diff mbox series

[bug#46600] gnu: OpenSSL: Update to 1.1.1j [fixes CVE-2021-{23840, 23841}].

Message ID f21e6116e5ed7d5b003cb21b32d62312ba312070.1613595868.git.leo@famulari.name
State New
Headers show
Series [bug#46600] gnu: OpenSSL: Update to 1.1.1j [fixes CVE-2021-{23840, 23841}]. | expand

Checks

Context Check Description
cbaines/submitting builds success
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch success View Laminar job
cbaines/issue success View issue

Commit Message

Leo Famulari Feb. 17, 2021, 9:04 p.m. UTC
There is no fix for these issues available for OpenSSL 1.0.2.

* gnu/packages/tls.scm (openssl-1.1.1j): New variable.
(openssl)[replacement]: New field.
---
 gnu/packages/tls.scm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
diff mbox series

Patch

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 775e915534..e00ec90221 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -287,6 +287,7 @@  required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl-1.1.1j)
    (version "1.1.1i")
    (source (origin
              (method url-fetch)
@@ -419,6 +420,24 @@  required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
+(define-public openssl-1.1.1j
+  (package
+    (inherit openssl)
+    (version "1.1.1j")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/"
+                                        "openssl-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+              (sha256
+               (base32
+                "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))))
+
 (define-public openssl-1.0
   (package
     (inherit openssl)