aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2018-03-27 16:01:56 -0400
committerLeo Famulari <leo@famulari.name>2018-03-28 14:07:45 -0400
commit590bdc149b28e03cfd1668e8026919e89e61f00f (patch)
tree5c96266de79324d567cab207d5ecaa8786e3a6a4
parent1cde746700fe633ff338621160e04c3deaf11584 (diff)
downloadguix-590bdc149b28e03cfd1668e8026919e89e61f00f.tar.gz
guix-590bdc149b28e03cfd1668e8026919e89e61f00f.zip
gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
* gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2o): New variable.
-rw-r--r--gnu/packages/tls.scm22
1 files changed, 22 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 74843c0a96..79bf884259 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -255,6 +255,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
+ (replacement openssl-1.0.2o)
(version "1.0.2n")
(source (origin
(method url-fetch)
@@ -399,6 +400,27 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
+(define openssl-1.0.2o
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.0.2o")
+ (source (origin
+ (inherit (package-source openssl))
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+ ;; Erase the inherited snippet, which isn't applicable to
+ ;; OpenSSL 1.0.2o.
+ (snippet #f)))))
+
(define-public openssl-next
(package
(inherit openssl)