Message ID | cover.1690845769.git.GNUtoo@cyberdimension.org |
---|---|
Headers | show |
Series | Fix LibreSSL CVE-2023-35784 (Score: 9.8 critical) | expand |
Hello Denis, thanks for the patch! This was fixed in commit commit 310b0f72d8749376832fa1f149837a83d8e74629 Author: Tobias Geerinckx-Rice <me@tobias.gr> Date: Sun Aug 13 02:00:00 2023 +0200 gnu: libressl: Update to 3.7.3 [fixes CVE-2023-35784]. Thanks to Dennis 'GNUtoo' Carikli for <https://issues.guix.gnu.org/64982>, but upgrading to 3.8.0 breaks (at least) OpenSMTPd. * gnu/packages/tls.scm (libressl): Update to 3.7.3. Indeed QA shows that opensmtpd fails: https://qa.guix.gnu.org/issue/64982 https://bordeaux.guix.gnu.org/build/16cbfca4-a0a3-4374-9ae4-6c1dad67494b/log I am closing this bug, as updating libressl to the most recent version is a different topic. Actually the 3.8.0 and 3.8.1 releases are called "development releases" in the release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.8.0-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.8.1-relnotes.txt while 3.7.3 does not have the "development" term: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt so we may be better off sticking with 3.7.x for the moment. Andreas