GNU bug report logs - #61354
[PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 7 Feb 2023 21:00:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 61354 in the body.
You can then email your comments to 61354 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#61354; Package guix-patches. (Tue, 07 Feb 2023 21:00:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Tue, 07 Feb 2023 21:00:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
Date: Tue,  7 Feb 2023 21:59:22 +0100

Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450.

https://www.openssl.org/news/secadv/20230207.txt

* gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t.
---
 gnu/packages/tls.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdac8a6e63..66c111cb56 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -618,7 +618,7 @@ (define openssl/fixed
   (package
     (inherit openssl-1.1)
     (name "openssl")
-    (version "1.1.1s")
+    (version "1.1.1t")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -631,7 +631,7 @@ (define openssl/fixed
               (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
               (sha256
                (base32
-                "1amnwis6z2piqs022cpbcg828rql62yjnsqxnvdg0vzfc3kh3b65"))))))
+                "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld"))))))
 
 (define-public openssl-3.0
   (package
-- 
2.38.1
Information forwarded to guix-patches <at> gnu.org:
bug#61354; Package guix-patches. (Wed, 08 Feb 2023 14:46:03 GMT) Full text and rfc822 format available.

Message #8 received at 61354 <at> debbugs.gnu.org (full text, mbox):

From: Simon Tournier <zimon.toutoune <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>, 61354 <at> debbugs.gnu.org
Subject: Re: [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security
 fixes].
Date: Wed, 08 Feb 2023 15:19:10 +0100

Hi Leo,

On mar., 07 févr. 2023 at 21:59, Leo Famulari <leo <at> famulari.name> wrote:
> Fixes CVE-2023-0215, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450.
>
> https://www.openssl.org/news/secadv/20230207.txt
>
> * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t.

Hm, core-updates change no?

--8<---------------cut here---------------start------------->8---
$ guix refresh -l openssl <at> 1.1.1l | cut -f1 -d':'
Building the following 7996 packages would ensure 17719 dependent packages are rebuilt
--8<---------------cut here---------------end--------------->8---

So, it requires some grafts.

Cheers,
simon
Information forwarded to guix-patches <at> gnu.org:
bug#61354; Package guix-patches. (Wed, 08 Feb 2023 15:57:02 GMT) Full text and rfc822 format available.

Message #11 received at 61354 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Simon Tournier <zimon.toutoune <at> gmail.com>
Cc: 61354 <at> debbugs.gnu.org
Subject: Re: [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security
 fixes].
Date: Wed, 8 Feb 2023 16:56:22 +0100

On Wed, Feb 08, 2023 at 03:19:10PM +0100, Simon Tournier wrote:
> > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1t.
> 
> Hm, core-updates change no?
> 
> --8<---------------cut here---------------start------------->8---
> $ guix refresh -l openssl <at> 1.1.1l | cut -f1 -d':'
> Building the following 7996 packages would ensure 17719 dependent packages are rebuilt
> --8<---------------cut here---------------end--------------->8---
> 
> So, it requires some grafts.

Thanks for taking a look!

This patch updates the grafted replacement OPENSSL/FIXED, so it should
be okay for master, assuming the replacement works well (i.e. assuming
the ABI of the two packages is compatible).

Does that make sense?
Information forwarded to guix-patches <at> gnu.org:
bug#61354; Package guix-patches. (Wed, 08 Feb 2023 16:45:01 GMT) Full text and rfc822 format available.

Message #14 received at 61354 <at> debbugs.gnu.org (full text, mbox):

From: Simon Tournier <zimon.toutoune <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 61354 <at> debbugs.gnu.org
Subject: Re: [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security
 fixes].
Date: Wed, 8 Feb 2023 17:44:04 +0100

Re,

On Wed, 8 Feb 2023 at 16:56, Leo Famulari <leo <at> famulari.name> wrote:

> This patch updates the grafted replacement OPENSSL/FIXED, so it should
> be okay for master, assuming the replacement works well (i.e. assuming
> the ABI of the two packages is compatible).
>
> Does that make sense?

Euh, yes for sure.  Sorry, I have overlooked. :-)

Let https://qa.guix.gnu.org/issue/61354 processes.  Wait and see.


Cheers,
simon
Information forwarded to guix-patches <at> gnu.org:
bug#61354; Package guix-patches. (Thu, 09 Feb 2023 12:48:02 GMT) Full text and rfc822 format available.

Message #17 received at 61354 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Simon Tournier <zimon.toutoune <at> gmail.com>
Cc: 61354 <at> debbugs.gnu.org
Subject: Re: [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security
 fixes].
Date: Thu, 9 Feb 2023 13:46:49 +0100

On Wed, Feb 08, 2023 at 05:44:04PM +0100, Simon Tournier wrote:
> Let https://qa.guix.gnu.org/issue/61354 processes.  Wait and see.

Is it normal to wait for two days for the QA results?
Information forwarded to guix-patches <at> gnu.org:
bug#61354; Package guix-patches. (Thu, 09 Feb 2023 12:58:02 GMT) Full text and rfc822 format available.

Message #20 received at 61354 <at> debbugs.gnu.org (full text, mbox):

From: Simon Tournier <zimon.toutoune <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 61354 <at> debbugs.gnu.org
Subject: Re: [bug#61354] [PATCH] gnu: OpenSSL: Update to 1.1.1t [security
 fixes].
Date: Thu, 9 Feb 2023 13:57:07 +0100

Hi Leo,

On Thu, 9 Feb 2023 at 13:47, Leo Famulari <leo <at> famulari.name> wrote:

> > Let https://qa.guix.gnu.org/issue/61354 processes.  Wait and see.
>
> Is it normal to wait for two days for the QA results?

It can be longer, from my experience.  What is missing is the status
of the queue as discussed at Guix Days.

Well, among other things, Andreas initated a discussion [1] pointing that.

1: <https://yhetil.org/guix/Y81v4GkdTjo0TROp <at> jurong>

Cheers,
simon
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Sat, 11 Feb 2023 22:15:01 GMT) Full text and rfc822 format available.
Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Sat, 11 Feb 2023 22:15:01 GMT) Full text and rfc822 format available.

Message #25 received at 61354-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 61354-done <at> debbugs.gnu.org
Subject: Re: [PATCH] gnu: OpenSSL: Update to 1.1.1t [security fixes].
Date: Sat, 11 Feb 2023 23:14:10 +0100

Pushed as df163df8307ab91b14d67b074bac35464afa6bdb
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 12 Mar 2023 11:24:14 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 39 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.