[bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
@ 2023-02-07 20:59 Leo Famulari
  2023-02-08 14:19 ` Simon Tournier
  2023-02-11 22:14 ` bug#61354: " Leo Famulari
  0 siblings, 2 replies; 7+ messages in thread
From: Leo Famulari @ 2023-02-07 20:59 UTC (permalink / raw)
  To: 61354

Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450.

https://www.openssl.org/news/secadv/20230207.txt

* gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t.
---
 gnu/packages/tls.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdac8a6e63..66c111cb56 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -618,7 +618,7 @@ (define openssl/fixed
   (package
     (inherit openssl-1.1)
     (name "openssl")
-    (version "1.1.1s")
+    (version "1.1.1t")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -631,7 +631,7 @@ (define openssl/fixed
               (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
               (sha256
                (base32
-                "1amnwis6z2piqs022cpbcg828rql62yjnsqxnvdg0vzfc3kh3b65"))))))
+                "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld"))))))
 
 (define-public openssl-3.0
   (package
-- 
2.38.1





^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
  2023-02-07 20:59 [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes] Leo Famulari
@ 2023-02-08 14:19 ` Simon Tournier
  2023-02-08 15:56   ` Leo Famulari
  2023-02-11 22:14 ` bug#61354: " Leo Famulari
  1 sibling, 1 reply; 7+ messages in thread
From: Simon Tournier @ 2023-02-08 14:19 UTC (permalink / raw)
  To: Leo Famulari, 61354

Hi Leo,

On mar., 07 févr. 2023 at 21:59, Leo Famulari <leo@famulari.name> wrote:
> Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450.
>
> https://www.openssl.org/news/secadv/20230207.txt
>
> * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t.

Hm, core-updates change no?

--8<---------------cut here---------------start------------->8---
$ guix refresh -l openssl@1.1.1l | cut -f1 -d':'
Building the following 7996 packages would ensure 17719 dependent packages are rebuilt
--8<---------------cut here---------------end--------------->8---

So, it requires some grafts.

Cheers,
simon




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
  2023-02-08 14:19 ` Simon Tournier
@ 2023-02-08 15:56   ` Leo Famulari
  2023-02-08 16:44     ` Simon Tournier
  0 siblings, 1 reply; 7+ messages in thread
From: Leo Famulari @ 2023-02-08 15:56 UTC (permalink / raw)
  To: Simon Tournier; +Cc: 61354

On Wed, Feb 08, 2023 at 03:19:10PM +0100, Simon Tournier wrote:
> > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t.
> 
> Hm, core-updates change no?
> 
> --8<---------------cut here---------------start------------->8---
> $ guix refresh -l openssl@1.1.1l | cut -f1 -d':'
> Building the following 7996 packages would ensure 17719 dependent packages are rebuilt
> --8<---------------cut here---------------end--------------->8---
> 
> So, it requires some grafts.

Thanks for taking a look!

This patch updates the grafted replacement OPENSSL/FIXED, so it should
be okay for master, assuming the replacement works well (i.e. assuming
the ABI of the two packages is compatible).

Does that make sense?




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
  2023-02-08 15:56   ` Leo Famulari
@ 2023-02-08 16:44     ` Simon Tournier
  2023-02-09 12:46       ` Leo Famulari
  0 siblings, 1 reply; 7+ messages in thread
From: Simon Tournier @ 2023-02-08 16:44 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 61354

Re,

On Wed, 8 Feb 2023 at 16:56, Leo Famulari <leo@famulari.name> wrote:

> This patch updates the grafted replacement OPENSSL/FIXED, so it should
> be okay for master, assuming the replacement works well (i.e. assuming
> the ABI of the two packages is compatible).
>
> Does that make sense?

Euh, yes for sure.  Sorry, I have overlooked. :-)

Let https://qa.guix.gnu.org/issue/61354 processes.  Wait and see.


Cheers,
simon




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
  2023-02-08 16:44     ` Simon Tournier
@ 2023-02-09 12:46       ` Leo Famulari
  2023-02-09 12:57         ` Simon Tournier
  0 siblings, 1 reply; 7+ messages in thread
From: Leo Famulari @ 2023-02-09 12:46 UTC (permalink / raw)
  To: Simon Tournier; +Cc: 61354

On Wed, Feb 08, 2023 at 05:44:04PM +0100, Simon Tournier wrote:
> Let https://qa.guix.gnu.org/issue/61354 processes.  Wait and see.

Is it normal to wait for two days for the QA results?




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
  2023-02-09 12:46       ` Leo Famulari
@ 2023-02-09 12:57         ` Simon Tournier
  0 siblings, 0 replies; 7+ messages in thread
From: Simon Tournier @ 2023-02-09 12:57 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 61354

Hi Leo,

On Thu, 9 Feb 2023 at 13:47, Leo Famulari <leo@famulari.name> wrote:

> > Let https://qa.guix.gnu.org/issue/61354 processes.  Wait and see.
>
> Is it normal to wait for two days for the QA results?

It can be longer, from my experience.  What is missing is the status
of the queue as discussed at Guix Days.

Well, among other things, Andreas initated a discussion [1] pointing that.

1: <https://yhetil.org/guix/Y81v4GkdTjo0TROp@jurong>

Cheers,
simon

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#61354: [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
  2023-02-07 20:59 [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes] Leo Famulari
  2023-02-08 14:19 ` Simon Tournier
@ 2023-02-11 22:14 ` Leo Famulari
  1 sibling, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2023-02-11 22:14 UTC (permalink / raw)
  To: 61354-done

Pushed as df163df8307ab91b14d67b074bac35464afa6bdb




^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-02-11 22:15 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-07 20:59 [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes] Leo Famulari
2023-02-08 14:19 ` Simon Tournier
2023-02-08 15:56   ` Leo Famulari
2023-02-08 16:44     ` Simon Tournier
2023-02-09 12:46       ` Leo Famulari
2023-02-09 12:57         ` Simon Tournier
2023-02-11 22:14 ` bug#61354: " Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).