Script for updating `openssl`, `zlib`, `glibc` in `software.eessi.io` version 2023.06

[bedroge]

This addresses some Gentoo GLSAs and a openssl CVE. I'll upload the new tarballs manually.

output of glsa check script

``` >>> The following updates will be performed for this GLSA: >>> No upgrade path exists for these packages: dev-libs/openssl-1.1.1u Checking GLSA 202401-18 >>> The following updates will be performed for this GLSA: >>> Updates that will be performed: sys-libs/zlib-1.3-r2 (vulnerable: sys-libs/zlib-1.2.13-r1) Checking GLSA 202402-01 >>> The following updates will be performed for this GLSA: >>> Updates that will be performed: sys-libs/glibc-2.38-r10 (vulnerable: sys-libs/glibc-2.37-r7) ``` OpenSSL 1.1.x is EOL, and we masked 3.x, which is probably why it doesn't show an upgrade path.

diff for x86_64

``` app-text/po4a-0.69::gentoo app-text/sgml-common-0.6.3-r7::gentoo app-text/xmlto-0.0.28-r10::gentoo +dev-build/autoconf-2.71-r6::gentoo +dev-build/autoconf-archive-2023.02.20::gentoo +dev-build/autoconf-wrapper-20221207-r1::gentoo +dev-build/automake-1.16.5-r1::gentoo +dev-build/automake-wrapper-20221207::gentoo +dev-build/gtk-doc-am-1.33.2::gentoo +dev-build/libtool-2.4.7-r1::gentoo +dev-build/make-4.4.1-r1::gentoo +dev-build/meson-1.1.1::gentoo +dev-build/meson-format-array-0::gentoo dev-db/sqlite-3.42.0::gentoo dev-lang/lua-5.1.5-r200::gentoo dev-lang/luajit-2.1.0_beta3_p20220613::gentoo @@ -102,7 +112,7 @@ dev-libs/mpfr-4.2.0_p9::gentoo dev-libs/nettle-3.9.1::gentoo dev-libs/npth-1.6-r1::gentoo -dev-libs/openssl-1.1.1u::gentoo +dev-libs/openssl-1.1.1w::gentoo dev-libs/popt-1.19::gentoo dev-lua/lpeg-1.0.2-r101::gentoo dev-lua/lua-bit32-5.3.5.1-r1::gentoo @@ -215,10 +225,7 @@ dev-python/zipp-3.15.0::gentoo dev-util/direnv-2.32.2::eessi dev-util/gperf-3.1-r1::gentoo -dev-util/gtk-doc-am-1.33.2::gentoo dev-util/hermes-2.9::gentoo -dev-util/meson-1.1.1::gentoo -dev-util/meson-format-array-0::gentoo dev-util/patchelf-0.18.0::gentoo dev-util/pkgconf-1.8.1::gentoo dev-util/re2c-2.2::gentoo @@ -271,11 +278,6 @@ sys-auth/passwdqc-2.0.2-r1::gentoo sys-cluster/lmod-8.7.23::gentoo sys-cluster/rdma-core-45.0::gentoo -sys-devel/autoconf-2.71-r6::gentoo -sys-devel/autoconf-archive-2023.02.20::gentoo -sys-devel/autoconf-wrapper-20221207-r1::gentoo -sys-devel/automake-1.16.5-r1::gentoo -sys-devel/automake-wrapper-20221207::gentoo sys-devel/bc-1.07.1-r6::gentoo sys-devel/binutils-2.40-r5::gentoo sys-devel/binutils-config-5.5::gentoo @@ -285,17 +287,15 @@ sys-devel/gcc-config-2.11::gentoo sys-devel/gettext-0.21.1::gentoo sys-devel/gnuconfig-20230121::gentoo -sys-devel/libtool-2.4.7-r1::gentoo sys-devel/m4-1.4.19-r2::gentoo -sys-devel/make-4.4.1-r1::gentoo sys-devel/patch-2.7.6-r5::gentoo sys-fabric/opa-psm2-11.2.205::eessi sys-fs/e2fsprogs-1.47.0-r1::gentoo sys-fs/udev-init-scripts-35::gentoo -sys-kernel/installkernel-gentoo-7::gentoo +sys-kernel/installkernel-7::gentoo sys-kernel/linux-headers-6.3::gentoo sys-libs/gdbm-1.23::gentoo -sys-libs/glibc-2.37-r7::gentoo +sys-libs/glibc-2.37-r10::gentoo sys-libs/libcap-2.69::gentoo sys-libs/libseccomp-2.5.4::gentoo sys-libs/libxcrypt-4.4.35::gentoo @@ -303,7 +303,7 @@ sys-libs/pam-1.5.3::gentoo sys-libs/readline-8.2_p1::gentoo sys-libs/timezone-data-2023c::gentoo -sys-libs/zlib-1.2.13-r1::gentoo +sys-libs/zlib-1.3-r2::gentoo sys-process/numactl-2.0.16::gentoo sys-process/procps-3.3.17-r1::gentoo sys-process/psmisc-23.6::gentoo ```

