[Security] Upgrade OpenSSL version to 1.1.1n-0+deb11u4 - Githubissues

sonic-net / sonic-fips

SONiC FIPS module

Other

0 stars 9 forks source link

[Security] Upgrade OpenSSL version to 1.1.1n-0+deb11u4 #41

Closed xumia closed 1 year ago

xumia commented 1 year ago

Why I did it

Upgrade to 1.1.1n-0+deb11u4

How I did it

Remove some of the patches have already added in the openssl git repository

git log --oneline debian/openssl-1.1.1n-0+deb11u1..debian/openssl-1.1.1n-0+deb11u3    
4b70fedda2 Prepare 1.1.1n-0+deb11u3
f6df7303d8 Update expired certs.
84540b59c1 CVE-2022-2068
f763d8a93e Prepare 1.1.1n-0+deb11u2
576562cebe CVE-2022-1292

Add some of additional patches can be retrieved from the debian mirror.

apt source libssl1.1
Add the patches from openssl-1.1.1n/debian/patches to src/openssl.patch/debian.patch/

How to verify it