Script for updating `openssl`, `zlib`, `glibc` in `software.eessi.io` version 2023.06 #197

bedroge · 2024-02-06T12:18:36Z

This addresses some Gentoo GLSAs and a openssl CVE. I'll upload the new tarballs manually.

output of glsa check script

>>> The following updates will be performed for this GLSA:
>>> No upgrade path exists for these packages:
     dev-libs/openssl-1.1.1u


Checking GLSA 202401-18
>>> The following updates will be performed for this GLSA:
>>> Updates that will be performed:
     sys-libs/zlib-1.3-r2 (vulnerable: sys-libs/zlib-1.2.13-r1)


Checking GLSA 202402-01
>>> The following updates will be performed for this GLSA:
>>> Updates that will be performed:
     sys-libs/glibc-2.38-r10 (vulnerable: sys-libs/glibc-2.37-r7)

OpenSSL 1.1.x is EOL, and we masked 3.x, which is probably why it doesn't show an upgrade path.

diff for x86_64

 app-text/po4a-0.69::gentoo
 app-text/sgml-common-0.6.3-r7::gentoo
 app-text/xmlto-0.0.28-r10::gentoo
+dev-build/autoconf-2.71-r6::gentoo
+dev-build/autoconf-archive-2023.02.20::gentoo
+dev-build/autoconf-wrapper-20221207-r1::gentoo
+dev-build/automake-1.16.5-r1::gentoo
+dev-build/automake-wrapper-20221207::gentoo
+dev-build/gtk-doc-am-1.33.2::gentoo
+dev-build/libtool-2.4.7-r1::gentoo
+dev-build/make-4.4.1-r1::gentoo
+dev-build/meson-1.1.1::gentoo
+dev-build/meson-format-array-0::gentoo
 dev-db/sqlite-3.42.0::gentoo
 dev-lang/lua-5.1.5-r200::gentoo
 dev-lang/luajit-2.1.0_beta3_p20220613::gentoo
@@ -102,7 +112,7 @@
 dev-libs/mpfr-4.2.0_p9::gentoo
 dev-libs/nettle-3.9.1::gentoo
 dev-libs/npth-1.6-r1::gentoo
-dev-libs/openssl-1.1.1u::gentoo
+dev-libs/openssl-1.1.1w::gentoo
 dev-libs/popt-1.19::gentoo
 dev-lua/lpeg-1.0.2-r101::gentoo
 dev-lua/lua-bit32-5.3.5.1-r1::gentoo
@@ -215,10 +225,7 @@
 dev-python/zipp-3.15.0::gentoo
 dev-util/direnv-2.32.2::eessi
 dev-util/gperf-3.1-r1::gentoo
-dev-util/gtk-doc-am-1.33.2::gentoo
 dev-util/hermes-2.9::gentoo
-dev-util/meson-1.1.1::gentoo
-dev-util/meson-format-array-0::gentoo
 dev-util/patchelf-0.18.0::gentoo
 dev-util/pkgconf-1.8.1::gentoo
 dev-util/re2c-2.2::gentoo
@@ -271,11 +278,6 @@
 sys-auth/passwdqc-2.0.2-r1::gentoo
 sys-cluster/lmod-8.7.23::gentoo
 sys-cluster/rdma-core-45.0::gentoo
-sys-devel/autoconf-2.71-r6::gentoo
-sys-devel/autoconf-archive-2023.02.20::gentoo
-sys-devel/autoconf-wrapper-20221207-r1::gentoo
-sys-devel/automake-1.16.5-r1::gentoo
-sys-devel/automake-wrapper-20221207::gentoo
 sys-devel/bc-1.07.1-r6::gentoo
 sys-devel/binutils-2.40-r5::gentoo
 sys-devel/binutils-config-5.5::gentoo
@@ -285,17 +287,15 @@
 sys-devel/gcc-config-2.11::gentoo
 sys-devel/gettext-0.21.1::gentoo
 sys-devel/gnuconfig-20230121::gentoo
-sys-devel/libtool-2.4.7-r1::gentoo
 sys-devel/m4-1.4.19-r2::gentoo
-sys-devel/make-4.4.1-r1::gentoo
 sys-devel/patch-2.7.6-r5::gentoo
 sys-fabric/opa-psm2-11.2.205::eessi
 sys-fs/e2fsprogs-1.47.0-r1::gentoo
 sys-fs/udev-init-scripts-35::gentoo
-sys-kernel/installkernel-gentoo-7::gentoo
+sys-kernel/installkernel-7::gentoo
 sys-kernel/linux-headers-6.3::gentoo
 sys-libs/gdbm-1.23::gentoo
-sys-libs/glibc-2.37-r7::gentoo
+sys-libs/glibc-2.37-r10::gentoo
 sys-libs/libcap-2.69::gentoo
 sys-libs/libseccomp-2.5.4::gentoo
 sys-libs/libxcrypt-4.4.35::gentoo
@@ -303,7 +303,7 @@
 sys-libs/pam-1.5.3::gentoo
 sys-libs/readline-8.2_p1::gentoo
 sys-libs/timezone-data-2023c::gentoo
-sys-libs/zlib-1.2.13-r1::gentoo
+sys-libs/zlib-1.3-r2::gentoo
 sys-process/numactl-2.0.16::gentoo
 sys-process/procps-3.3.17-r1::gentoo
 sys-process/psmisc-23.6::gentoo

diff for aarch64

 app-text/po4a-0.69::gentoo
 app-text/sgml-common-0.6.3-r7::gentoo
 app-text/xmlto-0.0.28-r10::gentoo
+dev-build/autoconf-2.71-r6::gentoo
+dev-build/autoconf-archive-2023.02.20::gentoo
+dev-build/autoconf-wrapper-20221207-r1::gentoo
+dev-build/automake-1.16.5-r1::gentoo
+dev-build/automake-wrapper-20221207::gentoo
+dev-build/gtk-doc-am-1.33.2::gentoo
+dev-build/libtool-2.4.7-r1::gentoo
+dev-build/make-4.4.1-r1::gentoo
+dev-build/meson-1.1.1::gentoo
+dev-build/meson-format-array-0::gentoo
 dev-db/sqlite-3.42.0::gentoo
 dev-lang/lua-5.1.5-r200::gentoo
 dev-lang/luajit-2.1.0_beta3_p20220613::gentoo
@@ -102,7 +112,7 @@
 dev-libs/mpfr-4.2.0_p9::gentoo
 dev-libs/nettle-3.9.1::gentoo
 dev-libs/npth-1.6-r1::gentoo
-dev-libs/openssl-1.1.1u::gentoo
+dev-libs/openssl-1.1.1w::gentoo
 dev-libs/popt-1.19::gentoo
 dev-lua/lpeg-1.0.2-r101::gentoo
 dev-lua/lua-bit32-5.3.5.1-r1::gentoo
@@ -215,10 +225,7 @@
 dev-python/zipp-3.15.0::gentoo
 dev-util/direnv-2.32.2::eessi
 dev-util/gperf-3.1-r1::gentoo
-dev-util/gtk-doc-am-1.33.2::gentoo
 dev-util/hermes-2.9::gentoo
-dev-util/meson-1.1.1::gentoo
-dev-util/meson-format-array-0::gentoo
 dev-util/patchelf-0.18.0::gentoo
 dev-util/pkgconf-1.8.1::gentoo
 dev-util/re2c-2.2::gentoo
@@ -271,11 +278,6 @@
 sys-auth/passwdqc-2.0.2-r1::gentoo
 sys-cluster/lmod-8.7.23::gentoo
 sys-cluster/rdma-core-45.0::gentoo
-sys-devel/autoconf-2.71-r6::gentoo
-sys-devel/autoconf-archive-2023.02.20::gentoo
-sys-devel/autoconf-wrapper-20221207-r1::gentoo
-sys-devel/automake-1.16.5-r1::gentoo
-sys-devel/automake-wrapper-20221207::gentoo
 sys-devel/bc-1.07.1-r6::gentoo
 sys-devel/binutils-2.40-r5::gentoo
 sys-devel/binutils-config-5.5::gentoo
@@ -285,16 +287,14 @@
 sys-devel/gcc-config-2.11::gentoo
 sys-devel/gettext-0.21.1::gentoo
 sys-devel/gnuconfig-20230121::gentoo
-sys-devel/libtool-2.4.7-r1::gentoo
 sys-devel/m4-1.4.19-r2::gentoo
-sys-devel/make-4.4.1-r1::gentoo
 sys-devel/patch-2.7.6-r5::gentoo
 sys-fs/e2fsprogs-1.47.0-r1::gentoo
 sys-fs/udev-init-scripts-35::gentoo
-sys-kernel/installkernel-gentoo-7::gentoo
+sys-kernel/installkernel-7::gentoo
 sys-kernel/linux-headers-6.3::gentoo
 sys-libs/gdbm-1.23::gentoo
-sys-libs/glibc-2.37-r7::gentoo
+sys-libs/glibc-2.37-r10::gentoo
 sys-libs/libcap-2.69::gentoo
 sys-libs/libseccomp-2.5.4::gentoo
 sys-libs/libxcrypt-4.4.35::gentoo
@@ -302,7 +302,7 @@
 sys-libs/pam-1.5.3::gentoo
 sys-libs/readline-8.2_p1::gentoo
 sys-libs/timezone-data-2023c::gentoo
-sys-libs/zlib-1.2.13-r1::gentoo
+sys-libs/zlib-1.3-r2::gentoo
 sys-process/numactl-2.0.16::gentoo
 sys-process/procps-3.3.17-r1::gentoo
 sys-process/psmisc-23.6::gentoo

