Message ID | 51ed081d23090d3e59065a2c5a0410c793b366e2.1675803562.git.leo@famulari.name |
---|---|
State | New |
Headers | show |
Series | [bug#61354] gnu: OpenSSL: Update to 1.1.1t [security fixes]. | expand |
Hi Leo, On mar., 07 févr. 2023 at 21:59, Leo Famulari <leo@famulari.name> wrote: > Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450. > > https://www.openssl.org/news/secadv/20230207.txt > > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t. Hm, core-updates change no? --8<---------------cut here---------------start------------->8--- $ guix refresh -l openssl@1.1.1l | cut -f1 -d':' Building the following 7996 packages would ensure 17719 dependent packages are rebuilt --8<---------------cut here---------------end--------------->8--- So, it requires some grafts. Cheers, simon
On Wed, Feb 08, 2023 at 03:19:10PM +0100, Simon Tournier wrote: > > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t. > > Hm, core-updates change no? > > --8<---------------cut here---------------start------------->8--- > $ guix refresh -l openssl@1.1.1l | cut -f1 -d':' > Building the following 7996 packages would ensure 17719 dependent packages are rebuilt > --8<---------------cut here---------------end--------------->8--- > > So, it requires some grafts. Thanks for taking a look! This patch updates the grafted replacement OPENSSL/FIXED, so it should be okay for master, assuming the replacement works well (i.e. assuming the ABI of the two packages is compatible). Does that make sense?
Re, On Wed, 8 Feb 2023 at 16:56, Leo Famulari <leo@famulari.name> wrote: > This patch updates the grafted replacement OPENSSL/FIXED, so it should > be okay for master, assuming the replacement works well (i.e. assuming > the ABI of the two packages is compatible). > > Does that make sense? Euh, yes for sure. Sorry, I have overlooked. :-) Let https://qa.guix.gnu.org/issue/61354 processes. Wait and see. Cheers, simon
On Wed, Feb 08, 2023 at 05:44:04PM +0100, Simon Tournier wrote:
> Let https://qa.guix.gnu.org/issue/61354 processes. Wait and see.
Is it normal to wait for two days for the QA results?
Hi Leo, On Thu, 9 Feb 2023 at 13:47, Leo Famulari <leo@famulari.name> wrote: > > Let https://qa.guix.gnu.org/issue/61354 processes. Wait and see. > > Is it normal to wait for two days for the QA results? It can be longer, from my experience. What is missing is the status of the queue as discussed at Guix Days. Well, among other things, Andreas initated a discussion [1] pointing that. 1: <https://yhetil.org/guix/Y81v4GkdTjo0TROp@jurong> Cheers, simon
Pushed as df163df8307ab91b14d67b074bac35464afa6bdb
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index bdac8a6e63..66c111cb56 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -618,7 +618,7 @@ (define openssl/fixed (package (inherit openssl-1.1) (name "openssl") - (version "1.1.1s") + (version "1.1.1t") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -631,7 +631,7 @@ (define openssl/fixed (patches (search-patches "openssl-1.1-c-rehash-in.patch")) (sha256 (base32 - "1amnwis6z2piqs022cpbcg828rql62yjnsqxnvdg0vzfc3kh3b65")))))) + "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld")))))) (define-public openssl-3.0 (package