[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/06: gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-20
From: |
guix-commits |
Subject: |
03/06: gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-2021-3450]. |
Date: |
Sun, 23 May 2021 11:50:35 -0400 (EDT) |
mbakke pushed a commit to branch master
in repository guix.
commit 250a216cdc2d5425ee0053f3e614d54e0fb6aa90
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Sun May 23 14:20:34 2021 +0200
gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-2021-3450].
* gnu/packages/tls.scm (openssl-1.1.1k): New variable.
(openssl)[replacement]: New field.
---
gnu/packages/tls.scm | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1a4e3dc..174438a 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke <marius@gnu.org>
;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
@@ -289,6 +289,7 @@ required structures.")
(package
(name "openssl")
(version "1.1.1j")
+ (replacement openssl-1.1.1k)
(source (origin
(method url-fetch)
(uri (list (string-append
"https://www.openssl.org/source/openssl-"
@@ -422,6 +423,25 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
+;; Replacement package to fix CVE-2021-3449 and CVE-2021-3450.
+(define openssl-1.1.1k
+ (package
+ (inherit openssl)
+ (version "1.1.1k")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append
"https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ "openssl-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version
char-set:letter)
+ "/openssl-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
+
(define-public openssl-1.0
(package
(inherit openssl)
- branch master updated (d49402a -> 4b08aad), guix-commits, 2021/05/23
- 01/06: gnu: squashfs-tools: Prepare for GCC 10., guix-commits, 2021/05/23
- 03/06: gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-2021-3450].,
guix-commits <=
- 04/06: gnu: libx11: Update replacement to 1.7.1 [fixes CVE-2021-31535]., guix-commits, 2021/05/23
- 02/06: gnu: Fix erroneous uses of 'package/inherit'., guix-commits, 2021/05/23
- 05/06: gnu: notmuch: Update to 0.32.1., guix-commits, 2021/05/23
- 06/06: doc: Correct spelling, guix-commits, 2021/05/23