You are not logged in.

#1 2021-06-03 08:05:15

pfilz0
Member
Registered: 2015-03-26
Posts: 17

[SOLVED] python-tensorflow-cuda denpends on openssl-1.0

Is this dependency really necessary? openssl-1.0 suffers from (extracted with arch-audit): denial of service, multiple issues, private key recovery.

would be nice if there's some way to get this to work with openssl-1.1

Last edited by pfilz0 (2021-06-03 09:36:45)

Offline

#2 2021-06-03 08:10:56

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: [SOLVED] python-tensorflow-cuda denpends on openssl-1.0

Offline

#3 2021-06-03 08:19:01

pfilz0
Member
Registered: 2015-03-26
Posts: 17

Re: [SOLVED] python-tensorflow-cuda denpends on openssl-1.0

Thanks for the links, it seems indeed that there was a problem with BoringSSL which was fixed by adding the openssl-1.0 dependency.

But this could still be changed to v1.1, right?

Offline

#4 2021-06-03 08:26:09

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: [SOLVED] python-tensorflow-cuda denpends on openssl-1.0

Try rebuilding with that change and see what happens.
You could also patch openssl1.0 with the fixes from https://bugs.archlinux.org/task/67858#comment197269 which should address all the current know security issues with the package.
It does not include a fix for CVE-2021-23839 as the package was not built with SSL2 support so is not vulnerable.

Offline

#5 2021-06-03 09:28:17

pfilz0
Member
Registered: 2015-03-26
Posts: 17

Re: [SOLVED] python-tensorflow-cuda denpends on openssl-1.0

I've applied your diff and recompiled the openssl-1.0 package. That seems to be the simplest way to go. Thanks for the quick solution.

Offline

Board footer

Powered by FluxBB