From c3e9967be2f45c8ea524c9a208f1d5b36a3c204e Mon Sep 17 00:00:00 2001
From: Jean-Baptiste VESLIN <19856429+thebaptiste@users.noreply.github.com>
Date: Fri, 6 Sep 2024 21:41:52 +0200
Subject: [PATCH] feat: bump openssl to 3.3.2 (fix CVE-2024-6119 and
 CVE-2024-5535) (#1942)

---
 .metwork-framework/components.md            | 2 +-
 layers/layer0_core/0025_openssl/Makefile.mk | 6 +++---
 layers/layer0_core/0025_openssl/sources     | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.metwork-framework/components.md b/.metwork-framework/components.md
index 271dd6ae..7b7b2331 100644
--- a/.metwork-framework/components.md
+++ b/.metwork-framework/components.md
@@ -155,7 +155,7 @@
 | [openjdk](https://adoptopenjdk.net) | 11.0.5+10 | java |
 | [openldap](https://www.openldap.org/) | 2.6.8 | core |
 | [openresty](http://openresty.org) | 1.15.8.4 | openresty |
-| [openssl](https://www.openssl.org/) | 3.3.1 | core |
+| [openssl](https://www.openssl.org/) | 3.3.2 | core |
 | [opinionated_configparser](https://github.com/metwork-framework/opinionated_configparser) | 1.0.1 | python3 |
 | [packaging](https://pypi.org/project/packaging) | 23.1 | python3_core |
 | [paginate](https://github.com/Signum/paginate) | 0.5.6 | python3_devtools |
diff --git a/layers/layer0_core/0025_openssl/Makefile.mk b/layers/layer0_core/0025_openssl/Makefile.mk
index 66ae597d..951759ef 100644
--- a/layers/layer0_core/0025_openssl/Makefile.mk
+++ b/layers/layer0_core/0025_openssl/Makefile.mk
@@ -2,10 +2,10 @@ include ../../../adm/root.mk
 include ../../package.mk
 
 export NAME=openssl
-export VERSION=3.3.1
+export VERSION=3.3.2
 export EXTENSION=tar.gz
 export CHECKTYPE=MD5
-export CHECKSUM=8a4342b399c18f870ca6186299195984
+export CHECKSUM=015fca2692596560b6fe8a2d8fecd84b
 DESCRIPTION=\
 OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the TLS (formerly SSL), DTLS and QUIC protocols
 WEBSITE=https://www.openssl.org/
@@ -15,4 +15,4 @@ all:: $(PREFIX)/lib/libssl.so
 $(PREFIX)/lib/libssl.so:
 	$(MAKE) --file=../../Makefile.standard PREFIX=$(PREFIX) OPTIONS="--libdir=lib no-docs" download uncompress Configure build install
 	rm -f $(PREFIX)/lib/libssl.a $(PREFIX)/lib/libcrypto.a
-	cd $(PREFIX)/ssl && ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem cert.pem
+	cd $(PREFIX)/ssl && rm -f cert.pem && ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem cert.pem
diff --git a/layers/layer0_core/0025_openssl/sources b/layers/layer0_core/0025_openssl/sources
index 38f61652..7ec5f537 100644
--- a/layers/layer0_core/0025_openssl/sources
+++ b/layers/layer0_core/0025_openssl/sources
@@ -1 +1 @@
-https://github.com/openssl/openssl/releases/download/openssl-3.3.1/openssl-3.3.1.tar.gz
+https://github.com/openssl/openssl/releases/download/openssl-3.3.2/openssl-3.3.2.tar.gz