Looks like some packages were renamed, which is why the diff shows some more packages than expected.

eessi-bot · 2024-02-06T12:18:41Z

Instance eessi-bot-mc-aws is configured to build:

arch x86_64/generic for repo eessi-hpc.org-2023.06-compat
arch x86_64/generic for repo eessi-hpc.org-2023.06-software
arch x86_64/generic for repo eessi.io-2023.06-compat
arch x86_64/generic for repo eessi.io-2023.06-software
arch x86_64/intel/haswell for repo eessi-hpc.org-2023.06-compat
arch x86_64/intel/haswell for repo eessi-hpc.org-2023.06-software
arch x86_64/intel/haswell for repo eessi.io-2023.06-compat
arch x86_64/intel/haswell for repo eessi.io-2023.06-software
arch x86_64/intel/skylake_avx512 for repo eessi-hpc.org-2023.06-compat
arch x86_64/intel/skylake_avx512 for repo eessi-hpc.org-2023.06-software
arch x86_64/intel/skylake_avx512 for repo eessi.io-2023.06-compat
arch x86_64/intel/skylake_avx512 for repo eessi.io-2023.06-software
arch x86_64/amd/zen2 for repo eessi-hpc.org-2023.06-compat
arch x86_64/amd/zen2 for repo eessi-hpc.org-2023.06-software
arch x86_64/amd/zen2 for repo eessi.io-2023.06-compat
arch x86_64/amd/zen2 for repo eessi.io-2023.06-software
arch x86_64/amd/zen3 for repo eessi-hpc.org-2023.06-compat
arch x86_64/amd/zen3 for repo eessi-hpc.org-2023.06-software
arch x86_64/amd/zen3 for repo eessi.io-2023.06-compat
arch x86_64/amd/zen3 for repo eessi.io-2023.06-software
arch aarch64/generic for repo eessi-hpc.org-2023.06-compat
arch aarch64/generic for repo eessi-hpc.org-2023.06-software
arch aarch64/generic for repo eessi.io-2023.06-compat
arch aarch64/generic for repo eessi.io-2023.06-software
arch aarch64/neoverse_n1 for repo eessi-hpc.org-2023.06-compat
arch aarch64/neoverse_n1 for repo eessi-hpc.org-2023.06-software
arch aarch64/neoverse_n1 for repo eessi.io-2023.06-compat
arch aarch64/neoverse_n1 for repo eessi.io-2023.06-software
arch aarch64/neoverse_v1 for repo eessi-hpc.org-2023.06-compat
arch aarch64/neoverse_v1 for repo eessi-hpc.org-2023.06-software
arch aarch64/neoverse_v1 for repo eessi.io-2023.06-compat
arch aarch64/neoverse_v1 for repo eessi.io-2023.06-software

boegel · 2024-02-08T13:33:04Z

-sys-libs/zlib-1.2.13-r1::gentoo
+sys-libs/zlib-1.3-r2::gentoo

I'm a bit worried about this part...

