From 1df4f5c919937b60bfb21ac2a60d8f0a6737c421 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 2 Nov 2017 22:11:25 +0100 Subject: gnu: openssl@1.0: Replace with 1.0.2m [fixes CVE-2017-3735, CVE-2017-2736]. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2m): New public variable. --- gnu/packages/tls.scm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'gnu/packages') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 075ea7a1c2..7611d4ec35 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -245,6 +245,7 @@ (define-public openssl (package (name "openssl") (version "1.0.2l") + (replacement openssl-1.0.2m) (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -387,6 +388,25 @@ (define-public openssl (license license:openssl) (home-page "http://www.openssl.org/"))) +;; Fixes CVE-2017-3735 and CVE-2017-3736. +;; See . +(define-public openssl-1.0.2m + (package + (inherit openssl) + (version "1.0.2m") + (source (origin + (inherit (package-source openssl)) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (sha256 + (base32 + "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc")))))) + (define-public openssl-next (package (inherit openssl) -- cgit v1.2.3