-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl: 3.0.5 -> 3.0.7 #198999
openssl: 3.0.5 -> 3.0.7 #198999
Conversation
de1cc90
to
e846914
Compare
Nothing we need to solve before merging, as our BSD support is close to none, but the patch previously didn't drop the BSD parts and now it does. (doesn't seem intentional) |
I reused the patch from the 3.0.6 bump and forgot to credit ajs124. The |
Fixes: CVE-2022-3786, CVE-2022-3602 Co-Authored-By: Andreas Schrägle <git@ajs124.de>
e846914
to
eeca596
Compare
@ofborg build openssl |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/openssl-3-0-7-update-2022-11-01-faq/22875/4 |
Successfully created backport PR #199001 for |
The patch updated here is also used by |
The patch situation was worse than I anticipated. It broke build on |
The OpenSSL 3.0.7 release fixes a high severity security vulnerability in OpenSSL versions >= 3.0.0 <= 3.0.6. Nixpkgs switched to this version in [Nixpkgs PR#198999][1] and the nixos-unstable channel was recently [2] updated. This commit updates the `nixpkgs` input to the latest nixos-unstable commit. Flake update details: ``` • Updated input 'flake-utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/285e77efe87df64105ec14b204de6636fb0a7a27' (2022-10-11) → 'github:NixOS/nixpkgs/a2a777538d971c6b01c6e54af89ddd6567c055e8' (2022-11-03) ``` See also: * [OpenSSL security advisory][0] * [Nixpkgs PR #198999 ("openssl: 3.0.5 -> 3.0.7") progress][2] * [NixOS Discourse - OpenSSL 3.0.7 update (2022-11-01) FAQ][3] * [CVE-2022-3602][4] [0]: https://www.openssl.org/news/secadv/20221101.txt [1]: NixOS/nixpkgs#198999 [2]: https://nixpk.gs/pr-tracker.html?pr=198999 [3]: https://discourse.nixos.org/t/openssl-3-0-7-update-2022-11-01-faq/22875 [4]: https://nvd.nist.gov/vuln/detail/CVE-2022-3602
The OpenSSL 3.0.7 release fixes a high severity security vulnerability in OpenSSL versions >= 3.0.0 <= 3.0.6. Nixpkgs switched to this version in [Nixpkgs PR#198999][1] and the nixos-unstable channel was recently [2] updated. This commit updates the `nixpkgs` input to the latest nixos-unstable commit. Flake update details: ``` • Updated input 'flake-utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/285e77efe87df64105ec14b204de6636fb0a7a27' (2022-10-11) → 'github:NixOS/nixpkgs/a2a777538d971c6b01c6e54af89ddd6567c055e8' (2022-11-03) ``` See also: * [OpenSSL security advisory][0] * [Nixpkgs PR #198999 ("openssl: 3.0.5 -> 3.0.7") progress][2] * [NixOS Discourse - OpenSSL 3.0.7 update (2022-11-01) FAQ][3] * [CVE-2022-3602][4] [0]: https://www.openssl.org/news/secadv/20221101.txt [1]: NixOS/nixpkgs#198999 [2]: https://nixpk.gs/pr-tracker.html?pr=198999 [3]: https://discourse.nixos.org/t/openssl-3-0-7-update-2022-11-01-faq/22875 [4]: https://nvd.nist.gov/vuln/detail/CVE-2022-3602
Description of changes
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes