aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-10-13 20:50:18 +0200
committerMarius Bakke <mbakke@fastmail.com>2019-10-13 22:49:16 +0200
commitd6718086f8904c72eb97a8c274cd156a9c08072a (patch)
tree18b4280005adf4d861141a8a76123908686fbda4
parent0475c88d6f751eac63a928e3a4fd367f2251eb89 (diff)
downloadguix-d6718086f8904c72eb97a8c274cd156a9c08072a.tar.gz
guix-d6718086f8904c72eb97a8c274cd156a9c08072a.zip
gnu: OpenSSL@1.0: Replace with 1.0.2t [fixes CVE-2019-1547, CVE-2019-1563].
* gnu/packages/tls.scm (openssl-1.0.2t): New variable. (openssl-1.0)[replacement]: New field.
-rw-r--r--gnu/packages/tls.scm22
1 files changed, 22 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c45767c1b3..2def6ee703 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -392,6 +392,7 @@ required structures.")
(inherit openssl)
(name "openssl")
(version "1.0.2s")
+ (replacement openssl-1.0.2t)
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -473,6 +474,27 @@ required structures.")
,version "/misc"))
#t)))))))))
+(define openssl-1.0.2t
+ (package
+ (inherit openssl)
+ (version "1.0.2t")
+ (source (origin
+ (inherit (package-source openssl-1.0))
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ "openssl-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/openssl-" version ".tar.gz")))
+ (sha256
+ (base32
+ "1g67ra0ph7gpz6fgvv1i96d792jmd6ymci5kk53vbikszr74djql"))))
+ (arguments
+ (substitute-keyword-arguments (package-arguments openssl-1.0)
+ ;; Parallel build is not supported in 1.0.x.
+ ((#:parallel-build? _ #f) #f)))))
+
(define-public libressl
(package
(name "libressl")