Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl-1.1: update to 1.1.1zb+p2 #9670

Open
wants to merge 1 commit into
base: stable
Choose a base branch
from
Open

openssl-1.1: update to 1.1.1zb+p2 #9670

wants to merge 1 commit into from

Conversation

stdmnpkg
Copy link
Contributor

@stdmnpkg stdmnpkg commented Feb 13, 2025
edited by aosc-buildit-bot
Loading

Topic Description

  • openssl-1.1: update to 1.1.1zb+p2
    Switched to https://github.com/kzalewski/openssl-1.1.1 for security update backported from OpenSSL 3.
    OpenSSL no longer provide free security update to OpenSSL 1.1.1 after 1.1.1w.

Package(s) Affected

  • openssl-1.1: 1.1.1zb+p2

Security Update?

No

Build Order

#buildit openssl-1.1

Test Build(s) Done

Primary Architectures

  • AMD64 amd64
  • AArch64 arm64
  • LoongArch 64-bit loongarch64

Secondary Architectures

  • Loongson 3 loongson3
  • PowerPC 64-bit (Little Endian) ppc64el
  • RISC-V 64-bit riscv64

@stdmnpkg stdmnpkg added upgrade Topic/issue involves a package upgrade upstream-moved Upstream has moved to a new location labels Feb 13, 2025
@stdmnpkg
Copy link
Contributor Author

rationale of switch to this new upstream:

  1. some third party security fix is better than no security fix after all
  2. openEuler's fork was also considered, but it introduced some new feature, not a pure security fix
  3. this upstream is also used in slackware
  4. author also maintained other open source project for at least 10 years

@stdmnpkg stdmnpkg changed the title openssl: update to 1.1.1zb-p2 openssl-1.1: update to 1.1.1zb-p2 Feb 13, 2025
@stdmnpkg
openssl-1.1: update to 1.1.1zb+p2
ef5e3c2 
Switched to https://github.com/kzalewski/openssl-1.1.1 for security update backported from OpenSSL 3.
OpenSSL no longer provide free security update to OpenSSL 1.1.1 after 1.1.1w.
@stdmnpkg stdmnpkg changed the title openssl-1.1: update to 1.1.1zb-p2 openssl-1.1: update to 1.1.1zb+p2 Feb 13, 2025
@stdmnpkg stdmnpkg marked this pull request as ready for review February 13, 2025 05:05
@aosc-buildit-bot
Copy link
Contributor

Dickens-topic report:

openssl-1.1 upgraded from 1.1.1w to 1.1.1zb-p2~pre20250213T000007Z on amd64, arm64, loongarch64, loongson3, ppc64el, riscv64:

No changes, size +2.79 MB (+37.5%)

MingcongBai
MingcongBai requested changes Feb 14, 2025
View reviewed changes
runtime-cryptography/openssl-1.1/autobuild/build
@@ -40,7 +40,7 @@ fi
abinfo "Running Configure ..."
"$SRCDIR"/Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
shared zlib ${ARCH_OPTS}\
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS}"
"-Wa,--noexecstack -Wno-implicit-function-declaration ${CPPFLAGS} ${CFLAGS}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still quite suspect, I would recommend digging deeper.

runtime-cryptography/openssl-1.1/autobuild/patches/0001-patch-Configure-for-loongson3.patch
my $value;
$value = '-mips2' if ($target =~ /mips32/);
- $value = '-mips3' if ($target =~ /mips64/);
+ $value = '-mips64r2' if ($target =~ /mips64/);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make this architecturally conditional - our other mips64el port, loongson2f, is mips3.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, would this be something to do also for openssl (the main 3.x package)? cc @chenx97 @FlyGoat @rickliu2000

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MingcongBai MingcongBai MingcongBai requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
upgrade Topic/issue involves a package upgrade upstream-moved Upstream has moved to a new location
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stdmnpkg @aosc-buildit-bot @MingcongBai