From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: OpenSSL 1.1.0c security update required Date: Sat, 12 Nov 2016 12:21:44 +0100 Message-ID: <87zil5ndtj.fsf@gnu.org> References: <20161111014018.GA19957@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42921) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c5WNZ-00041B-VJ for guix-devel@gnu.org; Sat, 12 Nov 2016 06:21:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c5WNW-000110-R7 for guix-devel@gnu.org; Sat, 12 Nov 2016 06:21:49 -0500 In-Reply-To: <20161111014018.GA19957@jasmine> (Leo Famulari's message of "Thu, 10 Nov 2016 20:40:18 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > OpenSSL 1.1.0c was released today. It fixes CVE-2016-{7053,7054,7055}: > > https://www.openssl.org/news/secadv/20161110.txt > > This version of OpenSSL is *not* currently used by any packages, so it's > not a critical "drop everything and get to work" update, in my opinion. I agreed, good for us. ;-) > They changed how library runpaths are recorded at build time, and so our > packaging no longer works: > > https://github.com/openssl/openssl/pull/1699 I would expect ld-wrapper to do the right thing regardless of what OpenSSL=E2=80=99s build system does, no? Thanks, Ludo=E2=80=99.