Upgrade open SSL to 1.1.1n

[Forge36]

There is one security issues in OpenSSL 1.1.1

• (CVE-2022-0778) [High severity]

Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli (CVE-2022-0778)

https://www.openssl.org/news/openssl-1.1.1-notes.html

#4820 is updating to 1.1.1l

[hgy59]

update is now merged into master.
Packages depending on cross/openssl:

• ffmpeg
• aria2
• bazarr
• beets
• borgbackup
• boxbackup-client
• deluge
• domoticz
• duplicity
• ejabberd
• erlang
• ffsync
• flexget
• fossil-scm
• git
• haproxy
• homeassistant
• icecast
• irssi
• itools
• jackett
• kiwix
• memcached
• mercurial
• monit
• mosh
• mosquitto
• mtproxy
• mutt
• ntopng
• nzbdrone
• octoprint
• prowlarr
• python
• python2
• python3
• python310
• python38
• rdiff-backup
• ruby
• rutorrent
• sabnzbd
• salt-master
• salt-minion
• shairport-sync
• sickchill
• sonarr
• squidguard
• stunnel
• synocli-disk
• synocli-file
• synocli-monitor
• synocli-net
• transmission
• tvheadend
• vim
• znc

[BenjV]

Maybe a good moment to switch to OpenSSL 3.0.2 for recent packages like python 3.10
The 1.1.1 version is in maintenance mode and the support will stop next year.

See:
https://www.ssltrust.com.au/blog/openssl-3-what-to-know#:~:text=In%20fact%2C%20OpenSSL%201.1.,and%20is%20NOT%20backwards%20compatible.

EDIT:
Forget this, even python is not yet ready to be used with OpenSSL 3.0

[Forge36]

Another CVE :(
https://www.openssl.org/news/vulnerabilities.html#CVE-2022-1292

Fixed in
"1.1.1o"
https://www.openssl.org/news/openssl-1.1.1-notes.html#:~:text=1.1.1n%20and%20OpenSSL-,1.1.1o,-%5B3%20May%202022

[hgy59]

@Forge36 we already update openssl to v1.1.1o in #5266.
All packages released after May 12, 2022 are built with v1.1.1o.

[Forge36]

Thanks! Should this be closed or updated in some way?

[hgy59]

closing this, as openssl is already updated to 1.1.1o with #5266 and #5324 will update to openssl v1.1.1p.