From 544db93cafc3e0bf9a89623b8fed3a169958c1d3 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 26 Jan 2017 14:19:35 -0500 Subject: gnu: openssl: Replace with openssl-1.0.2k [security fixes]. Fix CVE-2016-7055 and CVE-2017-{3731,3732}. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2k): New variable. (openssl-next)[replacement]: New field. Signed-off-by: Marius Bakke --- gnu/packages/tls.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 252e53c840..0dd431cf99 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -244,6 +244,7 @@ required structures.") (define-public openssl (package (name "openssl") + (replacement openssl-1.0.2k) (version "1.0.2j") (source (origin (method url-fetch) @@ -381,9 +382,29 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define openssl-1.0.2k + (package + (inherit openssl) + (name "openssl") + (version "1.0.2k") + (source + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch")))))) + (define-public openssl-next (package (inherit openssl) + (replacement #f) (name "openssl") (version "1.1.0c") (source (origin -- cgit 1.4.1