diff options
-rw-r--r-- | gnu/packages/tls.scm | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 075ea7a1c2..7611d4ec35 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -245,6 +245,7 @@ required structures.") (package (name "openssl") (version "1.0.2l") + (replacement openssl-1.0.2m) (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -387,6 +388,25 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +;; Fixes CVE-2017-3735 and CVE-2017-3736. +;; See <https://www.openssl.org/news/cl102.txt>. +(define-public openssl-1.0.2m + (package + (inherit openssl) + (version "1.0.2m") + (source (origin + (inherit (package-source openssl)) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (sha256 + (base32 + "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc")))))) + (define-public openssl-next (package (inherit openssl) |