[bug#46600] [PATCH] gnu: OpenSSL: Update to 1.1.1j [fixes CVE-2021-{23840, 23841}].

[Leo Famulari]

There is no fix for these issues available for OpenSSL 1.0.2.

* gnu/packages/tls.scm (openssl-1.1.1j): New variable.
(openssl)[replacement]: New field.
---
 gnu/packages/tls.scm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 775e915534..e00ec90221 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -287,6 +287,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl-1.1.1j)
    (version "1.1.1i")
    (source (origin
              (method url-fetch)
@@ -419,6 +420,24 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/";)))
 
+(define-public openssl-1.1.1j
+  (package
+    (inherit openssl)
+    (version "1.1.1j")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append 
"https://www.openssl.org/source/openssl-";
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/";
+                                        "openssl-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/";
+                                        (string-trim-right version 
char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+              (sha256
+               (base32
+                "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))))
+
 (define-public openssl-1.0
   (package
     (inherit openssl)
-- 
2.30.1