| Message ID | 51ed081d23090d3e59065a2c5a0410c793b366e2.1675803562.git.leo@famulari.name |
|---|---|
| State | New |
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C83F916CA2; Tue, 7 Feb 2023 21:00:27 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8E80D169D0 for <patchwork@mira.cbaines.net>; Tue, 7 Feb 2023 21:00:24 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1pPV4S-0006yK-Qi; Tue, 07 Feb 2023 16:00:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pPV4P-0006xu-2g for guix-patches@gnu.org; Tue, 07 Feb 2023 16:00:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pPV4N-0000AU-5m for guix-patches@gnu.org; Tue, 07 Feb 2023 16:00:04 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pPV4N-0004qu-19 for guix-patches@gnu.org; Tue, 07 Feb 2023 16:00:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes]. Resent-From: Leo Famulari <leo@famulari.name> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 07 Feb 2023 21:00:02 +0000 Resent-Message-ID: <handler.61354.B.167580357618556@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 61354 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61354@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.167580357618556 (code B ref -1); Tue, 07 Feb 2023 21:00:02 +0000 Received: (at submit) by debbugs.gnu.org; 7 Feb 2023 20:59:36 +0000 Received: from localhost ([127.0.0.1]:54169 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1pPV3w-0004pE-En for submit@debbugs.gnu.org; Tue, 07 Feb 2023 15:59:36 -0500 Received: from lists.gnu.org ([209.51.188.17]:40414) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@famulari.name>) id 1pPV3u-0004p6-Iq for submit@debbugs.gnu.org; Tue, 07 Feb 2023 15:59:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1pPV3t-0006tb-TX for guix-patches@gnu.org; Tue, 07 Feb 2023 15:59:33 -0500 Received: from wnew4-smtp.messagingengine.com ([64.147.123.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1pPV3s-00005u-3l for guix-patches@gnu.org; Tue, 07 Feb 2023 15:59:33 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailnew.west.internal (Postfix) with ESMTP id D42122B069FE; Tue, 7 Feb 2023 15:59:30 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Tue, 07 Feb 2023 15:59:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-transfer-encoding:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=mesmtp; t=1675803570; x=1675810770; bh=bqr5CM2JY/h+2AKLYMBg1J NCrF1eC/nZgDMWHbC5Cj8=; b=Oq+EBPhyDp67tmAZDrYzf4BEgPThr87HjUHcEP iY1nx6wDS/HtvEgVL3qV9c0F7IdJEqJTM7pLGJ2yB9/brTYVAaJhQrtKtTysFWpX uW/xapqABGLrKpnEwdO4oBResLFNbc0X51QWvpzOQGjPNNCN8AgCtoorxpteXdDL KEVTk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1675803570; x=1675810770; bh=bqr5CM2JY/h+2AKLYMBg1JNCrF1eC/nZgDM WHbC5Cj8=; b=pbf6oF6Z/4NhA75RgswGSqaI3StBBY50ytqigf5eH584HkJnZTd BmP6okWus1qL/SNPCS/8VIWQ2QNYXr5Ug3eAka93MOg/16OTBOtTRZ2LwnCnvSxd 53clEWVlOD+sm8w7c47YIpjEfRxIOS8NgI4RrpqGOJcVPQCKq/p4EEt6TjCRA2RW hqeaaO4zlAOltWEDmm9yDvOZ6k99NeVb8XbBH4JxdnvPeiTX/8WcLPKWdOHMWPFX jJSuqxq+o8ufJkI2GEIg/EbbJFuffSCRrknpNUbbETClZIzITGvdEhaCK1qzjfl2 MRkqhCeeWruqD50RD8B5HVV01WXKczm2f3w== X-ME-Sender: <xms:srviY7b1fUSHN5M0Mg55ox9w6kgQ-GcZMMDrSBdV0jnrxUCzxcPAmA> <xme:srviY6Y-IfTpH7l4GpVdGvlQx18IGnrFkM8gQw5QZNrM2Tt0_EVtg3rLZa_kqjZuN Ec0RFcSNAt_Nh7dyg> X-ME-Received: <xmr:srviY98o2XwwXlTL7svBp5mJ2z89vHnazkQT-ikxfTjYEfqUdHLutotuynRs63sy2jWCcTHF7QCIuuq3APvu5xNrUF2G_gIDZccUmdLbdG_G6mStf9m-8l9S> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudegkedgudegudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertd ertddtnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghr ihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeffueehjedvjefhteejieeiudeuheethe dtveekteefgfffheefheefvdehgeefheenucffohhmrghinhepohhpvghnshhslhdrohhr ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg hosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: <xmx:srviYxotppeMrNaQqaKNLAN3NJhSbgs1wrR0NWsRrODy-CoDN4dJKg> <xmx:srviY2pUgjpd4BittanuAztPUEWYFgO8bX5bDpAAvIrqqTNqsueHug> <xmx:srviY3TJ8z-hJhORcyhH6LxFfLIt_Wbds914Q1-GGmSedJEPGxtToA> <xmx:srviY0Fg9LWs02CXRe6T0Fblsrc63A6i3QE8oYrnxNJka04wJTYLBXWNOv0> Feedback-ID: i819c4023:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for <guix-patches@gnu.org>; Tue, 7 Feb 2023 15:59:29 -0500 (EST) From: Leo Famulari <leo@famulari.name> Date: Tue, 7 Feb 2023 21:59:22 +0100 Message-Id: <51ed081d23090d3e59065a2c5a0410c793b366e2.1675803562.git.leo@famulari.name> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=64.147.123.18; envelope-from=leo@famulari.name; helo=wnew4-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
[bug#61354] gnu: OpenSSL: Update to 1.1.1t [security fixes].
