From 94afc5e76b61c8c9c99457a608ad915c521e41fc Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 5 Mar 2025 17:15:48 +0100 Subject: [PATCH] overlay afterburn: update rust-openssl to 0.10.70 Apply patch for updating rust-openssl to 0.10.70, mainly for addressing CVE-2025-0977. Pulls in https://github.com/coreos/afterburn/pull/1164. --- .../coreos-base/afterburn/Manifest | 4 +- ...5.7.0.ebuild => afterburn-5.7.0-r1.ebuild} | 0 .../afterburn/afterburn-9999.ebuild | 5 +- ...bump-openssl-from-0.10.66-to-0.10.70.patch | 52 +++++++++++++++++++ 4 files changed, 57 insertions(+), 4 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/{afterburn-5.7.0.ebuild => afterburn-5.7.0-r1.ebuild} (100%) create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0004-build-deps-bump-openssl-from-0.10.66-to-0.10.70.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/Manifest b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/Manifest index 9347dbbfee..3e1b90f33a 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/Manifest @@ -129,10 +129,10 @@ DIST num-conv-0.1.0.crate 7444 BLAKE2B 4f5c4695006aa3ae77aaf5c55999a07d8ddfab294 DIST object-0.36.4.crate 325802 BLAKE2B 1eb4fbe0cb2882a5371947234b4421b224c40a61cf71b994ee53074d70e010ee9b30638290ae89e14a9c6e1e339001852dbfedd4d740c642415c58327d121a76 SHA512 b929b3ad9ca32a5830a2ba103e6e14419b145c324b834b453d53f3cbfb5181246b2628baf5fc668c449f5337411d374b56abdd4d1dc4a744f65aaaab284bf77c DIST once_cell-1.19.0.crate 33046 BLAKE2B c14b374eaf4ac0f60acc2e02f7bba270a0e8e0a6978d749cd3cb0ab3eb26907e4fbea70dd5132982f90290381ed18ff8a87fd530f1415fabffac864f157ea380 SHA512 4154876afd34a699ee650d1a8a1c5ee5a25f0ebd9388b8bef2564e33629fae68f113d7507488c68abbe7ea1acf9bbc41813cbbf3ef3e464e3f3b9cc7a51d870c DIST openssh-keys-0.6.4.crate 22213 BLAKE2B 249b6dc48785b59cd0ce649a90e788b3be477702e95cbd34fa4bdfbaf558b3e9b360d82ec2fba0b63166192e13871bdb6c5a295f7795a603348f4a8668e3732f SHA512 6d572dbb4656352d4abfa5a622e3e9f1f5576d7ac1216947a524032bf6d8772c672c351bfe3f7c33c21716a4c4ae9cf410379f7529f3ba2deec7edd1bdf0c066 -DIST openssl-0.10.66.crate 273705 BLAKE2B 7892e96dac3b24ad5622833b4061bd82028210f9f26ec9772cebb65905ff6e45da8b21ad1aabfb87bb5610f534018da6bd20c10eaee8c189dd08a7ebfbf12b4b SHA512 2f4dd6e40dd8aff8c04563517fabeecd5ac0d986764649cc9af9bf4ce25757a67f75655eee207703b46fe57661a216ff00144358ffcbc70525447a063fa086c1 +DIST openssl-0.10.70.crate 277545 BLAKE2B d3cfa90624c24588361d1ed6120b21f4b70c33bc90d6d6ac4fde416130c1d0775e039bacca6dfc5672a7ef5b9b44fa46801f91f37c71bd980f78648588076e74 SHA512 6d06cf1b999c1a6af6057defd1b0f3663c1c38cb4276520c29c4b06560d3c55654af093883d159a6d4527ba5c37641b89f204ab7c72c133001241a9cc2bba1b1 DIST openssl-macros-0.1.1.crate 5601 BLAKE2B 69dc1c1f3b7bc4f934cae0dce64c3efa501162e5279efd6af3b74f7a7716c04b6996b306b310f1c045cfa2eff2895314a47ecbb020a817e461c6d77d0bc11e92 SHA512 57e75c84f78fb83f884eeaedb0dd135ecb40192dad2facd908e6a575c9b65b38a2c93bca4630e09ea5a82c77d8bc8364cb2f5778cbfe9d8f484cafe3346b883c DIST openssl-probe-0.1.5.crate 7227 BLAKE2B d1fd6a9498b3ab7f25b228f19043067604bf20790530fd0ab6fe3d4d3bc27f13e6e94d1e7ef49314c3663477d8916b8790b90427f74976143b54b95350895165 SHA512 7e560314150709a34520472698060c4f29689d4e608dc4dde146140aa690350d3603279c693367deeb0f21ab34ef61956143a3447827a2b7a3d578b9ccd6552c -DIST openssl-sys-0.9.103.crate 71552 BLAKE2B 4cc1ab93f5a444b4b985c84f6ae90f345da4639e4ff7c5502dc1ae59f842d46e3855057a7c05855f7cd739b5311f330dff361480ef2a0102fe46471506956148 SHA512 61b802f6baf918ec055be90ee47c69fe0184f6d9a1d29c748386192a11d4df115758961ec9b636126a6b42d7d8f7509248c59f7c035905558c4cc35b804a8eaf +DIST openssl-sys-0.9.105.crate 72287 BLAKE2B fa9d80aeb44852f58df7486a11fe079c4be39c649f2d5e3f767f89bbea945785b63fb1816c21bacd20668111b2c512deef9edadf6c2d18a95c0aa003380a0505 SHA512 