From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mDpfBRAXJWH+8QAAgWs5BA (envelope-from ) for ; Tue, 24 Aug 2021 17:58:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id gCD/ABAXJWHvfQAAB5/wlQ (envelope-from ) for ; Tue, 24 Aug 2021 15:58:08 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BF4E79087 for ; Tue, 24 Aug 2021 17:58:07 +0200 (CEST) Received: from localhost ([::1]:35376 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mIYoQ-0002Vz-Sb for larch@yhetil.org; Tue, 24 Aug 2021 11:58:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46902) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIYoM-0002Vp-7N for guix-patches@gnu.org; Tue, 24 Aug 2021 11:58:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33511) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mIYoL-0002KF-Vz for guix-patches@gnu.org; Tue, 24 Aug 2021 11:58:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mIYoL-00078x-SZ for guix-patches@gnu.org; Tue, 24 Aug 2021 11:58:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50188] [PATCH] gnu: OpenSSL: Update to 1.1.1l [security fixes]. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 24 Aug 2021 15:58:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 50188 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 50188@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.162982062527384 (code B ref -1); Tue, 24 Aug 2021 15:58:01 +0000 Received: (at submit) by debbugs.gnu.org; 24 Aug 2021 15:57:05 +0000 Received: from localhost ([127.0.0.1]:45057 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mIYnR-00077c-02 for submit@debbugs.gnu.org; Tue, 24 Aug 2021 11:57:05 -0400 Received: from lists.gnu.org ([209.51.188.17]:38766) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mIYnP-00077U-CM for submit@debbugs.gnu.org; Tue, 24 Aug 2021 11:57:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46710) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIYnO-0002Sc-Vr for guix-patches@gnu.org; Tue, 24 Aug 2021 11:57:03 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:46637) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIYnM-0001c9-Rf for guix-patches@gnu.org; Tue, 24 Aug 2021 11:57:02 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7C7755C011D; Tue, 24 Aug 2021 11:56:58 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 24 Aug 2021 11:56:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=+MgDSiQBQxRnok/IGbZhe7g mdZaToiOF/r+wowZTwC0=; b=uCpYF9mAQIE4YB7nqZQzHIfwhPntRjBFYRaUNyt MQosnmiosLS+/oAuWzQgFOctbJC0OIIvTzpuyIpo9oOnlkQZ6mV3KO+sbRAMo9gP JC9k423gZwA+yHjw1dvhgdXm4hbY94TTJLY3ARgm5Mr6JaCPuN2bAM3mxNpfrKEJ +ekQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=+MgDSiQBQxRnok/IG bZhe7gmdZaToiOF/r+wowZTwC0=; b=mGeVAOU4yxpG+3gEDLzlkjntrnbIsORkn C8NNyQEIPlgdkE+0h0X54p/7nUcTKrN3Syx64DxC6krqq7z16UBOHA9u/j1nNfD5 WuI8Wz4afR2lKoZ6HqfnT8vCtqstQXz2uHay5keCeiElCt3PYNrjL3p+wRLhiOsv rOl88ABwIHMMrHi7LXe50tu9//sxoANGaN3lhjVQi3FPps7/WVijFeed1/akUE9D yjFteHCGqaL7siA03rzn8UNvd7S+d7fPgGL8JdEnNEhGW87UtwWEhA/xotfewHIA WO84FSgcdistQkh4BYymA36ugfb+YxAjOXLZpYLnzYDTYQTqziL5A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddruddtjedgleehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi rdhnrghmvgeqnecuggftrfgrthhtvghrnhepffeuheejvdejhfetjeeiieduueehteehtd evkeetfefgffehfeehfedvheegfeehnecuffhomhgrihhnpehophgvnhhsshhlrdhorhhg necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh esfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Tue, 24 Aug 2021 11:56:58 -0400 (EDT) From: Leo Famulari Date: Tue, 24 Aug 2021 11:56:44 -0400 Message-Id: <7632fa06633b1d0c9cdda55b2e69d556f149ea6d.1629820600.git.leo@famulari.name> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=66.111.4.29; envelope-from=leo@famulari.name; helo=out5-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1629820687; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=+MgDSiQBQxRnok/IGbZhe7gmdZaToiOF/r+wowZTwC0=; b=uunVbbFATg7jajvybhl7d6btJ9nxTJcqF/uZg3B7cYdkDigZomZpX38Y/xxVybyshtpdqn rBQXiFV93eOIaJYrtbw7K5Gm+b95IvHegtFwjk7KFndikISM7U/kBQXRgElZuzWb0S5sFF aPY8H2558nYKcJgTOyyklTsXKdF8iMTIuu4GlKTL4NfJjpFDnOOf+EuAWdRmteRcIMk0Ku Mj4fKBPmmN1rvLo8uCRwRqKfuEP3/0Qv4Fhc1BdMAY9oUHCBDSSeOw3KTy7AVjd1LPCHNO FsZddgF53F3SWwZLHiwD0Re/kC2SYsAyokdbVcFLiUedB2WA7lelRR2dhrTPMw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1629820687; a=rsa-sha256; cv=none; b=nZm2gggJGD+tPcAc05VyXjEP2l6Selcxo1LgGlHn1gZmQ1y0vtfwyA2fXhW5t49T9/p33Q Ko2qREB28RhlT/b1KHIVb302o2BK0X56xOUJ3CPjo13W/Kmt/W94maHFrJjiL+s4r4MFoi 27dyJ+WzpQrvqiZ6IzJBwLdt7pY05pdKR0+r3Pn5nbtZHz/W952AwN9O2BX2XXP1yRi4XY gdty1Qtx30+bMwBRGCQ6YW3S3RHlTy0dmGU8KNw5P/2bSqaUu9iWkwokxZ+/fsntEYgWj4 HauYP62RVEhAsOeYvWa50iLN5Efv5NS88G2VJWZf3AnWYUDE20j7pimEXR/6CA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=uCpYF9mA; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=mGeVAOU4; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: 3.58 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=uCpYF9mA; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=mGeVAOU4; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: BF4E79087 X-Spam-Score: 3.58 X-Migadu-Scanner: scn0.migadu.com X-TUID: LqAPdJtysweH https://www.openssl.org/news/secadv/20210824.txt * gnu/packages/tls.scm (openssl)[replacement]: Use openssl-1.1.1l. (openssl-1.1.1k): Replace with ... (openssl-1.1.1l): ... new variable. --- gnu/packages/tls.scm | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index fb7d364c94..154b3dc207 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -356,7 +356,7 @@ required structures.") (package (name "openssl") (version "1.1.1j") - (replacement openssl-1.1.1k) + (replacement openssl-1.1.1l) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -490,11 +490,10 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) -;; Replacement package to fix CVE-2021-3449 and CVE-2021-3450. -(define openssl-1.1.1k +(define openssl-1.1.1l (package (inherit openssl) - (version "1.1.1k") + (version "1.1.1l") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -507,7 +506,7 @@ required structures.") (patches (search-patches "openssl-1.1-c-rehash-in.patch")) (sha256 (base32 - "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9")))))) + "1lbblxps2fhmz7bqh058iywh5wxfignbfx1s1kz2fj63b5g3wyhb")))))) ;; We will not add any new uses of this package. If you add new code that uses ;; this package, your change will be reverted! -- 2.32.0