Skip to content

PA-6132: Back-Port OpenSSL 1.1.1 for agent-runtime-7.x #794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

PA-6132: Back-Port OpenSSL 1.1.1 for agent-runtime-7.x #794

wants to merge 8 commits into from

Conversation

@span786
Copy link
Contributor

@span786 span786 commented Feb 23, 2024
edited
Loading

Applied CVE patches for openssl-1.1.1v :

  1. CVE-2023-5678
  2. CVE-2024-0727

Applied CVE patches for openssl-1.1.1k-7-fips:

  1. CVE-2023-3446 (Required for CVE-2023-5678 patch to apply without errors)
  2. CVE-2023-5678
  3. CVE-2024-0727

@span786 span786 requested review from a team as code owners February 23, 2024 10:32
@joshcooper
Copy link
Collaborator

joshcooper commented Feb 23, 2024
edited
Loading

I kicked off generic builder for all agent-runtime-7.x platforms in https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/2685/

@joshcooper
Copy link
Collaborator

@span786 could you update your commit messages to describe which CVEs are fixed in each commit? Although I can see CVE-2023-5678 is fixed in 832549b, it's nice to know what was fixed when doing git log without having to scroll through the diff.

joshcooper
joshcooper requested changes Feb 23, 2024
View reviewed changes
Copy link
Collaborator

@joshcooper joshcooper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build failed on rhelfips-7

https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/2686/

May also be an issue on sles-12? I rekicked it to be sure

@span786 span786 force-pushed the PA-6132-backport-open-ssl-3-0-13-fixes-to-open-ssl-1-1-1-for-agent-runtime-7-x branch 2 times, most recently from faca864 to 49d98f1 Compare February 26, 2024 07:11
@joshcooper
Copy link
Collaborator

@span786 since commit c8e7f20 reverts 832549b and both are in this PR, can you drop both commits?

@span786 span786 force-pushed the PA-6132-backport-open-ssl-3-0-13-fixes-to-open-ssl-1-1-1-for-agent-runtime-7-x branch from 669a9dc to 1074c16 Compare February 27, 2024 05:14
@span786
[PA-6132] : Applied CVE patch to openssl-1.1.1
f709940
@span786
[PA-6132] : Updated openssl FIPS version from 1.1.1k-6 to 1.1.1k-7
da9e06b
@span786
[PA-6132] : Applied CVE Patches to openssl-1.1.1k-7, following patche…
a46f1bf 
…s were applied

1. CVE-2023-3446
2. CVE-2023-5678
3. CVE-2024-0727
@span786
Revert "[PA-6132] : Applied CVE patch to openssl-1.1.1"
962380b 
This reverts commit 832549b.
@span786
[PA-6132] : Applied CVE patch to openssl-1.1.1
72dea1f 
Following Patches were applied:
1. CVE-2023-5678
2. CVE-2024-0727
@span786
Revert "[PA-6132] : Updated openssl FIPS version from 1.1.1k-6 to 1.1…
723b9af 
….1k-7"

This reverts commit c59ee5a.
@span786
Revert "[PA-6132] : Applied CVE Patches to openssl-1.1.1k-7, followin…
1a4f299 
…g patches were applied"

This reverts commit 0327e17.
@span786
[PA-6132] : Applied CVE patched for openssl-1.1.1k-6. Following patch…
f0431d8 
…es were applied:

1. CVE-2023-3446
2. CVE-2023-5678
3. CVE-2024-0727
@span786 span786 force-pushed the PA-6132-backport-open-ssl-3-0-13-fixes-to-open-ssl-1-1-1-for-agent-runtime-7-x branch from 1074c16 to f0431d8 Compare February 27, 2024 05:17
@span786
Copy link
Contributor Author

span786 commented Feb 27, 2024

Closing this PR. Raised a separate PR (#797) which contains clean commits

@span786 span786 closed this Feb 27, 2024
@span786 span786 mentioned this pull request Feb 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshcooper joshcooper joshcooper requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@span786 @joshcooper