|
|
Commit Message
Leo Famulari
Feb. 7, 2023, 8:59 p.m. UTC
Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450. https://www.openssl.org/news/secadv/20230207.txt * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t. --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Hi Leo, On mar., 07 févr. 2023 at 21:59, Leo Famulari <leo@famulari.name> wrote: > Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450. > > https://www.openssl.org/news/secadv/20230207.txt > > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t. Hm, core-updates change no? --8<---------------cut here---------------start------------->8--- $ guix refresh -l openssl@1.1.1l | cut -f1 -d':' Building the following 7996 packages would ensure 17719 dependent packages are rebuilt --8<---------------cut here---------------end--------------->8--- So, it requires some grafts. Cheers, simon
On Wed, Feb 08, 2023 at 03:19:10PM +0100, Simon Tournier wrote: > > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t. > > Hm, core-updates change no? > > --8<---------------cut here---------------start------------->8--- > $ guix refresh -l openssl@1.1.1l | cut -f1 -d':' > Building the following 7996 packages would ensure 17719 dependent packages are rebuilt > --8<---------------cut here---------------end--------------->8--- > > So, it requires some grafts. Thanks for taking a look! This patch updates the grafted replacement OPENSSL/FIXED, so it should be okay for master, assuming the replacement works well (i.e. assuming the ABI of the two packages is compatible). Does that make sense?
Re, On Wed, 8 Feb 2023 at 16:56, Leo Famulari <leo@famulari.name> wrote: > This patch updates the grafted replacement OPENSSL/FIXED, so it should > be okay for master, assuming the replacement works well (i.e. assuming > the ABI of the two packages is compatible). > > Does that make sense? Euh, yes for sure. Sorry, I have overlooked. :-) Let https://qa.guix.gnu.org/issue/61354 processes. Wait and see. Cheers, simon
On Wed, Feb 08, 2023 at 05:44:04PM +0100, Simon Tournier wrote:
> Let https://qa.guix.gnu.org/issue/61354 processes. Wait and see.
Is it normal to wait for two days for the QA results?
Hi Leo, On Thu, 9 Feb 2023 at 13:47, Leo Famulari <leo@famulari.name> wrote: > > Let https://qa.guix.gnu.org/issue/61354 processes. Wait and see. > > Is it normal to wait for two days for the QA results? It can be longer, from my experience. What is missing is the status of the queue as discussed at Guix Days. Well, among other things, Andreas initated a discussion [1] pointing that. 1: <https://yhetil.org/guix/Y81v4GkdTjo0TROp@jurong> Cheers, simon
Pushed as df163df8307ab91b14d67b074bac35464afa6bdb
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index bdac8a6e63..66c111cb56 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -618,7 +618,7 @@ (define openssl/fixed (package (inherit openssl-1.1) (name "openssl") - (version "1.1.1s") + (version "1.1.1t") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -631,7 +631,7 @@ (define openssl/fixed (patches (search-patches "openssl-1.1-c-rehash-in.patch")) (sha256 (base32 - "1amnwis6z2piqs022cpbcg828rql62yjnsqxnvdg0vzfc3kh3b65")))))) + "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld")))))) (define-public openssl-3.0 (package