gnu: openssl: Fix CVE-2019-1559.

* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl/fixed): New variable.
(openssl-next)[inherit]: Inherit from it instead.
* gnu/packages/patches/openssl-CVE-2019-1559.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

1 files changed, 12 insertions, 2 deletions

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c10b1a5320..6e91a46608 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -10,7 +10,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
@@ -271,6 +271,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl/fixed)
    (version "1.0.2p")
    (source (origin
              (method url-fetch)
@@ -399,9 +400,18 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
+(define-public openssl/fixed
+  (hidden-package
+   (package
+     (inherit openssl)
+     (source (origin
+               (inherit (package-source openssl))
+               (patches (append (origin-patches (package-source openssl))
+                                (search-patches "openssl-CVE-2019-1559.patch"))))))))
+
 (define-public openssl-next
   (package
-    (inherit openssl)
+    (inherit openssl/fixed)
     (name "openssl")
     (version "1.1.1a")
     (source (origin