint / Ubuntu / RedHat / CentOS / Fedora. Installation on other distros may or may not be easy but if you can offer help to others, they would appreciate it.

Moderators: Site Moderators, FAHC Science Team

Post Reply
promeneur
Posts: 198
Joined: Tue Aug 07, 2012 11:59 am
Hardware configuration: openSUSE Tumbleweed, x86_64,Asrock B760M-HDV/M.2 D4, Intel Core i3-12100, 16 GB, Intel UHD Graphics 730, NVIDIA GeForce GT 1030, Edup-Love EP-9651GS Wi-Fi Bluetooth, multicard reader USB 3.0 startech.com 35fcreadbu3, Epson XP 7100, Headset Bluetooth 3.0 Philips SHQ7300

openSuse and open ssl 1.0.0 compliancy problem

Post by promeneur »

folding@home is not compliant with opensuse open ssl 1.0.0 if version is > 1.0.2j

where is the problem ? in opensuse or FAH ?

i submitted the problem to opensuse team. Here is the answer of openSuse team

https://bugzilla.suse.com/show_bug.cgi?id=1152573

***************************************************************************************************************************************************
The problem is really on the side of folding@home.
They only support an old insecure version of the openssl library.

OpenSSL 1.0.2j is more than three years old (released 22 Sep 2016) and contains at least 15 unfixed security vulnerabilities (CVE).

openSUSE won't support the old library just for the sake of one package that's not even packaged in the distribution.

The solution you listed on the forums, puts your whole system at risk, as you're essentially replacing the system openssl with the obsolete 1.0.2j.

What you should do, is to urge folding@home to support an up-to-date version of the openssl library.
As the 1.0.2 branch is going out of support upstream at the end of the year, they should definitely switch to the 1.1.1 branch.
***************************************************************************************************************************************************

what fah dev can answer to this?

thanks
Image
Post Reply