This implies removing libz.so.1.2.13 and installing libz.so.1.3 instead.
I suspect that may break some things that link to libz.so.1.2.3 (or even libz.so)

scripts/update-pkgs-EESSI.IO-2023.06_2024-01-31.sh

bedroge · 2024-02-08T15:54:31Z

Updated version of the diffs with the latest version of the script:

diff for x86_64

diff in installed packages:
--- /tmp/tmp.dE6K4maS7D/installed-pkgs-pre-update.txt	2024-02-08 15:35:45.035993854 +0000
+++ /tmp/tmp.dE6K4maS7D/installed-pkgs-post-update.txt	2024-02-08 15:47:52.767865818 +0000
@@ -71,6 +71,16 @@
 app-text/po4a-0.69::gentoo
 app-text/sgml-common-0.6.3-r7::gentoo
 app-text/xmlto-0.0.28-r10::gentoo
+dev-build/autoconf-2.71-r6::gentoo
+dev-build/autoconf-archive-2023.02.20::gentoo
+dev-build/autoconf-wrapper-20221207-r1::gentoo
+dev-build/automake-1.16.5-r1::gentoo
+dev-build/automake-wrapper-20221207::gentoo
+dev-build/gtk-doc-am-1.33.2::gentoo
+dev-build/libtool-2.4.7-r1::gentoo
+dev-build/make-4.4.1-r1::gentoo
+dev-build/meson-1.1.1::gentoo
+dev-build/meson-format-array-0::gentoo
 dev-db/sqlite-3.42.0::gentoo
 dev-lang/lua-5.1.5-r200::gentoo
 dev-lang/luajit-2.1.0_beta3_p20220613::gentoo
@@ -102,7 +112,7 @@
 dev-libs/mpfr-4.2.0_p9::gentoo
 dev-libs/nettle-3.9.1::gentoo
 dev-libs/npth-1.6-r1::gentoo
-dev-libs/openssl-1.1.1u::gentoo
+dev-libs/openssl-1.1.1w::gentoo
 dev-libs/popt-1.19::gentoo
 dev-lua/lpeg-1.0.2-r101::gentoo
 dev-lua/lua-bit32-5.3.5.1-r1::gentoo
@@ -215,10 +225,7 @@
 dev-python/zipp-3.15.0::gentoo
 dev-util/direnv-2.32.2::eessi
 dev-util/gperf-3.1-r1::gentoo
-dev-util/gtk-doc-am-1.33.2::gentoo
 dev-util/hermes-2.9::gentoo
-dev-util/meson-1.1.1::gentoo
-dev-util/meson-format-array-0::gentoo
 dev-util/patchelf-0.18.0::gentoo
 dev-util/pkgconf-1.8.1::gentoo
 dev-util/re2c-2.2::gentoo
@@ -271,11 +278,6 @@
 sys-auth/passwdqc-2.0.2-r1::gentoo
 sys-cluster/lmod-8.7.23::gentoo
 sys-cluster/rdma-core-45.0::gentoo
-sys-devel/autoconf-2.71-r6::gentoo
-sys-devel/autoconf-archive-2023.02.20::gentoo
-sys-devel/autoconf-wrapper-20221207-r1::gentoo
-sys-devel/automake-1.16.5-r1::gentoo
-sys-devel/automake-wrapper-20221207::gentoo
 sys-devel/bc-1.07.1-r6::gentoo
 sys-devel/binutils-2.40-r5::gentoo
 sys-devel/binutils-config-5.5::gentoo
@@ -285,16 +287,14 @@
 sys-devel/gcc-config-2.11::gentoo
 sys-devel/gettext-0.21.1::gentoo
 sys-devel/gnuconfig-20230121::gentoo
-sys-devel/libtool-2.4.7-r1::gentoo
 sys-devel/m4-1.4.19-r2::gentoo
-sys-devel/make-4.4.1-r1::gentoo
 sys-devel/patch-2.7.6-r5::gentoo
 sys-fs/e2fsprogs-1.47.0-r1::gentoo
 sys-fs/udev-init-scripts-35::gentoo
-sys-kernel/installkernel-gentoo-7::gentoo
+sys-kernel/installkernel-7::gentoo
 sys-kernel/linux-headers-6.3::gentoo
 sys-libs/gdbm-1.23::gentoo
-sys-libs/glibc-2.37-r7::gentoo
+sys-libs/glibc-2.37-r10::gentoo
 sys-libs/libcap-2.69::gentoo
 sys-libs/libseccomp-2.5.4::gentoo
 sys-libs/libxcrypt-4.4.35::gentoo
@@ -302,7 +302,7 @@
 sys-libs/pam-1.5.3::gentoo
 sys-libs/readline-8.2_p1::gentoo
 sys-libs/timezone-data-2023c::gentoo
-sys-libs/zlib-1.2.13-r1::gentoo
+sys-libs/zlib-1.2.13-r2::gentoo
 sys-process/numactl-2.0.16::gentoo
 sys-process/procps-3.3.17-r1::gentoo
 sys-process/psmisc-23.6::gentoo

