From 250a216cdc2d5425ee0053f3e614d54e0fb6aa90 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 23 May 2021 14:20:34 +0200 Subject: gnu: OpenSSL: Replace with 1.1.1k [fixes CVE-2021-3449 and CVE-2021-3450]. * gnu/packages/tls.scm (openssl-1.1.1k): New variable. (openssl)[replacement]: New field. --- gnu/packages/tls.scm | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 1a4e3dc258..174438ad87 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 Nikita ;;; Copyright © 2016 Hartmut Goebel ;;; Copyright © 2017 Ricardo Wurmus -;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke +;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke ;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2017 Rutger Helling ;;; Copyright © 2018 Clément Lassieur @@ -289,6 +289,7 @@ required structures.") (package (name "openssl") (version "1.1.1j") + (replacement openssl-1.1.1k) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -422,6 +423,25 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) +;; Replacement package to fix CVE-2021-3449 and CVE-2021-3450. +(define openssl-1.1.1k + (package + (inherit openssl) + (version "1.1.1k") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (sha256 + (base32 + "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9")))))) + (define-public openssl-1.0 (package (inherit openssl) -- cgit v1.2.3 From 0b70eb03cbcf5df7de9f468d9e2a3b53379779fe Mon Sep 17 00:00:00 2001 From: Solene Rapenne Date: Fri, 28 May 2021 19:05:23 +0200 Subject: gnu: gnutls: Replace with 3.6.16 [fixes CVE-2021-20305]. * gnu/packages/tls.scm (gnutls)[replacement]: New field. (gnutls-3.6.16): New variable. Signed-off-by: Leo Famulari --- gnu/packages/tls.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 174438ad87..55410f3911 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2019 Mathieu Othacehe ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen +;;; Copyright © 2021 Solene Rapenne ;;; ;;; This file is part of GNU Guix. ;;; @@ -165,6 +166,7 @@ living in the same process.") (package (name "gnutls") (version "3.6.15") + (replacement gnutls-3.6.16) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -258,6 +260,22 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +;; Replacement package to fix CVE-2021-20305. +(define gnutls-3.6.16 + (package + (inherit gnutls) + (version "3.6.16") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (patches (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-cross.patch")) + (sha256 + (base32 + "1czk511pslz367shf32f2jvvkp7y1323bcv88c2qng98mj0v6y8v")))))) + (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package/inherit gnutls -- cgit v1.2.3