diff for aarch64

``` app-text/po4a-0.69::gentoo app-text/sgml-common-0.6.3-r7::gentoo app-text/xmlto-0.0.28-r10::gentoo +dev-build/autoconf-2.71-r6::gentoo +dev-build/autoconf-archive-2023.02.20::gentoo +dev-build/autoconf-wrapper-20221207-r1::gentoo +dev-build/automake-1.16.5-r1::gentoo +dev-build/automake-wrapper-20221207::gentoo +dev-build/gtk-doc-am-1.33.2::gentoo +dev-build/libtool-2.4.7-r1::gentoo +dev-build/make-4.4.1-r1::gentoo +dev-build/meson-1.1.1::gentoo +dev-build/meson-format-array-0::gentoo dev-db/sqlite-3.42.0::gentoo dev-lang/lua-5.1.5-r200::gentoo dev-lang/luajit-2.1.0_beta3_p20220613::gentoo @@ -102,7 +112,7 @@ dev-libs/mpfr-4.2.0_p9::gentoo dev-libs/nettle-3.9.1::gentoo dev-libs/npth-1.6-r1::gentoo -dev-libs/openssl-1.1.1u::gentoo +dev-libs/openssl-1.1.1w::gentoo dev-libs/popt-1.19::gentoo dev-lua/lpeg-1.0.2-r101::gentoo dev-lua/lua-bit32-5.3.5.1-r1::gentoo @@ -215,10 +225,7 @@ dev-python/zipp-3.15.0::gentoo dev-util/direnv-2.32.2::eessi dev-util/gperf-3.1-r1::gentoo -dev-util/gtk-doc-am-1.33.2::gentoo dev-util/hermes-2.9::gentoo -dev-util/meson-1.1.1::gentoo -dev-util/meson-format-array-0::gentoo dev-util/patchelf-0.18.0::gentoo dev-util/pkgconf-1.8.1::gentoo dev-util/re2c-2.2::gentoo @@ -271,11 +278,6 @@ sys-auth/passwdqc-2.0.2-r1::gentoo sys-cluster/lmod-8.7.23::gentoo sys-cluster/rdma-core-45.0::gentoo -sys-devel/autoconf-2.71-r6::gentoo -sys-devel/autoconf-archive-2023.02.20::gentoo -sys-devel/autoconf-wrapper-20221207-r1::gentoo -sys-devel/automake-1.16.5-r1::gentoo -sys-devel/automake-wrapper-20221207::gentoo sys-devel/bc-1.07.1-r6::gentoo sys-devel/binutils-2.40-r5::gentoo sys-devel/binutils-config-5.5::gentoo @@ -285,16 +287,14 @@ sys-devel/gcc-config-2.11::gentoo sys-devel/gettext-0.21.1::gentoo sys-devel/gnuconfig-20230121::gentoo -sys-devel/libtool-2.4.7-r1::gentoo sys-devel/m4-1.4.19-r2::gentoo -sys-devel/make-4.4.1-r1::gentoo sys-devel/patch-2.7.6-r5::gentoo sys-fs/e2fsprogs-1.47.0-r1::gentoo sys-fs/udev-init-scripts-35::gentoo -sys-kernel/installkernel-gentoo-7::gentoo +sys-kernel/installkernel-7::gentoo sys-kernel/linux-headers-6.3::gentoo sys-libs/gdbm-1.23::gentoo -sys-libs/glibc-2.37-r7::gentoo +sys-libs/glibc-2.37-r10::gentoo sys-libs/libcap-2.69::gentoo sys-libs/libseccomp-2.5.4::gentoo sys-libs/libxcrypt-4.4.35::gentoo @@ -302,7 +302,7 @@ sys-libs/pam-1.5.3::gentoo sys-libs/readline-8.2_p1::gentoo sys-libs/timezone-data-2023c::gentoo -sys-libs/zlib-1.2.13-r1::gentoo +sys-libs/zlib-1.3-r2::gentoo sys-process/numactl-2.0.16::gentoo sys-process/procps-3.3.17-r1::gentoo sys-process/psmisc-23.6::gentoo ```

Looks like some packages were renamed, which is why the diff shows some more packages than expected.

