2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
What’s up at ITUGLIB?
Nexbridge
DanThe holiday season has been a busy one at ITUGLIB, in a big way because of some security issues out in the world at large. As NonStop becomes increasingly more modern and adopts more technology standards, we all must be aware of issues that are also hitting the rest of our enterprises. Three packages were impacted by these changes:
OpenSSL had two patches last year, both of which are now out on the ITUGLIB website. You should be looking for OpenSSL 1.0.2n, which contains the latest patches (as of the time of publication, of course). This package has changed a bit since last year. We removed the version check that OpenSSH, Curl, and git used, so you can now upgrade OpenSSL without also upgrading those two products. Part of that is discussed below. There is a lot of current noise in the OpenSSL community about new encryption methods around the recent Intel vulnerabilities. Stay tuned for more on that subject.
SSH got a big overhaul at the end of year, with the publication of version OpenSSH 7.6p1, which has the latest patches. ITUGLIB also worked with our partners comForte and Nexbridge to upgrade to the latest NonStop SSH client (SPR ACK) which makes the client experience way better than it was ever before. ITUGLIB now uses NonStop SSH not only as its server but also as client to talk to our Open Source providers.
Finally, with work vacations comes great porting efforts. Git is now at 2.5.6 but that’s going to be outdated shortly. Git 2.8.5 and 2.13.5 ports are both in the pipeline and these have a lot of cool (and important) capabilities you should seriously investigate (hint: work trees). This is all in an effort to open our processes to contributions from the community.
The team is actively monitoring the security situation out there. You may have heard the term CVE (Common Vulnerabilities and Exposures) and the NIST Vulnerabilities Database (NVD). We are monitoring these and do our best to get patches as they become available. Some projects, like OpenSSL, are good at publishing timely patches that we can push through our Jenkins-based build/test/distribution system really fast. Others, like the rsync project move more slowly. One place you can monitor ITUGLIB updates at the Google group: comp.sys.tandem, where Randall has been posting notices when new versions become available.
Have a great 2018!
Randall Becker
ITUGLIB Engineering Team
Nexbridge Inc. | Richmond Hill | Ontario | Canada
www.nexbridge.com