--- Begin Message ---
Subject: |
[PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. |
Date: |
Tue, 27 Mar 2018 18:44:31 -0400 |
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2o): New variable.
---
gnu/packages/tls.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 74843c0a9..3f317aa00 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -255,6 +255,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
+ (replacement openssl-1.0.2o)
(version "1.0.2n")
(source (origin
(method url-fetch)
@@ -399,6 +400,29 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
+(define-public openssl-1.0.2o
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.0.2o")
+ (source (origin
+ (inherit (package-source openssl))
+ (uri (list (string-append
"https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version
char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+ ;; Erase the inherited snippet, which isn't applicable to
+ ;; OpenSSL 1.0.2o.
+ (snippet
+ '(begin
+ #t))))))
+
(define-public openssl-next
(package
(inherit openssl)
--
2.16.3
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. |
Date: |
Wed, 28 Mar 2018 14:11:54 -0400 |
User-agent: |
Mutt/1.9.3 (2018-01-21) |
On Wed, Mar 28, 2018 at 05:05:37PM +0200, Ludovic Courtès wrote:
> Hi Leo,
>
> Leo Famulari <address@hidden> skribis:
>
> > * gnu/packages/tls.scm (openssl)[replacement]: New field.
> > (openssl-1.0.2o): New variable.
>
> [...]
>
> > + (uri (list (string-append
> > "https://www.openssl.org/source/openssl-"
> > + version ".tar.gz")
> > + (string-append "ftp://ftp.openssl.org/source/"
> > + name "-" version ".tar.gz")
> > + (string-append "ftp://ftp.openssl.org/source/old/"
> > + (string-trim-right version
> > char-set:letter)
> > + "/" name "-" version ".tar.gz")))
>
> Eventually we should factorize this in an ‘openssl-source-url’ procedure.
Yup :)
> > + (sha256
> > + (base32
> > + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> > + ;; Erase the inherited snippet, which isn't applicable to
> > + ;; OpenSSL 1.0.2o.
> > + (snippet
> > + '(begin
> > + #t))))))
>
> Use (snippet #f) to really annihilate the snippet, otherwise you create
> a snippet that does nothing, yet entails and unpack-and-repack step.
Oh, right :p
Thanks! Pushed as 590bdc149b28e03cfd1668e8026919e89e61f00f
signature.asc
Description: PGP signature
--- End Message ---