From 7642f4c07fb92312f373a9d090f8076049a5017e Mon Sep 17 00:00:00 2001 From: xumia <59720581+xumia@users.noreply.github.com> Date: Fri, 10 Feb 2023 20:01:22 +0800 Subject: [PATCH] [Security][202205] Upgrade the openssl version to 1.1.1n-0+deb11u4+fips #13737 (#13759) * [Security] Upgrade the openssl version to 1.1.1n-0+deb11u4+fips (#13737) Why I did it [Security] Upgrade the openssl version to 1.1.1n-0+deb11u4+fips f6df7303d8 Update expired certs. 84540b59c1 CVE-2022-2068 f763d8a93e Prepare 1.1.1n-0+deb11u2 576562cebe CVE-2022-1292 How I did it Upgrade the OpenSSL version * [Security] Upgrade OpenSSL version for armhf --- files/build/versions/host-image/versions-deb-bullseye-armhf | 6 +++--- rules/sonic-fips.mk | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/files/build/versions/host-image/versions-deb-bullseye-armhf b/files/build/versions/host-image/versions-deb-bullseye-armhf index 0b0b1105a9..284732bb21 100644 --- a/files/build/versions/host-image/versions-deb-bullseye-armhf +++ b/files/build/versions/host-image/versions-deb-bullseye-armhf @@ -3,7 +3,7 @@ ebtables==2.0.11-4 icu-devtools==67.1-7 libicu-dev==67.1-7 libicu67==67.1-7 -libssl-dev==1.1.1n-0+deb11u3 +libssl-dev==1.1.1n-0+deb11u4 libxml2==2.9.10+dfsg-6.7+deb11u3 libxml2-dev==2.9.10+dfsg-6.7+deb11u3 libxslt1-dev==1.1.34-4+deb11u1 @@ -14,6 +14,6 @@ ntpstat==0.0.0.1-2 openssh-client==1:8.4p1-5+deb11u1 openssh-server==1:8.4p1-5+deb11u1 openssh-sftp-server==1:8.4p1-5+deb11u1 -openssl==1.1.1n-0+deb11u3 +openssl==1.1.1n-0+deb11u4 picocom==3.1-2 -traceroute==1:2.1.0-2 \ No newline at end of file +traceroute==1:2.1.0-2 diff --git a/rules/sonic-fips.mk b/rules/sonic-fips.mk index 4c925ebf4e..9eb2d86bfb 100644 --- a/rules/sonic-fips.mk +++ b/rules/sonic-fips.mk @@ -1,7 +1,7 @@ # fips packages -FIPS_VERSION = 0.6 -FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u3+fips +FIPS_VERSION = 0.7 +FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u4+fips FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u1+fips FIPS_PYTHON_MAIN_VERSION = 3.9 FIPS_PYTHON_VERSION = 3.9.2-1+fips