[eessi-bot[bot]]

Instance eessi-bot-mc-aws is configured to build:

• arch x86_64/generic for repo eessi-hpc.org-2023.06-compat
• arch x86_64/generic for repo eessi-hpc.org-2023.06-software
• arch x86_64/generic for repo eessi.io-2023.06-compat
• arch x86_64/generic for repo eessi.io-2023.06-software
• arch x86_64/intel/haswell for repo eessi-hpc.org-2023.06-compat
• arch x86_64/intel/haswell for repo eessi-hpc.org-2023.06-software
• arch x86_64/intel/haswell for repo eessi.io-2023.06-compat
• arch x86_64/intel/haswell for repo eessi.io-2023.06-software
• arch x86_64/intel/skylake_avx512 for repo eessi-hpc.org-2023.06-compat
• arch x86_64/intel/skylake_avx512 for repo eessi-hpc.org-2023.06-software
• arch x86_64/intel/skylake_avx512 for repo eessi.io-2023.06-compat
• arch x86_64/intel/skylake_avx512 for repo eessi.io-2023.06-software
• arch x86_64/amd/zen2 for repo eessi-hpc.org-2023.06-compat
• arch x86_64/amd/zen2 for repo eessi-hpc.org-2023.06-software
• arch x86_64/amd/zen2 for repo eessi.io-2023.06-compat
• arch x86_64/amd/zen2 for repo eessi.io-2023.06-software
• arch x86_64/amd/zen3 for repo eessi-hpc.org-2023.06-compat
• arch x86_64/amd/zen3 for repo eessi-hpc.org-2023.06-software
• arch x86_64/amd/zen3 for repo eessi.io-2023.06-compat
• arch x86_64/amd/zen3 for repo eessi.io-2023.06-software
• arch aarch64/generic for repo eessi-hpc.org-2023.06-compat
• arch aarch64/generic for repo eessi-hpc.org-2023.06-software
• arch aarch64/generic for repo eessi.io-2023.06-compat
• arch aarch64/generic for repo eessi.io-2023.06-software
• arch aarch64/neoverse_n1 for repo eessi-hpc.org-2023.06-compat
• arch aarch64/neoverse_n1 for repo eessi-hpc.org-2023.06-software
• arch aarch64/neoverse_n1 for repo eessi.io-2023.06-compat
• arch aarch64/neoverse_n1 for repo eessi.io-2023.06-software
• arch aarch64/neoverse_v1 for repo eessi-hpc.org-2023.06-compat
• arch aarch64/neoverse_v1 for repo eessi-hpc.org-2023.06-software
• arch aarch64/neoverse_v1 for repo eessi.io-2023.06-compat
• arch aarch64/neoverse_v1 for repo eessi.io-2023.06-software

[boegel]

-sys-libs/zlib-1.2.13-r1::gentoo
+sys-libs/zlib-1.3-r2::gentoo

I'm a bit worried about this part...

This implies removing libz.so.1.2.13 and installing libz.so.1.3 instead. I suspect that may break some things that link to libz.so.1.2.3 (or even libz.so)

[bedroge]

Updated version of the diffs with the latest version of the script:

diff for x86_64

``` diff in installed packages: --- /tmp/tmp.dE6K4maS7D/installed-pkgs-pre-update.txt 2024-02-08 15:35:45.035993854 +0000 +++ /tmp/tmp.dE6K4maS7D/installed-pkgs-post-update.txt 2024-02-08 15:47:52.767865818 +0000 @@ -71,6 +71,16 @@ app-text/po4a-0.69::gentoo app-text/sgml-common-0.6.3-r7::gentoo app-text/xmlto-0.0.28-r10::gentoo +dev-build/autoconf-2.71-r6::gentoo +dev-build/autoconf-archive-2023.02.20::gentoo +dev-build/autoconf-wrapper-20221207-r1::gentoo +dev-build/automake-1.16.5-r1::gentoo +dev-build/automake-wrapper-20221207::gentoo +dev-build/gtk-doc-am-1.33.2::gentoo +dev-build/libtool-2.4.7-r1::gentoo +dev-build/make-4.4.1-r1::gentoo +dev-build/meson-1.1.1::gentoo +dev-build/meson-format-array-0::gentoo dev-db/sqlite-3.42.0::gentoo dev-lang/lua-5.1.5-r200::gentoo dev-lang/luajit-2.1.0_beta3_p20220613::gentoo @@ -102,7 +112,7 @@ dev-libs/mpfr-4.2.0_p9::gentoo dev-libs/nettle-3.9.1::gentoo dev-libs/npth-1.6-r1::gentoo -dev-libs/openssl-1.1.1u::gentoo +dev-libs/openssl-1.1.1w::gentoo dev-libs/popt-1.19::gentoo dev-lua/lpeg-1.0.2-r101::gentoo dev-lua/lua-bit32-5.3.5.1-r1::gentoo @@ -215,10 +225,7 @@ dev-python/zipp-3.15.0::gentoo dev-util/direnv-2.32.2::eessi dev-util/gperf-3.1-r1::gentoo -dev-util/gtk-doc-am-1.33.2::gentoo dev-util/hermes-2.9::gentoo -dev-util/meson-1.1.1::gentoo -dev-util/meson-format-array-0::gentoo dev-util/patchelf-0.18.0::gentoo dev-util/pkgconf-1.8.1::gentoo dev-util/re2c-2.2::gentoo @@ -271,11 +278,6 @@ sys-auth/passwdqc-2.0.2-r1::gentoo sys-cluster/lmod-8.7.23::gentoo sys-cluster/rdma-core-45.0::gentoo -sys-devel/autoconf-2.71-r6::gentoo -sys-devel/autoconf-archive-2023.02.20::gentoo -sys-devel/autoconf-wrapper-20221207-r1::gentoo -sys-devel/automake-1.16.5-r1::gentoo -sys-devel/automake-wrapper-20221207::gentoo sys-devel/bc-1.07.1-r6::gentoo sys-devel/binutils-2.40-r5::gentoo sys-devel/binutils-config-5.5::gentoo @@ -285,16 +287,14 @@ sys-devel/gcc-config-2.11::gentoo sys-devel/gettext-0.21.1::gentoo sys-devel/gnuconfig-20230121::gentoo -sys-devel/libtool-2.4.7-r1::gentoo sys-devel/m4-1.4.19-r2::gentoo -sys-devel/make-4.4.1-r1::gentoo sys-devel/patch-2.7.6-r5::gentoo sys-fs/e2fsprogs-1.47.0-r1::gentoo sys-fs/udev-init-scripts-35::gentoo -sys-kernel/installkernel-gentoo-7::gentoo +sys-kernel/installkernel-7::gentoo sys-kernel/linux-headers-6.3::gentoo sys-libs/gdbm-1.23::gentoo -sys-libs/glibc-2.37-r7::gentoo +sys-libs/glibc-2.37-r10::gentoo sys-libs/libcap-2.69::gentoo sys-libs/libseccomp-2.5.4::gentoo sys-libs/libxcrypt-4.4.35::gentoo @@ -302,7 +302,7 @@ sys-libs/pam-1.5.3::gentoo sys-libs/readline-8.2_p1::gentoo sys-libs/timezone-data-2023c::gentoo -sys-libs/zlib-1.2.13-r1::gentoo +sys-libs/zlib-1.2.13-r2::gentoo sys-process/numactl-2.0.16::gentoo sys-process/procps-3.3.17-r1::gentoo sys-process/psmisc-23.6::gentoo ```

