Skip to content

[25.05] openssl: 3.4.2 -> 3.4.3; openssl_3: 3.0.17 -> 3.0.18#447808

Merged
leona-ya merged 2 commits intoNixOS:staging-25.05from
thillux:mtheil/openssl-update-2025-10-25.05
Oct 10, 2025
Merged

[25.05] openssl: 3.4.2 -> 3.4.3; openssl_3: 3.0.17 -> 3.0.18#447808
leona-ya merged 2 commits intoNixOS:staging-25.05from
thillux:mtheil/openssl-update-2025-10-25.05

Conversation

@thillux
Copy link
Contributor

@thillux thillux commented Oct 1, 2025
edited
Loading

openssl_3: 3.0.17 -> 3.0.18

Changelog:
https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md#changes-between-3017-and-3018-30-sep-2025

Fixed CVEs:

openssl_3_4: 3.4.2 -> 3.4.3

Changelog:
https://github.com/openssl/openssl/blob/openssl-3.4/CHANGES.md#changes-between-342-and-343-30-sep-2025

CVEs fixed:

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

github-actions[bot]

This comment was marked as resolved.

Sign in to view

@thillux thillux added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Oct 1, 2025
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 4.workflow: backport This targets a stable branch labels Oct 1, 2025
@thillux
Copy link
Contributor Author

thillux commented Oct 1, 2025

Backport/adaptation of #447713. This one needs to be merged first in order for the cherry picked commit hashes to be pickable.

@thillux thillux marked this pull request as ready for review October 1, 2025 19:04
@nix-owners nix-owners bot requested a review from ulrikstrid October 1, 2025 19:06
@LeSuisse LeSuisse changed the title openssl: 3.4.2 -> 3.4.3; openssl_3: 3.0.17 -> 3.0.18 [25.05] openssl: 3.4.2 -> 3.4.3; openssl_3: 3.0.17 -> 3.0.18 Oct 2, 2025
@leona-ya leona-ya dismissed github-actions[bot]’s stale review October 10, 2025 14:02

acceptable, other versions than unstable

@leona-ya leona-ya merged commit e6c7068 into NixOS:staging-25.05 Oct 10, 2025
61 of 64 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leona-ya leona-ya leona-ya approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

@ulrikstrid ulrikstrid Awaiting requested review from ulrikstrid

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: backport This targets a stable branch 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thillux @leona-ya