From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 25 15:51:20 2023 Received: (at submit) by debbugs.gnu.org; 25 Sep 2023 19:51:20 +0000 Received: from localhost ([127.0.0.1]:46703 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qkrc0-0003gQ-FM for submit@debbugs.gnu.org; Mon, 25 Sep 2023 15:51:20 -0400 Received: from lists.gnu.org ([2001:470:142::17]:48424) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qkrbv-0003gA-UB for submit@debbugs.gnu.org; Mon, 25 Sep 2023 15:51:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qkrbd-0003lh-HL for guix-patches@gnu.org; Mon, 25 Sep 2023 15:50:57 -0400 Received: from mira.cbaines.net ([2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qkrba-0006Pr-E0 for guix-patches@gnu.org; Mon, 25 Sep 2023 15:50:56 -0400 Received: from localhost (unknown [79.173.170.234]) by mira.cbaines.net (Postfix) with ESMTPSA id 6AF0327BBE2 for ; Mon, 25 Sep 2023 20:50:51 +0100 (BST) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id fe138359 for ; Mon, 25 Sep 2023 19:50:50 +0000 (UTC) From: Christopher Baines To: guix-patches@gnu.org Subject: [PATCH] gnu: openssl-1.1: replace with 1.1.1w. Date: Mon, 25 Sep 2023 20:50:50 +0100 Message-ID: <75e1d6fde5411ddca822caf5a8683b4fe6d41bde.1695671450.git.mail@cbaines.net> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) From: Sevan Janiyan Address various CVEs. * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1w. (openssl-1.1)[replacement]: Use openssl/fixed --- gnu/packages/tls.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b669ac2e8d..6a26abd6c5 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -426,6 +426,7 @@ (define-public openssl-1.1 (package (name "openssl") (version "1.1.1q") + (replacement openssl/fixed) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -552,7 +553,7 @@ (define openssl/fixed (package (inherit openssl-1.1) (name "openssl") - (version "1.1.1t") + (version "1.1.1w") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -565,7 +566,7 @@ (define openssl/fixed (patches (search-patches "openssl-1.1-c-rehash-in.patch")) (sha256 (base32 - "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld")))))) + "1j3anw4554lk3m9cvjngvh1c2gbdkhgiz160jnnm7n5l1jarhc6g")))))) (define-public openssl-3.0 (package base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 24 10:57:30 2025 Received: (at 66197) by debbugs.gnu.org; 24 Apr 2025 14:57:30 +0000 Received: from localhost ([127.0.0.1]:40073 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u7y13-0003eJ-QG for submit@debbugs.gnu.org; Thu, 24 Apr 2025 10:57:30 -0400 Received: from mail-ot1-x329.google.com ([2607:f8b0:4864:20::329]:44076) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u7y11-0003dy-CH for 66197@debbugs.gnu.org; Thu, 24 Apr 2025 10:57:27 -0400 Received: by mail-ot1-x329.google.com with SMTP id 46e09a7af769-72c0b4a038fso791065a34.0 for <66197@debbugs.gnu.org>; Thu, 24 Apr 2025 