From 250a216cdc2d5425ee0053f3e614d54e0fb6aa90 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 23 May 2021 14:20:34 +0200 Subject: gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-2021-3450]. * gnu/packages/tls.scm (openssl-1.1.1k): New variable. (openssl)[replacement]: New field. --- gnu/packages/tls.scm | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 1a4e3dc258..174438ad87 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 Nikita ;;; Copyright © 2016 Hartmut Goebel ;;; Copyright © 2017 Ricardo Wurmus -;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke +;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke ;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2017 Rutger Helling ;;; Copyright © 2018 Clément Lassieur @@ -289,6 +289,7 @@ required structures.") (package (name "openssl") (version "1.1.1j") + (replacement openssl-1.1.1k) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -422,6 +423,25 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) +;; Replacement package to fix CVE-2021-3449 and CVE-2021-3450. +(define openssl-1.1.1k + (package + (inherit openssl) + (version "1.1.1k") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (sha256 + (base32 + "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9")))))) + (define-public openssl-1.0 (package (inherit openssl) -- cgit v1.2.3