From 3c1d2981ff0cc63c74d10e78fe9e2b056e9f4ac0 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 3 May 2016 13:06:00 -0400 Subject: gnu: openssl: Replace with 1.0.2h [security fixes]. Fixes CVE-2016-{2105,2106,2107,2109,2176}. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl/fixed): New variable. --- gnu/packages/tls.scm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0f4441d70c..6685ee0349 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -198,6 +198,7 @@ required structures.") (package (name "openssl") (version "1.0.2g") + (replacement openssl/fixed) (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -298,6 +299,25 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define openssl/fixed + (package + (inherit openssl) + (source + (let ((name "openssl") + (version "1.0.2h")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))))) + (define-public libressl (package (name "libressl") -- cgit v1.2.3