07:57:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greghogan-com.20230601.gappssmtp.com; s=20230601; t=1745506641; x=1746111441; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MitA4y2vTEkGSq5ePANzsTmfrgwWjPzPc8d5OKB9BlY=; b=QcA+OtewyAD20inGtWZrTjHZshm6N/+Bq8cCTZMjrvFCSuZ4RVyc42Exl5Ek19ofne ufGuA0dS2j/PcAUZ5mTCiE9MajS4HbsICyVyheyEIjjwlw6DYhkOBN1xNLWqAfvCOw3n wQbFxEqLNcCOJKrhECW/rS/cY1a+JNbQSOI96O+vHNF9+atpdURe+TPrh8Q9NjOQTETV yjRQmALVYV6Ht9g1A1kjfNc7K3PiF52Y7f3NlR85XcmhEq7ApFW3ao4HtkJ1p5otljY5 nrZ5iSzg3BiAKIXQ38uATWFctTquYjR9L6LPPFsr9ExuQSxfc3DrkpM1AI9ArMhWE7ee HDTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745506641; x=1746111441; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MitA4y2vTEkGSq5ePANzsTmfrgwWjPzPc8d5OKB9BlY=; b=PcALKnqhM57zxLEFuaveEmtBGU4paKJPq/i+/YzdsNQ2B6HL+fJ4F1uyOX2OaQ4Nlm mL0mNGm9DWjOxDh2OdcH5v3roD6GOiiosta33n8wtXiuCmozS1hTlN+ZSb4jnuCl//VS 2HPx4qq2FUkKWiCor/pad8LFjdyTO4I56TFP9nuvqebKLDOILqHAjjUkbfqGTaow9NFx GtyHiU1pMfHDupE99Mus0Dp59sYqpSegGWLAldIDJvI+LtxKM+BPKoza8LVfN9pTWHPY iL3kkUvWqbC8eKMw98fWRjaEI03H5DHo3Do5v7t0zxu3qjKi5iDb/ugMrkaFON8Oiehj KOzQ== X-Gm-Message-State: AOJu0YwlfEi5NjuURBmAKkwKT0U9kpgYlONgWA0/bSY2JDK1ZMfYB2pw NkhRi4Chi+bJmWHnjrSRXwKOboIoCzsYJauAxDiBzpyy2Jkwg3AbMH91P59/AS9Mym0HNQ/HpfB Fo0AN5W5NBqU0L7qt9NXFTxWaIRcTdOI6l3hhgl/B/k+92WcFL5ZT9w== X-Gm-Gg: ASbGncvzj4S7tS9wB9w0PGOGe9mfRaJ4S4P8Sw4AsecI/g1m2s7oCNPjkRvC02PbbaR UZRlD13xTlXQYBHjGSi4MJ7Ui6GrtjoEjUnYugUzP+eALcCMCneA2OxkzpnbSVx4G/GVm3iGken VIjw0F2+unHuuZBxCRoYYpBQ== X-Google-Smtp-Source: AGHT+IHbDv3NMXSUhV7nqkOvm4e8rGw+hbY7BEPvt0zEBH52QivYbnp6bQFDqqCaFirc9I8tv37qF7DPV7xqvDs+Nuk= X-Received: by 2002:a05:6830:3917:b0:72b:8aec:fbd4 with SMTP id 46e09a7af769-7304da49807mr2188865a34.3.1745506641494; Thu, 24 Apr 2025 07:57:21 -0700 (PDT) MIME-Version: 1.0 References: <75e1d6fde5411ddca822caf5a8683b4fe6d41bde.1695671450.git.mail@cbaines.net> In-Reply-To: <75e1d6fde5411ddca822caf5a8683b4fe6d41bde.1695671450.git.mail@cbaines.net> From: Greg Hogan Date: Thu, 24 Apr 2025 10:57:10 -0400 X-Gm-Features: ATxdqUGIZVfwQtPxAMANdsgbmdGo30Mb5Gr7pjJszu4atsPj67tzSQAV7YNnGhA Message-ID: Subject: Re: [bug#66197] [PATCH] gnu: openssl-1.1: replace with 1.1.1w. To: Christopher Baines , Andreas Enge , janneke@gnu.org, =?UTF-8?Q?Ludovic_Court=C3=A8s?= , Zheng Junjie Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66197 Cc: 66197@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Mon, Sep 25, 2023 at 3:52=E2=80=AFPM Christopher Baines wrote: > > From: Sevan Janiyan > > Address various CVEs. > > * gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1w. > (openssl-1.1)[replacement]: Use openssl/fixed > --- > gnu/packages/tls.scm | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm > index b669ac2e8d..6a26abd6c5 100644 > --- a/gnu/packages/tls.scm > +++ b/gnu/packages/tls.scm > @@ -426,6 +426,7 @@ (define-public openssl-1.1 > (package > (name "openssl") > (version "1.1.1q") > + (replacement openssl/fixed) > (source (origin > (method url-fetch) > (uri (list (string-append "https://www.openssl.org/source/= openssl-" > @@ -552,7 +553,7 @@ (define openssl/fixed > (package > (inherit openssl-1.1) > (name "openssl") > - (version "1.1.1t") > + (version "1.1.1w") > (source (origin > (method url-fetch) > (uri (list (string-append "https://www.openssl.org/source/= openssl-" > @@ -565,7 +566,7 @@ (define openssl/fixed > (patches (search-patches "openssl-1.1-c-rehash-in.patch")) > (sha256 > (base32 > - "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld"))= )))) > + "1j3anw4554lk3m9cvjngvh1c2gbdkhgiz160jnnm7n5l1jarhc6g"))= )))) > > (define-public openssl-3.0 > (package > > base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac > -- > 2.41.0 Core packages team, Your branch has updated openssl to 3.4.0. There is now a 3.4.1 security rel= ease: https://github.com/openssl/openssl/releases/tag/openssl-3.4.1 Also, can this patch for openssl 1.1.1w be applied? Greg From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 24 17:39:33 2025 Received: (at 66197) by debbugs.gnu.org; 24 Apr 2025 21:39:33 +0000 Received: from localhost ([127.0.0.1]:42170 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u84I9-0006ys-8E for submit@debbugs.gnu.org; Thu, 24 Apr 2025 17:39:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44796) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u84I7-0006yM-SH for 66197@debbugs.gnu.org; Thu, 24 Apr 2025 17:39:32 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u84I2-0004ND-6K; Thu, 24 Apr 2025 17:39:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=xz3UJ8JQ45DFSfWi4AzgvGyo6DC+/L635riaeKcBmnk=; b=VgL5PcynrOBFh8v+wRJD R3FO1rk64x0aYroMeA82kBaOahZWI6JJrkYrKYAlA0+ID+HGfC15UhBeLDOg0VMyk7nYQc+lWu4ft gpUDcEXKIoYHOG8C9fPyRSBzjdguBxmwHD+a7sJ6B2gxe11fYJZLbaSl0fR28v91QFmQyAQcZzhq9 /qnp5/S2O60WFddY1ezpaz66OKixzs3N0uJawLomT66+Qy8iFeqfaCjHicXhICam53/R/K0f5tmGs UfaeQhSjNz9icZzoqRrv9WgUKEoBLvt+kECW5FwQfoLlCigK0eo8JRg5+BiZsn6G5cMLPPbQi8bYK lpsWX8EXjYfnMw==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Greg Hogan Subject: Re: [bug#66197] [PATCH] gnu: openssl-1.1: replace with 1.1.1w. In-Reply-To: (Greg Hogan's message of "Thu, 24 Apr 2025 10:57:10 -0400") References: <75e1d6fde5411ddca822caf5a8683b4fe6d41bde.1695671450.git.mail@cbaines.net> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Quintidi 5 =?utf-8?Q?Flor=C3=A9al?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour du Rossignol Date: Thu, 24 Apr 2025 22:32:38 +0200 Message-ID: <871pthjo61.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66197 Cc: Zheng Junjie , Andreas Enge , Christopher Baines , 66197@debbugs.gnu.org, janneke@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Greg Hogan writes: > Core packages team, > > Your branch has updated openssl to 3.4.0. There is now a 3.4.1 security r= elease: > https://github.com/openssl/openssl/releases/tag/openssl-3.4.1 > > Also, can this patch for openssl 1.1.1w be applied? Yes, to both. Though really, I think OpenSSL, GnuTLS, etc. are outside the scope of =E2=80=98core-packages-team=E2=80=99 and should be treated separately. Ludo=E2=80=99.