diff for aarch64

``` diff in installed packages: --- /tmp/tmp.qGJcbJ7pCs/installed-pkgs-pre-update.txt 2024-02-08 15:35:57.772342598 +0000 +++ /tmp/tmp.qGJcbJ7pCs/installed-pkgs-post-update.txt 2024-02-08 15:52:50.518865486 +0000 @@ -71,6 +71,16 @@ app-text/po4a-0.69::gentoo app-text/sgml-common-0.6.3-r7::gentoo app-text/xmlto-0.0.28-r10::gentoo +dev-build/autoconf-2.71-r6::gentoo +dev-build/autoconf-archive-2023.02.20::gentoo +dev-build/autoconf-wrapper-20221207-r1::gentoo +dev-build/automake-1.16.5-r1::gentoo +dev-build/automake-wrapper-20221207::gentoo +dev-build/gtk-doc-am-1.33.2::gentoo +dev-build/libtool-2.4.7-r1::gentoo +dev-build/make-4.4.1-r1::gentoo +dev-build/meson-1.1.1::gentoo +dev-build/meson-format-array-0::gentoo dev-db/sqlite-3.42.0::gentoo dev-lang/lua-5.1.5-r200::gentoo dev-lang/luajit-2.1.0_beta3_p20220613::gentoo @@ -102,7 +112,7 @@ dev-libs/mpfr-4.2.0_p9::gentoo dev-libs/nettle-3.9.1::gentoo dev-libs/npth-1.6-r1::gentoo -dev-libs/openssl-1.1.1u::gentoo +dev-libs/openssl-1.1.1w::gentoo dev-libs/popt-1.19::gentoo dev-lua/lpeg-1.0.2-r101::gentoo dev-lua/lua-bit32-5.3.5.1-r1::gentoo @@ -215,10 +225,7 @@ dev-python/zipp-3.15.0::gentoo dev-util/direnv-2.32.2::eessi dev-util/gperf-3.1-r1::gentoo -dev-util/gtk-doc-am-1.33.2::gentoo dev-util/hermes-2.9::gentoo -dev-util/meson-1.1.1::gentoo -dev-util/meson-format-array-0::gentoo dev-util/patchelf-0.18.0::gentoo dev-util/pkgconf-1.8.1::gentoo dev-util/re2c-2.2::gentoo @@ -271,11 +278,6 @@ sys-auth/passwdqc-2.0.2-r1::gentoo sys-cluster/lmod-8.7.23::gentoo sys-cluster/rdma-core-45.0::gentoo -sys-devel/autoconf-2.71-r6::gentoo -sys-devel/autoconf-archive-2023.02.20::gentoo -sys-devel/autoconf-wrapper-20221207-r1::gentoo -sys-devel/automake-1.16.5-r1::gentoo -sys-devel/automake-wrapper-20221207::gentoo sys-devel/bc-1.07.1-r6::gentoo sys-devel/binutils-2.40-r5::gentoo sys-devel/binutils-config-5.5::gentoo @@ -285,17 +287,15 @@ sys-devel/gcc-config-2.11::gentoo sys-devel/gettext-0.21.1::gentoo sys-devel/gnuconfig-20230121::gentoo -sys-devel/libtool-2.4.7-r1::gentoo sys-devel/m4-1.4.19-r2::gentoo -sys-devel/make-4.4.1-r1::gentoo sys-devel/patch-2.7.6-r5::gentoo sys-fabric/opa-psm2-11.2.205::eessi sys-fs/e2fsprogs-1.47.0-r1::gentoo sys-fs/udev-init-scripts-35::gentoo -sys-kernel/installkernel-gentoo-7::gentoo +sys-kernel/installkernel-7::gentoo sys-kernel/linux-headers-6.3::gentoo sys-libs/gdbm-1.23::gentoo -sys-libs/glibc-2.37-r7::gentoo +sys-libs/glibc-2.37-r10::gentoo sys-libs/libcap-2.69::gentoo sys-libs/libseccomp-2.5.4::gentoo sys-libs/libxcrypt-4.4.35::gentoo @@ -303,7 +303,7 @@ sys-libs/pam-1.5.3::gentoo sys-libs/readline-8.2_p1::gentoo sys-libs/timezone-data-2023c::gentoo -sys-libs/zlib-1.2.13-r1::gentoo +sys-libs/zlib-1.2.13-r2::gentoo sys-process/numactl-2.0.16::gentoo sys-process/procps-3.3.17-r1::gentoo sys-process/psmisc-23.6::gentoo ```

[boegel]

Problem with CI should be fixed with ~#198~ #196

[boegel]

staging PRs merged