[PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages)

Open

Details

One participant

Denis 'GNUtoo' Carikli

Owner: unassigned

Submitted by: Denis 'GNUtoo' Carikli

Severity: normal

Denis 'GNUtoo' Carikli wrote on 1 Aug 2023 17:36

Recipients:(address . guix-patches@gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:cover.1690903854.git.GNUtoo@cyberdimension.org

The patch that will follow updates OpenSSL 3.0 to the last version to fix the

following CVEs:

* CVE-2023-0464 [1]

* CVE-2023-0465 [2]

* CVE-2023-0466 [3]

* CVE-2023-1255 [4]

* CVE-2023-2650 [5]

* CVE-2023-2975 [6]

[1]https://nvd.nist.gov/vuln/detail/CVE-2023-0464

[2]https://nvd.nist.gov/vuln/detail/CVE-2023-0465

[3]https://nvd.nist.gov/vuln/detail/CVE-2023-0466

[4]https://nvd.nist.gov/vuln/detail/CVE-2023-1255

[5]https://nvd.nist.gov/vuln/detail/CVE-2023-2650

[6]https://nvd.nist.gov/vuln/detail/CVE-2023-2975

While OpenSSL builds fine and that all its test pass on x86_64, it also has a

significant number of reverse dependencies (about 8680, so more than 300) that

need to be rebuilt.

Denis 'GNUtoo' Carikli (1):

gnu: openssl: Update to 3.0.10 [security fixes].

gnu/packages/tls.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

base-commit: 39fbc041f92489ec30075a85937c8a38723752dc

2.41.0

Denis 'GNUtoo' Carikli wrote on 1 Aug 2023 18:36

[PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes].

Recipients:(address . 64997@debbugs.gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:a64f840a98dc83d72e7b30a1282618b0676ecad6.1690903854.git.GNUtoo@cyberdimension.org

Includes fixes for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255,

CVE-2023-2650, CVE-2023-2975.

* gnu/packages/tls.scm (openssl): Update to 3.0.10.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

---

gnu/packages/tls.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f51c47db04..62d9ce75ac 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -570,7 +570,7 @@ (define openssl/fixed
 (define-public openssl-3.0
   (package
     (inherit openssl-1.1)
-    (version "3.0.8")
+    (version "3.0.10")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -583,7 +583,7 @@ (define-public openssl-3.0
               (patches (search-patches "openssl-3.0-c-rehash-in.patch"))
               (sha256
                (base32
-                "0gjb7qjl2jnzs1liz3rrccrddxbk6q3lg8z27jn1xwzx72zx44vc"))))
+                "08rkx3f2qg8rsxhzwshg6z4ys37bgzhvim7knswjh41sn7sx8q8p"))))
     (arguments
      (substitute-keyword-arguments (package-arguments openssl-1.1)
        ((#:phases phases '%standard-phases)
-- 
2.41.0

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 64997@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 64997

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date