GNU bug report logs - #66197
[PATCH] gnu: openssl-1.1: replace with 1.1.1w.

Previous Next

To reply to this bug, email your comments to 66197 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Christopher Baines <mail <at> cbaines.net>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: openssl-1.1: replace with 1.1.1w.
Date: Mon, 25 Sep 2023 20:50:50 +0100

From: Sevan Janiyan <venture37 <at> geeklan.co.uk>

Address various CVEs.

* gnu/packages/tls.scm (openssl/fixed): Update to 1.1.1w.
(openssl-1.1)[replacement]: Use openssl/fixed
---
 gnu/packages/tls.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b669ac2e8d..6a26abd6c5 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -426,6 +426,7 @@ (define-public openssl-1.1
   (package
     (name "openssl")
     (version "1.1.1q")
+    (replacement openssl/fixed)
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -552,7 +553,7 @@ (define openssl/fixed
   (package
     (inherit openssl-1.1)
     (name "openssl")
-    (version "1.1.1t")
+    (version "1.1.1w")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -565,7 +566,7 @@ (define openssl/fixed
               (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
               (sha256
                (base32
-                "0fwxhlv7ary9nzg5mx07x1jj3wkbizxh56qy7l6bzp5iplj9pvld"))))))
+                "1j3anw4554lk3m9cvjngvh1c2gbdkhgiz160jnnm7n5l1jarhc6g"))))))
 
 (define-public openssl-3.0
   (package

base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac
-- 
2.41.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.