* [bug#64991] [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages)
@ 2023-08-01 13:45 Denis 'GNUtoo' Carikli
2023-08-01 13:52 ` [bug#64991] [PATCH 1/1] gnu: openssl-1.1: Update to 1.1.1u [security fixes] Denis 'GNUtoo' Carikli
0 siblings, 1 reply; 3+ messages in thread
From: Denis 'GNUtoo' Carikli @ 2023-08-01 13:45 UTC (permalink / raw)
To: 64991; +Cc: Denis 'GNUtoo' Carikli
The patch that will follow updates OpenSSL 1.1 to the last version to fix the following CVEs:
* CVE-2023-0215 [1]
* CVE-2023-0286 [2]
* CVE-2023-0464 [3]
* CVE-2023-0465 [4]
* CVE-2023-0466 [5]
* CVE-2023-2650 [6]
* CVE-2022-4304 [7]
* CVE-2022-4450 [8]
[1]https://nvd.nist.gov/vuln/detail/CVE-2023-0215
[2]https://nvd.nist.gov/vuln/detail/CVE-2023-0286
[3]https://nvd.nist.gov/vuln/detail/CVE-2023-0464
[4]https://nvd.nist.gov/vuln/detail/CVE-2023-0465
[5]https://nvd.nist.gov/vuln/detail/CVE-2023-0466
[6]https://nvd.nist.gov/vuln/detail/CVE-2023-2650
[7]https://nvd.nist.gov/vuln/detail/CVE-2022-4304
[8]https://nvd.nist.gov/vuln/detail/CVE-2022-4450
While OpenSSL builds fine and that all its test pass on x86_64, it also has a
significant number of reverse dependencies (about 6850, so more than 300) that
need to be rebuilt.
Denis 'GNUtoo' Carikli (1):
gnu: openssl-1.1: Update to 1.1.1u [security fixes].
gnu/packages/tls.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
base-commit: 39fbc041f92489ec30075a85937c8a38723752dc
--
2.41.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#64991] [PATCH 1/1] gnu: openssl-1.1: Update to 1.1.1u [security fixes].
2023-08-01 13:45 [bug#64991] [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages) Denis 'GNUtoo' Carikli
@ 2023-08-01 13:52 ` Denis 'GNUtoo' Carikli
2023-09-28 10:08 ` bug#64991: [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages) Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Denis 'GNUtoo' Carikli @ 2023-08-01 13:52 UTC (permalink / raw)
To: 64991; +Cc: Denis 'GNUtoo' Carikli
Includes fixes for CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466, CVE-2023-2650, CVE-2022-4304, CVE-2022-4450.
* gnu/packages/tls.scm (openssl-1.1): Update to 1.1.1u.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
---
gnu/packages/tls.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f51c47db04..0c37d452c7 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -22,6 +22,7 @@
;;; Copyright © 2021 Matthew James Kraai <kraai@ftbfs.org>
;;; Copyright © 2021 John Kehayias <john.kehayias@protonmail.com>
;;; Copyright © 2022 Greg Hogan <code@greghogan.com>
+;;; Copyright © 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -425,7 +426,7 @@ (define (target->openssl-target target)
(define-public openssl-1.1
(package
(name "openssl")
- (version "1.1.1q")
+ (version "1.1.1u")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -438,7 +439,7 @@ (define-public openssl-1.1
(patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
- "1jhhzp4gh6ymidxm1ckjk948l583awp0w3y2nvqdz7022kk9r4yp"))))
+ "1ipbcdlqyxbj5lagasrq2p6gn0036wq6hqp7gdnd1v1ya95xiy72"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;6.8 MiB of man3 pages and full HTML documentation
--
2.41.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* bug#64991: [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages)
2023-08-01 13:52 ` [bug#64991] [PATCH 1/1] gnu: openssl-1.1: Update to 1.1.1u [security fixes] Denis 'GNUtoo' Carikli
@ 2023-09-28 10:08 ` Ludovic Courtès
0 siblings, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2023-09-28 10:08 UTC (permalink / raw)
To: Denis 'GNUtoo' Carikli
Cc: Tobias Geerinckx-Rice, Simon Tournier, paren, Christopher Baines,
Ricardo Wurmus, Raghav Gururajan, jgart, Mathieu Othacehe,
64991-done
Hi,
Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> skribis:
> Includes fixes for CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
> CVE-2023-0466, CVE-2023-2650, CVE-2022-4304, CVE-2022-4450.
>
> * gnu/packages/tls.scm (openssl-1.1): Update to 1.1.1u.
[...]
> (define-public openssl-1.1
> (package
> (name "openssl")
> - (version "1.1.1q")
> + (version "1.1.1u")
Finally applied but as a graft, in commit
51e1df07b1d21840551eb8dc15b4bfe5612e1bf9.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-28 10:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-01 13:45 [bug#64991] [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages) Denis 'GNUtoo' Carikli
2023-08-01 13:52 ` [bug#64991] [PATCH 1/1] gnu: openssl-1.1: Update to 1.1.1u [security fixes] Denis 'GNUtoo' Carikli
2023-09-28 10:08 ` bug#64991: [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages) Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).