aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-11-02 22:11:25 +0100
committerMarius Bakke <mbakke@fastmail.com>2017-11-02 22:21:59 +0100
commit1df4f5c919937b60bfb21ac2a60d8f0a6737c421 (patch)
treecaff980894804ee534e44f679ab0f1eb967ba28a
parent22bf67d1f4681a0402deb184cfa6345af2fdfdfc (diff)
downloadguix-1df4f5c919937b60bfb21ac2a60d8f0a6737c421.tar
guix-1df4f5c919937b60bfb21ac2a60d8f0a6737c421.tar.gz
gnu: openssl@1.0: Replace with 1.0.2m [fixes CVE-2017-3735, CVE-2017-2736].
* gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2m): New public variable.
-rw-r--r--gnu/packages/tls.scm20
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 075ea7a1c2..7611d4ec35 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -245,6 +245,7 @@ required structures.")
(package
(name "openssl")
(version "1.0.2l")
+ (replacement openssl-1.0.2m)
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -387,6 +388,25 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
+;; Fixes CVE-2017-3735 and CVE-2017-3736.
+;; See <https://www.openssl.org/news/cl102.txt>.
+(define-public openssl-1.0.2m
+ (package
+ (inherit openssl)
+ (version "1.0.2m")
+ (source (origin
+ (inherit (package-source openssl))
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/openssl-" version ".tar.gz")))
+ (sha256
+ (base32
+ "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))))))
+
(define-public openssl-next
(package
(inherit openssl)