Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Bump OpenSSL to 3.0.15 #46157

Merged
merged 2 commits into from
Sep 3, 2024
Merged

chore: Bump OpenSSL to 3.0.15 #46157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a63c2a7
chore: Bump OpenSSL to 3.0.15
codingllama Sep 3, 2024
85c602e
Update versions on thirdparty-libs.mk
codingllama Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions build.assets/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.11.0 && \

# Install openssl.
# install_sw install only binaries, skips docs.
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b openssl-3.0.14 && \
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b openssl-3.0.15 && \
cd openssl && \
[ "$(git rev-parse HEAD)" = '9cff14fd97814baf8a9a07d8447960a64d616ada' ] && \
[ "$(git rev-parse HEAD)" = 'c523121f902fde2929909dc7f76b13ceb4961efe' ] && \
./config --release -fPIC --libdir=/usr/local/lib && \
make -j"$(nproc)" && \
make install_sw
Expand Down
4 changes: 2 additions & 2 deletions build.assets/Dockerfile-centos7
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,9 +126,9 @@ RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.11.0 && \
# Specific install arguments used to skip docs.
# Note that FIPS is enabled as part of this build, but it is unused without the
# necessary configuration (which is included as part of the separate FIPS buildbox).
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b openssl-3.0.14 && \
RUN git clone --depth=1 https://github.com/openssl/openssl.git -b openssl-3.0.15 && \
cd openssl && \
[ "$(git rev-parse HEAD)" = '9cff14fd97814baf8a9a07d8447960a64d616ada' ] && \
[ "$(git rev-parse HEAD)" = 'c523121f902fde2929909dc7f76b13ceb4961efe' ] && \
./config enable-fips --release -fPIC --libdir=/usr/local/lib64 && \
make -j"$(nproc)" && \
make install_sw install_ssldirs install_fips
Expand Down
4 changes: 2 additions & 2 deletions build.assets/build-fido2-macos.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ fi
# Note: versions are the same as the corresponding git tags for each repo.
readonly CBOR_VERSION=v0.11.0
readonly CBOR_COMMIT=170bee2b82cdb7b2ed25af301f62cb6efdd40ec1
readonly CRYPTO_VERSION=openssl-3.0.14
readonly CRYPTO_COMMIT=9cff14fd97814baf8a9a07d8447960a64d616ada
readonly CRYPTO_VERSION=openssl-3.0.15
readonly CRYPTO_COMMIT=c523121f902fde2929909dc7f76b13ceb4961efe
readonly FIDO2_VERSION=1.15.0
readonly FIDO2_COMMIT=f87c19c9487c0131531314d9ccb475ea5325794e

Expand Down
12 changes: 6 additions & 6 deletions build.assets/buildbox/thirdparty-libs.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,9 +139,9 @@ tp-build-libudev_zero: fetch-git-libudev_zero
# -----------------------------------------------------------------------------
# libcbor

libcbor_VERSION = 0.10.2
libcbor_VERSION = 0.11.0
libcbor_GIT_REF = v$(libcbor_VERSION)
libcbor_GIT_REF_HASH = efa6c0886bae46bdaef9b679f61f4b9d8bc296ae
libcbor_GIT_REF_HASH = 170bee2b82cdb7b2ed25af301f62cb6efdd40ec1
libcbor_GIT_REPO = https://github.com/PJK/libcbor
libcbor_SRCDIR = $(call tp-src-dir,libcbor)

Expand All @@ -160,9 +160,9 @@ tp-build-libcbor: fetch-git-libcbor
# -----------------------------------------------------------------------------
# openssl

openssl_VERSION = 3.0.13
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@camscale the versions here were all 1 behind other files. I'm not sure if there was a reason for it or if it was just lagging, but I updated it anyway.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No worries. I am currently backporting this to the branches, so this won't get backported now but I'll include it in the backports.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Be careful to match the versions to the branch, as they differ in some way in almost every branch. We backport security fixes like these, but we rarely (if ever) backport increased functionality.

openssl_VERSION = 3.0.15
openssl_GIT_REF = openssl-$(openssl_VERSION)
openssl_GIT_REF_HASH = 85cf92f55d9e2ac5aacf92bedd33fb890b9f8b4c
openssl_GIT_REF_HASH = c523121f902fde2929909dc7f76b13ceb4961efe
openssl_GIT_REPO = https://github.com/openssl/openssl
openssl_SRCDIR = $(call tp-src-dir,openssl)

Expand All @@ -188,9 +188,9 @@ tp-build-openssl: fetch-git-openssl
# -----------------------------------------------------------------------------
# libfido2

libfido2_VERSION = 1.14.0
libfido2_VERSION = 1.15.0
libfido2_GIT_REF = $(libfido2_VERSION)
libfido2_GIT_REF_HASH = 1a9d335c8f0e821f9eff27482fdda96e59a4f577
libfido2_GIT_REF_HASH = f87c19c9487c0131531314d9ccb475ea5325794e
libfido2_GIT_REPO = https://github.com/Yubico/libfido2
libfido2_SRCDIR = $(call tp-src-dir,libfido2)

Expand Down
2 changes: 1 addition & 1 deletion build.assets/pkgconfig/buildbox/usr/local/lib/pkgconfig/libcrypto-static.pc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ modulesdir=${libdir}/ossl-modules

Name: OpenSSL-libcrypto
Description: OpenSSL cryptography library
Version: 3.0.14
Version: 3.0.15
Libs: ${libdir}/libcrypto.a -ldl -pthread
Cflags: -I${includedir}
2 changes: 1 addition & 1 deletion build.assets/pkgconfig/centos7/usr/local/lib64/pkgconfig/libcrypto-static.pc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ modulesdir=${libdir}/ossl-modules

Name: OpenSSL-libcrypto
Description: OpenSSL cryptography library
Version: 3.0.14
Version: 3.0.15
Libs: ${libdir}/libcrypto.a -ldl -pthread
Cflags: -I${includedir}
Loading