diff for aarch64

diff in installed packages:
--- /tmp/tmp.qGJcbJ7pCs/installed-pkgs-pre-update.txt	2024-02-08 15:35:57.772342598 +0000
+++ /tmp/tmp.qGJcbJ7pCs/installed-pkgs-post-update.txt	2024-02-08 15:52:50.518865486 +0000
@@ -71,6 +71,16 @@
 app-text/po4a-0.69::gentoo
 app-text/sgml-common-0.6.3-r7::gentoo
 app-text/xmlto-0.0.28-r10::gentoo
+dev-build/autoconf-2.71-r6::gentoo
+dev-build/autoconf-archive-2023.02.20::gentoo
+dev-build/autoconf-wrapper-20221207-r1::gentoo
+dev-build/automake-1.16.5-r1::gentoo
+dev-build/automake-wrapper-20221207::gentoo
+dev-build/gtk-doc-am-1.33.2::gentoo
+dev-build/libtool-2.4.7-r1::gentoo
+dev-build/make-4.4.1-r1::gentoo
+dev-build/meson-1.1.1::gentoo
+dev-build/meson-format-array-0::gentoo
 dev-db/sqlite-3.42.0::gentoo
 dev-lang/lua-5.1.5-r200::gentoo
 dev-lang/luajit-2.1.0_beta3_p20220613::gentoo
@@ -102,7 +112,7 @@
 dev-libs/mpfr-4.2.0_p9::gentoo
 dev-libs/nettle-3.9.1::gentoo
 dev-libs/npth-1.6-r1::gentoo
-dev-libs/openssl-1.1.1u::gentoo
+dev-libs/openssl-1.1.1w::gentoo
 dev-libs/popt-1.19::gentoo
 dev-lua/lpeg-1.0.2-r101::gentoo
 dev-lua/lua-bit32-5.3.5.1-r1::gentoo
@@ -215,10 +225,7 @@
 dev-python/zipp-3.15.0::gentoo
 dev-util/direnv-2.32.2::eessi
 dev-util/gperf-3.1-r1::gentoo
-dev-util/gtk-doc-am-1.33.2::gentoo
 dev-util/hermes-2.9::gentoo
-dev-util/meson-1.1.1::gentoo
-dev-util/meson-format-array-0::gentoo
 dev-util/patchelf-0.18.0::gentoo
 dev-util/pkgconf-1.8.1::gentoo
 dev-util/re2c-2.2::gentoo
@@ -271,11 +278,6 @@
 sys-auth/passwdqc-2.0.2-r1::gentoo
 sys-cluster/lmod-8.7.23::gentoo
 sys-cluster/rdma-core-45.0::gentoo
-sys-devel/autoconf-2.71-r6::gentoo
-sys-devel/autoconf-archive-2023.02.20::gentoo
-sys-devel/autoconf-wrapper-20221207-r1::gentoo
-sys-devel/automake-1.16.5-r1::gentoo
-sys-devel/automake-wrapper-20221207::gentoo
 sys-devel/bc-1.07.1-r6::gentoo
 sys-devel/binutils-2.40-r5::gentoo
 sys-devel/binutils-config-5.5::gentoo
@@ -285,17 +287,15 @@
 sys-devel/gcc-config-2.11::gentoo
 sys-devel/gettext-0.21.1::gentoo
 sys-devel/gnuconfig-20230121::gentoo
-sys-devel/libtool-2.4.7-r1::gentoo
 sys-devel/m4-1.4.19-r2::gentoo
-sys-devel/make-4.4.1-r1::gentoo
 sys-devel/patch-2.7.6-r5::gentoo
 sys-fabric/opa-psm2-11.2.205::eessi
 sys-fs/e2fsprogs-1.47.0-r1::gentoo
 sys-fs/udev-init-scripts-35::gentoo
-sys-kernel/installkernel-gentoo-7::gentoo
+sys-kernel/installkernel-7::gentoo
 sys-kernel/linux-headers-6.3::gentoo
 sys-libs/gdbm-1.23::gentoo
-sys-libs/glibc-2.37-r7::gentoo
+sys-libs/glibc-2.37-r10::gentoo
 sys-libs/libcap-2.69::gentoo
 sys-libs/libseccomp-2.5.4::gentoo
 sys-libs/libxcrypt-4.4.35::gentoo
@@ -303,7 +303,7 @@
 sys-libs/pam-1.5.3::gentoo
 sys-libs/readline-8.2_p1::gentoo
 sys-libs/timezone-data-2023c::gentoo
-sys-libs/zlib-1.2.13-r1::gentoo
+sys-libs/zlib-1.2.13-r2::gentoo
 sys-process/numactl-2.0.16::gentoo
 sys-process/procps-3.3.17-r1::gentoo
 sys-process/psmisc-23.6::gentoo

