GNU bug report logs - #66198
[PATCH] gnu: openssl-3.0: replace with 3.1.3.

Previous Next

Package: guix-patches;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Mon, 25 Sep 2023 20:18:02 UTC

Severity: normal

Tags: patch

To reply to this bug, email your comments to 66198 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#66198; Package guix-patches. (Mon, 25 Sep 2023 20:18:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Christopher Baines <mail <at> cbaines.net>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 25 Sep 2023 20:18:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Christopher Baines <mail <at> cbaines.net>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: openssl-3.0: replace with 3.1.3.
Date: Mon, 25 Sep 2023 21:17:00 +0100

From: Sevan Janiyan <venture37 <at> geeklan.co.uk>

Address various CVEs.

* gnu/packages/tls.scm (openssl-3.1.3): New variable.
(openssl-3.0)[replacement]: Use it.
---
 gnu/packages/tls.scm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b669ac2e8d..62af3589a7 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -571,6 +571,7 @@ (define-public openssl-3.0
   (package
     (inherit openssl-1.1)
     (version "3.0.8")
+    (replacement openssl-3.1.3)
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -605,6 +606,24 @@ (define-public openssl-3.0
 
 (define-public openssl openssl-3.0)
 
+(define-public openssl-3.1.3
+  (package
+    (inherit openssl-3.0)
+    (version "3.1.3")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/"
+                                        "openssl-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (patches (search-patches "openssl-3.0-c-rehash-in.patch"))
+              (sha256
+               (base32
+                "1xmc5s5ihapvj9k4d33qjch3104zd1c58i3n54sz5rw9plp6lcgh"))))))
+
 (define-public bearssl
   (package
     (name "bearssl")

base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac
-- 
2.41.0
This bug report was last modified 221 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.