diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2016-03-01 15:57:37 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2016-03-01 16:00:46 +0100 |
| commit | caeadfddb01d2cda19d2f761ba9906ef8f162173 (patch) | |
| tree | 35809fd6d97c5975948e3cb76c69a150cb8a2f82 /gnu/packages/tls.scm | |
| parent | c22a1324e64d6906be5e9a8e64b8716ad763434a (diff) | |
| download | guix-caeadfddb01d2cda19d2f761ba9906ef8f162173.tar guix-caeadfddb01d2cda19d2f761ba9906ef8f162173.tar.gz | |
gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].
See <http://openssl.org/news/secadv/20160301.txt>.
Also fixes <http://bugs.gnu.org/22831>.
* gnu/packages/patches/openssl-c-rehash-in.patch: New file.
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2g): New variable.
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 57f0ca1114..dc27366448 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> @@ -179,6 +179,7 @@ required structures.") (define-public openssl (package + (replacement openssl-1.0.2g) (name "openssl") (version "1.0.2f") (source (origin @@ -282,6 +283,26 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define openssl-1.0.2g + (package + (inherit openssl) + (replacement #f) + (source + (let ((name "openssl") (version "1.0.2g")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + (patches (map search-patch + '("openssl-runpath.patch" + "openssl-c-rehash-in.patch")))))))) + (define-public libressl (package (name "libressl") |