Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Elliptic paraboloids for sale.

computers / alt.os.linux.slackware / Conflicts with recent openssl patch (SSA:2022-174-01)

SubjectAuthor
o Conflicts with recent openssl patch (SSA:2022-174-01)Lew Pitcher

1
Conflicts with recent openssl patch (SSA:2022-174-01)

<t94a81$p5u$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1311&group=alt.os.linux.slackware#1311

  copy link   Newsgroups: alt.os.linux.slackware
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: lew.pitc...@digitalfreehold.ca (Lew Pitcher)
Newsgroups: alt.os.linux.slackware
Subject: Conflicts with recent openssl patch (SSA:2022-174-01)
Date: Fri, 24 Jun 2022 12:21:21 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <t94a81$p5u$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 24 Jun 2022 12:21:21 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="37bbc88f88397e7bea5ad993c4ae6e8a";
logging-data="25790"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+fsWuhfxMHDDY4MAL/EsHhAC7zjSJz3Xw="
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508
git://git.gnome.org/pan2)
Cancel-Lock: sha1:SmREoVepN4sYDEDNkuZ205/arXI=
 by: Lew Pitcher - Fri, 24 Jun 2022 12:21 UTC

Hi, everyone

I just encountered an interesting speedbump... Slackware issued a set of
patches for openssl on June 22, 2022 that address CVE-2022-2068.

However, for Slackware 14.2, the issued packages, while different in MD5
sum, are named the same as the openssl patches issued on May 4, 2022
(SSA:2022-124-02) that address CVE-2022-1292.

/If/ you use the package name, or ask 'updatepkg --dry-run' if the
SSA:2022-174-01 packages update the SSA:2022-124-02 packages, it will say
that they are not to be upgraded ("would be skipped")[1]

However, the SSA:2022-174-01 packages have different MD5 sums than the
SSA:2022-124-02, and look to be genuine. In other words, the Slackware
team has a naming problem with the 14.2 patches.

I've already informed Slackware of the naming issue. And, now, /you/ know
as well.

HTH

[1]# upgradepkg --dry-run Slackware.patches/*.t?z | grep openssl
openssl-1.0.2u-x86_64-3_slack14.2 would be skipped (already installed).
openssl-solibs-1.0.2u-x86_64-3_slack14.2 would be skipped (already
installed).

--
Lew Pitcher
"In Skills, We Trust"

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor