TakeV/guix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-2021-3450].

Browse source 
* gnu/packages/tls.scm (openssl-1.1.1k): New variable.
(openssl)[replacement]: New field.
This commit is contained in:
Marius Bakke 2021-05-23 14:20:34 +02:00
parent dbcf2b61b1
commit 250a216cdc
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
1 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
gnu/packages/tls.scm
View file

@ -9,7 +9,7 @@
;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke <marius@gnu.org>
;;; Copyright © 20172019, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
@ -289,6 +289,7 @@ (define-public openssl
(package
(name "openssl")
(version "1.1.1j")
(replacement openssl-1.1.1k)
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@ -422,6 +423,25 @@ (define-public openssl
(license license:openssl)
(home-page "https://www.openssl.org/")))
;; Replacement package to fix CVE-2021-3449 and CVE-2021-3450.
(define openssl-1.1.1k
(package
(inherit openssl)
(version "1.1.1k")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/"
"openssl-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/openssl-" version ".tar.gz")))
(patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
"1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
(define-public openssl-1.0
(package
(inherit openssl)