43dc99d22db8af0d23fc4ccd9c1384f16c18bc3b62eced4886ea33b350c341beb1ee585e50216327e17d986376a41c4a793f2abd2736cf3d7662655150b98ddf DIST ordered-stream-0.2.0.crate 19077 BLAKE2B 581285d32136bb9c2134f405c5a2d67c952a36eb3613912be029f2826b847919188e1b479506b46f20e0b63d371f476b99d9e7e1ee8d47ddef7b4f48451b0e3e SHA512 99976f90637f0daedeae05d4270d33bc03fad1c06a85bcf2cd7140b149f76c7560d5e60becf05a633a62dc82f7f65900eb8f510c62aea4e630b78c45dc76d83e DIST parking-2.2.1.crate 10685 BLAKE2B 3af8020bc27ea921d6023c14f20545f70a5a5a5a216d5f97458d76d3bfc8d9de937f3c92668d31a79de85ce08ed0236d440c64ca1e4fe0a7748f412b941c052b SHA512 2e49137b59000f0467aa9ee0648d53e06cd2b8319d6ea28bf04c621b873469739a34186840b02f08d770d109cca26e161b3de3e4341dd729701885307a6a8177 DIST parking_lot-0.12.3.crate 41860 BLAKE2B d1899a1132035aaea3a784290cf4951ea3b36b2018d407e27d333b2a2ce3820e040d635009c44cb6e58ad07cec6565c0347af6f6fb02954eac2d4c348bb036f0 SHA512 368c17203fb5b9e4ecfd4857e3b1ab96b86da3770b8f21be392818c845952f72dde1072a10265760a62aa8a1dd65332bfd585667444e5fbb9dbe3280b5862703 diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-5.7.0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-5.7.0-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-5.7.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-5.7.0-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild index ec4a1c8f07..9b520c5e41 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild @@ -144,10 +144,10 @@ else object@0.36.4 once_cell@1.19.0 openssh-keys@0.6.4 - openssl@0.10.66 + openssl@0.10.70 openssl-macros@0.1.1 openssl-probe@0.1.5 - openssl-sys@0.9.103 + openssl-sys@0.9.105 ordered-stream@0.2.0 parking@2.2.1 parking_lot@0.12.3 @@ -330,6 +330,7 @@ PATCHES=( "${FILESDIR}"/0001-Revert-remove-cl-legacy-feature.patch "${FILESDIR}"/0002-util-cmdline-Handle-the-cmdline-flags-as-list-of-sup.patch "${FILESDIR}"/0003-Cargo-reduce-binary-size-for-release-profile.patch + "${FILESDIR}"/0004-build-deps-bump-openssl-from-0.10.66-to-0.10.70.patch ) src_unpack() { diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0004-build-deps-bump-openssl-from-0.10.66-to-0.10.70.patch b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0004-build-deps-bump-openssl-from-0.10.66-to-0.10.70.patch new file mode 100644 index 0000000000..27fc1c9b87 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0004-build-deps-bump-openssl-from-0.10.66-to-0.10.70.patch @@ -0,0 +1,52 @@ +From b0c3c03ed05ded81a6065a1742f3382f131feacb Mon Sep 17 00:00:00 2001 +Message-Id: +From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> +Date: Mon, 3 Feb 2025 20:14:39 +0000 +Subject: [PATCH] build(deps): bump openssl from 0.10.66 to 0.10.70 + +Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.66 to 0.10.70. +- [Release notes](https://github.com/sfackler/rust-openssl/releases) +- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.66...openssl-v0.10.70) + +--- +updated-dependencies: +- dependency-name: openssl + dependency-type: direct:production +... + +Signed-off-by: dependabot[bot] +--- + Cargo.lock | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Cargo.lock b/Cargo.lock +index 2388e54c..2172935b 100644 +--- a/Cargo.lock ++++ b/Cargo.lock +@@ -1289,9 +1289,9 @@ dependencies = [ + + [[package]] + name = "openssl" +-version = "0.10.66" ++version = "0.10.70" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" ++checksum = "61cfb4e166a8bb8c9b55c500bc2308550148ece889be90f609377e58140f42c6" + dependencies = [ + "bitflags", + "cfg-if", +@@ -1321,9 +1321,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + + [[package]] + name = "openssl-sys" +-version = "0.9.103" ++version = "0.9.105" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6" ++checksum = "8b22d5b84be05a8d6947c7cb71f7c849aa0f112acd4bf51c2a7c1c988ac0a9dc" + dependencies = [ + "cc", + "libc", +-- +2.39.5 +