Re: OpenSSL 1.1.0c security update required

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSL 1.1.0c security update required

From:	Ludovic Courtès
Subject:	Re: OpenSSL 1.1.0c security update required
Date:	Sat, 12 Nov 2016 12:21:44 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> OpenSSL 1.1.0c was released today. It fixes CVE-2016-{7053,7054,7055}:
>
> https://www.openssl.org/news/secadv/20161110.txt
>
> This version of OpenSSL is *not* currently used by any packages, so it's
> not a critical "drop everything and get to work" update, in my opinion.

I agreed, good for us.  ;-)

> They changed how library runpaths are recorded at build time, and so our
> packaging no longer works:
>
> https://github.com/openssl/openssl/pull/1699

I would expect ld-wrapper to do the right thing regardless of what
OpenSSL’s build system does, no?

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

OpenSSL 1.1.0c security update required, Leo Famulari, 2016/11/10
- Re: OpenSSL 1.1.0c security update required, Ludovic Courtès <=
  - Re: OpenSSL 1.1.0c security update required, Leo Famulari, 2016/11/15

Prev by Date: [PATCH] Generate multiple paginated packages pages.
Next by Date: Re: [PATCH] gnu: prosody: fix SSL/TLS.
Previous by thread: OpenSSL 1.1.0c security update required
Next by thread: Re: OpenSSL 1.1.0c security update required
Index(es):
- Date
- Thread