Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CHANGELOG entry for OpenSSL 1.1.1x #8485

Open
alex-rowe opened this issue Jan 19, 2024 · 3 comments
Open

Add CHANGELOG entry for OpenSSL 1.1.1x #8485

alex-rowe opened this issue Jan 19, 2024 · 3 comments
Labels
feature-request A feature should be added or improved. needs-review This issue or pull request needs review from a core team member. p2 This is a standard priority issue source-distribution cli v2 source distritbution related issues

Comments

@alex-rowe
Copy link

Describe the issue

The Linux ARM/aarch64 version of AWS CLI v2 in 2.15.11 has OpenSSL 1.1.1u in both dist/libcrypto.so.1.1 and dist/libssl.so.1.1

Can this be updated to OpenSSL 1.1.1x?

I only found this one the aarch64 version, the files don't exist in the Linux x86_64 version.

Additional Information/Context

None in the x86_64 zip file:

% curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
% unzip awscliv2.zip
% ls -l aws/dist | grep "libcrypto\|libssl" | wc -l
       0

Version in the aarch64 zip file:

% curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"
% unzip awscliv2.zip
% strings aws/dist/libcrypto.so.1.1 | grep "^OpenSSL 1.1.1" 
OpenSSL 1.1.1u  30 May 2023

CLI version used

2.15.11

Environment details (OS name and version, etc.)

Linux aarch64
@alex-rowe alex-rowe added needs-triage This issue or PR still needs to be triaged. source-distribution cli v2 source distritbution related issues labels Jan 19, 2024
@alex-rowe
Copy link
Author

In release 2.15.25 it has a changelog for:

* enhancement:openssl: Update bundled openssl version to 1.1.1w

That resolves one of our issues with the 1.1.1v release, but not the issue with upgrading it to 1.1.1x.

@tim-finnigan tim-finnigan self-assigned this May 14, 2024
@tim-finnigan tim-finnigan added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label May 14, 2024
@tim-finnigan
Copy link
Contributor

Thanks for reporting this issue. Running your script now results in OpenSSL 1.1.1x 30 Jan 2024. A CHANGELOG entry just needs to be added similar to in #7614 and #7991. I'll update this issue title to reflect that.

@tim-finnigan tim-finnigan changed the title OpenSSL 1.1.1u out of date in ARM distributions Add CHANGELOG entry for OpenSSL 1.1.1x May 14, 2024
@tim-finnigan tim-finnigan added feature-request A feature should be added or improved. p3 This is a minor priority issue p2 This is a standard priority issue needs-review This issue or pull request needs review from a core team member. and removed p3 This is a minor priority issue investigating This issue is being investigated and/or work is in progress to resolve the issue. needs-triage This issue or PR still needs to be triaged. labels May 14, 2024
@tim-finnigan tim-finnigan removed their assignment May 14, 2024
@alex-rowe
Copy link
Author

Hi @tim-finnigan Thanks for getting this up to 1.1.1x. Tenable is now producing vulnerabilities for versions before 1.1.1y in https://www.tenable.com/plugins/nessus/192965.

Are there plans to move from x to y soon?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved. needs-review This issue or pull request needs review from a core team member. p2 This is a standard priority issue source-distribution cli v2 source distritbution related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alex-rowe @tim-finnigan