From unknown Sun Jun 15 08:55:39 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages) Resent-From: Denis 'GNUtoo' Carikli Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Aug 2023 16:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 64997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64997@debbugs.gnu.org Cc: Denis 'GNUtoo' Carikli X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.169090753413738 (code B ref -1); Tue, 01 Aug 2023 16:33:02 +0000 Received: (at submit) by debbugs.gnu.org; 1 Aug 2023 16:32:14 +0000 Received: from localhost ([127.0.0.1]:48247 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qQsI9-0003ZW-RZ for submit@debbugs.gnu.org; Tue, 01 Aug 2023 12:32:14 -0400 Received: from lists.gnu.org ([2001:470:142::17]:51676) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qQsI7-0003ZH-6h for submit@debbugs.gnu.org; Tue, 01 Aug 2023 12:32:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qQsHz-0006cj-4b for guix-patches@gnu.org; Tue, 01 Aug 2023 12:32:03 -0400 Received: from cyberdimension.org ([2001:910:1314:ffff::1] helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1qQsHx-0002Al-1z for guix-patches@gnu.org; Tue, 01 Aug 2023 12:32:02 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id f8fa9888; Tue, 1 Aug 2023 16:31:53 +0000 (UTC) Received: from localhost.localdomain (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id d74242c4; Tue, 1 Aug 2023 16:31:53 +0000 (UTC) From: Denis 'GNUtoo' Carikli Date: Tue, 1 Aug 2023 17:36:22 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2001:910:1314:ffff::1; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) The patch that will follow updates OpenSSL 3.0 to the last version to fix the following CVEs: * CVE-2023-0464 [1] * CVE-2023-0465 [2] * CVE-2023-0466 [3] * CVE-2023-1255 [4] * CVE-2023-2650 [5] * CVE-2023-2975 [6] [1]https://nvd.nist.gov/vuln/detail/CVE-2023-0464 [2]https://nvd.nist.gov/vuln/detail/CVE-2023-0465 [3]https://nvd.nist.gov/vuln/detail/CVE-2023-0466 [4]https://nvd.nist.gov/vuln/detail/CVE-2023-1255 [5]https://nvd.nist.gov/vuln/detail/CVE-2023-2650 [6]https://nvd.nist.gov/vuln/detail/CVE-2023-2975 While OpenSSL builds fine and that all its test pass on x86_64, it also has a significant number of reverse dependencies (about 8680, so more than 300) that need to be rebuilt. Denis 'GNUtoo' Carikli (1): gnu: openssl: Update to 3.0.10 [security fixes]. gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) base-commit: 39fbc041f92489ec30075a85937c8a38723752dc -- 2.41.0 From unknown Sun Jun 15 08:55:39 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes]. Resent-From: Denis 'GNUtoo' Carikli Original-Sender: "Debbugs-submit" Resent-CC: , guix-patches@gnu.org Resent-Date: Tue, 01 Aug 2023 16:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64997@debbugs.gnu.org Cc: Denis 'GNUtoo' Carikli , ( , Christopher Baines , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Raghav Gururajan , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice , jgart X-Debbugs-Original-Xcc: ( , Christopher Baines , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Raghav Gururajan , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice , jgart Received: via spool by 64997-submit@debbugs.gnu.org id=B64997.169090782114189 (code B ref 64997); Tue, 01 Aug 2023 16:37:02 +0000 Received: (at 64997) by debbugs.gnu.org; 1 Aug 2023 16:37:01 +0000 Received: from localhost ([127.0.0.1]:48252 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qQsMm-0003gn-Kh for submit@debbugs.gnu.org; Tue, 01 Aug 2023 12:37:00 -0400 Received: from cyberdimension.org ([2001:910:1314:ffff::1]:49952 helo=gnutoo.cyberdimension.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qQsMj-0003ga-4G for 64997@debbugs.gnu.org; Tue, 01 Aug 2023 12:36:59 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id 1f2f2901; Tue, 1 Aug 2023 16:36:53 +0000 (UTC) Received: from localhost.localdomain (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 9629f9af; Tue, 1 Aug 2023 16:36:53 +0000 (UTC) From: Denis 'GNUtoo' Carikli Date: Tue, 1 Aug 2023 18:36:50 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Includes fixes for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975. * gnu/packages/tls.scm (openssl): Update to 3.0.10. Signed-off-by: Denis 'GNUtoo' Carikli --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index f51c47db04..62d9ce75ac 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -570,7 +570,7 @@ (define openssl/fixed (define-public openssl-3.0 (package (inherit openssl-1.1) - (version "3.0.8") + (version "3.0.10") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -583,7 +583,7 @@ (define-public openssl-3.0 (patches (search-patches "openssl-3.0-c-rehash-in.patch")) (sha256 (base32 - "0gjb7qjl2jnzs1liz3rrccrddxbk6q3lg8z27jn1xwzx72zx44vc")))) + "08rkx3f2qg8rsxhzwshg6z4ys37bgzhvim7knswjh41sn7sx8q8p")))) (arguments (substitute-keyword-arguments (package-arguments openssl-1.1) ((#:phases phases '%standard-phases) -- 2.41.0