From 590bdc149b28e03cfd1668e8026919e89e61f00f Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 27 Mar 2018 16:01:56 -0400 Subject: gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2o): New variable. --- gnu/packages/tls.scm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 74843c0a96..79bf884259 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -255,6 +255,7 @@ required structures.") (define-public openssl (package (name "openssl") + (replacement openssl-1.0.2o) (version "1.0.2n") (source (origin (method url-fetch) @@ -399,6 +400,27 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) +(define openssl-1.0.2o + (package + (inherit openssl) + (name "openssl") + (version "1.0.2o") + (source (origin + (inherit (package-source openssl)) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc")) + ;; Erase the inherited snippet, which isn't applicable to + ;; OpenSSL 1.0.2o. + (snippet #f))))) + (define-public openssl-next (package (inherit openssl) -- cgit v1.2.3