…ib, make comments clearer

boegel · 2024-02-08T20:06:35Z

Problem with CI should be fixed with ~~#198~~ #196

boegel · 2024-02-09T07:55:48Z

staging PRs merged

…c_zlib_glsa

bedroge added 2 commits February 2, 2024 16:33

script for updating zlib and glibc

6b40c49

unmask openssl 1.1.x and update to 1.1.1w

e731213

bedroge changed the title ~~Script for updating openssl, zlib, glibc in software.eessi.io~~ Script for updating openssl, zlib, glibc in software.eessi.io version 2023.06 Feb 6, 2024

boegel reviewed Feb 8, 2024

View reviewed changes

scripts/update-pkgs-EESSI.IO-2023.06_2024-01-31.sh Outdated Show resolved Hide resolved

bedroge added 2 commits February 8, 2024 16:29

upgrade zlib before switching to new commit

97373b1

add code for updating eessi overlay

2cd0deb

explicit commit for checkout that contains the required version of zl…

22ce97d

…ib, make comments clearer

boegel mentioned this pull request Feb 8, 2024

run tests for compat layer with software.eessi.io #198

Closed

bedroge added the 2023.06-software.eessi.io 2023.06 version of software.eessi.io label Feb 9, 2024

Merge branch 'main' of github.com:EESSI/compatibility-layer into glib…

cef25c1

…c_zlib_glsa

boegel approved these changes Feb 9, 2024

View reviewed changes

boegel merged commit 34f67e6 into EESSI:main Feb 9, 2024
3 checks passed

bedroge deleted the glibc_zlib_glsa branch February 9, 2024 10:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Script for updating `openssl`, `zlib`, `glibc` in `software.eessi.io` version 2023.06 #197

Script for updating `openssl`, `zlib`, `glibc` in `software.eessi.io` version 2023.06 #197

bedroge commented Feb 6, 2024 •

edited

Loading

eessi-bot bot commented Feb 6, 2024

boegel commented Feb 8, 2024

bedroge commented Feb 8, 2024

boegel commented Feb 8, 2024 •

edited

Loading

boegel commented Feb 9, 2024

Script for updating openssl, zlib, glibc in software.eessi.io version 2023.06 #197

Script for updating openssl, zlib, glibc in software.eessi.io version 2023.06 #197

Conversation

bedroge commented Feb 6, 2024 • edited Loading

eessi-bot bot commented Feb 6, 2024

boegel commented Feb 8, 2024

bedroge commented Feb 8, 2024

boegel commented Feb 8, 2024 • edited Loading

boegel commented Feb 9, 2024

Script for updating `openssl`, `zlib`, `glibc` in `software.eessi.io` version 2023.06 #197

Script for updating `openssl`, `zlib`, `glibc` in `software.eessi.io` version 2023.06 #197

bedroge commented Feb 6, 2024 •

edited

Loading

boegel commented Feb 8, 2024 •

edited

Loading