New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl{,1_1_0} update (1.0.2o, 1.1.0h) #37931
Conversation
Announcement can be found at [1]. [1] https://www.openssl.org/news/secadv/20180327.txt
Also fixes CVE-2018-0733 but we do not support HP-UX to my knowledge :-) Announcement at [1]. [1] https://www.openssl.org/news/secadv/20180327.txt
Success on x86_64-linux (full log) Attempted: openssl, openssl_1_1_0 Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: openssl, openssl_1_1_0 Partial log (click to expand)
|
Failure on x86_64-darwin (full log) Attempted: openssl, openssl_1_1_0 Partial log (click to expand)
|
@shlevy I'd love to have that as habit within our security patches process but we haven't done that in ~8 months. There were only three announcements so far (https://github.com/NixOS/security-advisories/tree/master/2017). Unless I am missing something. Given the relative low severity of the issues addressed within this MR I doubt this is a good candidate to restart that process. On the other hand we must start somewhere :-) Ideally, if we decide to have announcements again, we should put the required information into the PR or (even better IMO) into the commit messages. Some tooling to pre-fill such an announcement would be nice. We should include commit hashes and some information about that status in the relevant release channel (if available yet). The announcement then would be a (concatenated) list of commit message +/- some header & footer. We should probably have some common sense (not strictly a policy in some kind of RFC…) about which branches warrant security announcements. Most distributions stick to stable releases. Announcing everything that has been fixed on master might come across as spam. My reply is becoming off-topic in here… Feel free to hit me on IRC ( |
Motivation for this change
Updating openssl to the latest (known secure) version.
See https://www.openssl.org/news/secadv/20180327.txt.
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)